When you want to sign the BinarySecurityToken with Wss4jSecurityInterceptor, in a previous version of spring 2.0.x and wss4j (1.5.x), you only had to add a special keyword Token in the signatureParts. Since spring-ws 2.1.x relies on wss4j 1.6.x, this keyword was removed from wss4j and the signature processing failed => Token element not found in the DOM. The current doc makes a reference to the old special keyword. Nowadays, it's impossible to sign the BST. When using STRTransform, we don't sign the BST but just a reference, that's not really the same issue and the signature validation fails on server.

      if you have a replacement procedure in order to sign the BST, i will take it quickly.

      Best regards


        stephane.cizeron stephane cizeron created issue -
        arjen.poutsma Arjen Poutsma made changes -
        Field Original Value New Value
        Assignee Arjen Poutsma [ arjen.poutsma ]
        arjen.poutsma Arjen Poutsma made changes -
        Fix Version/s 2.1.5 [ 14349 ]
        arjen.poutsma Arjen Poutsma made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        arjen.poutsma Arjen Poutsma made changes -
        Fix Version/s 2.2 [ 12850 ]
        Fix Version/s 2.1.5 [ 14349 ]


          • Assignee:
            arjen.poutsma Arjen Poutsma
            stephane.cizeron stephane cizeron
          • Votes:
            0 Vote for this issue
            2 Start watching this issue


            • Created: