[SWS-842] Signature & Binary Security Token Created: 29/Jul/13  Updated: 20/Mar/14  Resolved: 06/Feb/14

Status: Resolved
Project: Spring Web Services
Component/s: None
Affects Version/s: 2.1.3
Fix Version/s: 2.2.RC1

Type: Bug Priority: Major
Reporter: stephane cizeron Assignee: Arjen Poutsma
Resolution: Fixed Votes: 0
Labels: Wss4jSecurityInterceptor, signature
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


When you want to sign the BinarySecurityToken with Wss4jSecurityInterceptor, in a previous version of spring 2.0.x and wss4j (1.5.x), you only had to add a special keyword Token in the signatureParts. Since spring-ws 2.1.x relies on wss4j 1.6.x, this keyword was removed from wss4j and the signature processing failed => Token element not found in the DOM. The current doc makes a reference to the old special keyword. Nowadays, it's impossible to sign the BST. When using STRTransform, we don't sign the BST but just a reference, that's not really the same issue and the signature validation fails on server.

if you have a replacement procedure in order to sign the BST, i will take it quickly.

Best regards

Comment by Arjen Poutsma [ 06/Feb/14 ]

Fixed by removing the paragraph from the documentation.

Generated at Mon Dec 10 12:54:11 UTC 2018 using JIRA 7.9.2#79002-sha1:3bb15b68ecd99a30eb364c4c1a393359bcad6278.