Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-952

XWS Security SignatureMethod with algorithm Hmac-sha1

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.2.4
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None

      Description

      I have created an XWSSecurityInterceptor with a configurationPolicy within a file named policy.xml.

      When I put
      <xwss:SignatureMethod algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> , then everything went fine and my SOAP message got signed.

      But, when I put
      <xwss:SignatureMethod algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/> then I can see that an EncryptionKeyCallBack was trigged and not a SignatureKeyCallback. And as a result I have a NullPointerException in the SignatureProcessor ( line 408).

      I am quiet sure that a policy file with no <Encrypt> that can somehow find an EncryptionKeyCallBack within it's XWSSecurityInterceptor, means that there is a bug.

      Can anyone see and help me understand what's going on here?

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              WajdiTn Wajdi
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: