How can I create signatures that don't have XML linefeed characters in them?

The server receiving the transmission is saying that the ampersand or hash
could be the cause of a 'potential threat' fault, as if it could be a SQL
injection error. 

Last year the signatures had no line feeds at all - but there have been
several changes and I'm not sure when it started happening.  (Currently
using CXF 3.2.1, WSSJ 2.2, and Java 1.8 - we had to upgrade to handle a new
requirement for sha-256 instead of sha-1.)

I've tried this (among other things) without success.
        String xmlSec = "org.apache.xml.security.ignoreLineBreaks"; 
        System.setProperty(xmlSec, "true"); 

Is there a cxf or Tomcat config file somewhere I could set this permanently
in?  Or is this a red herring?

Could it be a WsHandler setting? (I've checked them all, don't see any that
would apply.)  Or a mismatch in the versions above?

Thanks for any ideas.

Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Reply via email to