Hi all, I've some services exposed with CXF 2.7.12, which expects the incoming messages to be signed (the validation is being done in WSS4JInInterceptor). For the client, I'm just using SoapUI 5.
Signature validation is being performed well for any scenario, except for when the body of the SOAP message includes comments. In that case, I'm getting a: org.apache.cxf.binding.soap.SoapFault: The signature or decryption was invalid In order to exclude SoapUI as the cause of the problem, I've tried with exactly the same message twice, once with the comment tag and the other without it. Both messages generates the same signature values, as we are using xml-exc-c14n for canonicalization. However, in the server with CXF, messages with comments fail to validate. If it is not a bug, I'm thinking on things like a weird server encoding configuration, any wrong WSS4J configuration or whatever like that. Can someone realize what may be happening, or did someone face this same problem before? I can post examples of both messages, but I can assure that both makes the same signature, so it's probably unnecessary. Thanks a lot! -- View this message in context: http://cxf.547215.n5.nabble.com/Problem-with-signature-of-message-including-comments-tp5752902.html Sent from the cxf-user mailing list archive at Nabble.com.
