You can't remove line breaks any more in XML Signature for BASE-64 encoded
content. This is because the spec says that:
"The SignatureValue element contains the actual value of the digital
signature; it is always encoded using base64 [RFC2045
and RFC-2045 mandates line breaks.
On Thu, Feb 22, 2018 at 8:04 PM, Guy Ridley <guy.rid...@lunarlogic.com>
> How can I create signatures that don't have XML linefeed characters in
> The server receiving the transmission is saying that the ampersand or hash
> could be the cause of a 'potential threat' fault, as if it could be a SQL
> injection error.
> Last year the signatures had no line feeds at all - but there have been
> several changes and I'm not sure when it started happening. (Currently
> using CXF 3.2.1, WSSJ 2.2, and Java 1.8 - we had to upgrade to handle a new
> requirement for sha-256 instead of sha-1.)
> I've tried this (among other things) without success.
> String xmlSec = "org.apache.xml.security.ignoreLineBreaks";
> System.setProperty(xmlSec, "true");
> Is there a cxf or Tomcat config file somewhere I could set this permanently
> in? Or is this a red herring?
> Could it be a WsHandler setting? (I've checked them all, don't see any that
> would apply.) Or a mismatch in the versions above?
> Thanks for any ideas.
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Colm O hEigeartaigh
Talend Community Coder