Hi everybody, I post some more information about this issue. Even when I cannot reproduce this in my local environment or with a unit test, it is still happening when I deployed my application on our Websphere 7 App Servers.
I could deploy the application with some more logging and I could see that the main problem is that XML comments are not being just eliminated as I thought, but actually they are being replaced by its inner content (that is, removing just the starting and ending comment tags) somewhere between Message Logging Interceptor and WSS4J In Interceptor, in the incoming interceptor chain. This is what I've tested: In LoggingInInterceptor I can see my incoming message, for example with this in the body: <elem1>data</elem1> Then, after WSS4J signature validation fails, I output the W3CDOMStreamWriter property of message object, and I can see this: <elem1>datatest</elem1> XML Comment tags are being removed, but not its inner content. I think that nothing should be removed, but at least, if all the comment is removed, WSS4J will succesfully validate the signature, as we are using comment excluded canonicalization. I've searched everywhere in this forum and I could just find only this related issue, but without any response: http://cxf.547215.n5.nabble.com/Problem-with-SOAPMessage-and-Comments-tt5732556.html As I cannot reproduce this in my local environment, I can only imagine that my WAS App Server is loading different libraries than I do, probably those referred to XMLStreamReader or XMLStreamWriter. After all, between message logging and WSS4J, we have StaxInInterceptor, SaajPreInInterceptor and inside WSS4J, the getSOAPMessage(msg) method which indeed calls SAAJInInterceptor handleMessage. Can anyone throw some light into this? Thanks in advance, Ariel C. -- View this message in context: http://cxf.547215.n5.nabble.com/Problem-with-signature-of-message-including-comments-tp5752902p5754564.html Sent from the cxf-user mailing list archive at Nabble.com.
