Hi, I've got this project where I have to integrate to a web service provided by a local bank. The message format consists of an XML document, called ApplicationRequest, which has to be signed and embedded as a base64binary into the SOAP-message. The SOAP-message is also signed (with the same key). Sounds kinda stupid but there's some legacy stuff involved etc.
Anyway, the problem I have is that I can sign the ApplicationRequest only once. Or, more precisely, I can create a valid signature of the ApplicationRequest only before I make the first call to the web service. After the first call, subsequential signatures won't validate, neither if I try to validate them myself, or at the server. I'm using the basic javax.xml.crypto-packages of the JDK to sign and validate the ApplicationRequest and WSS4JInterceptors to handle the signing of the SOAP-messages. I've created a small project based on the CXF's ws-security samples where the problem can be reproduced. The project is here: https://github.com/tjjalava/ws-security-sample. It's more than likely that I've just done something wrong, since I haven't done much ws-projects in a while, but I just can't figure out why this is happening. So any help or suggestions will be appreciated. - Teppo
