[SWS-842] Signature & Binary Security Token Created: 29/Jul/13  Updated: 20/Mar/14  Resolved: 06/Feb/14

Status: Resolved
Project: Spring Web Services
Component/s: None
Affects Version/s: 2.1.3
Fix Version/s: 2.2.RC1

Type: Bug Priority: Major
Reporter: stephane cizeron Assignee: Arjen Poutsma
Resolution: Fixed Votes: 0
Labels: Wss4jSecurityInterceptor, signature
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

Hello,
When you want to sign the BinarySecurityToken with Wss4jSecurityInterceptor, in a previous version of spring 2.0.x and wss4j (1.5.x), you only had to add a special keyword Token in the signatureParts. Since spring-ws 2.1.x relies on wss4j 1.6.x, this keyword was removed from wss4j and the signature processing failed => Token element not found in the DOM. The current doc makes a reference to the old special keyword. Nowadays, it's impossible to sign the BST. When using STRTransform, we don't sign the BST but just a reference, that's not really the same issue and the signature validation fails on server.

if you have a replacement procedure in order to sign the BST, i will take it quickly.

Best regards



 Comments   
Comment by Arjen Poutsma [ 06/Feb/14 ]

Fixed by removing the paragraph from the documentation.

Generated at Thu Dec 14 06:16:37 UTC 2017 using JIRA 6.4.14#64029-sha1:ae256fe0fbb912241490ff1cecfb323ea0905ca5.