The validator will be called each time there is a signature, so yes it will be called twice. If we have two signatures with two different certificates, then the Subject will be created from the first Signature in the header.
Colm. On Wed, Nov 14, 2018 at 9:44 AM vlad.balan <[email protected]> wrote: > Hello > > and thanks for reading. > > When using a policy that has both the main signature and the second > signature through EnorsingSupportingToken, is the > ws-security.signature.validator called twice? > > The question comes after Colm's very useful example project cxf-x509-demo > which illustrates the use of ws-security.signature.validator to register a > custom signature validator (that also creates a Subject from the > certificate..., but that's another thing.) In Colm's example there's just > the EnorsingSupportingToken and its signature, no main signature. > > But i was wondering what happens if we have a policy that also generates a > main signature, will the validator be called twice? How can we distinguish > between the 2 calls to, for example, create the Subject only from the > Endorsing certificate and not from the main certificate? > > > Thanks. > > > > -- > Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
