You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
When you want to sign the BinarySecurityToken with Wss4jSecurityInterceptor, in a previous version of spring 2.0.x and wss4j (1.5.x), you only had to add a special keyword Token in the signatureParts. Since spring-ws 2.1.x relies on wss4j 1.6.x, this keyword was removed from wss4j and the signature processing failed => Token element not found in the DOM. The current doc makes a reference to the old special keyword. Nowadays, it's impossible to sign the BST. When using STRTransform, we don't sign the BST but just a reference, that's not really the same issue and the signature validation fails on server.
if you have a replacement procedure in order to sign the BST, i will take it quickly.
stephane cizeron opened SWS-842 and commented
Hello,
When you want to sign the BinarySecurityToken with Wss4jSecurityInterceptor, in a previous version of spring 2.0.x and wss4j (1.5.x), you only had to add a special keyword Token in the signatureParts. Since spring-ws 2.1.x relies on wss4j 1.6.x, this keyword was removed from wss4j and the signature processing failed => Token element not found in the DOM. The current doc makes a reference to the old special keyword. Nowadays, it's impossible to sign the BST. When using STRTransform, we don't sign the BST but just a reference, that's not really the same issue and the signature validation fails on server.
if you have a replacement procedure in order to sign the BST, i will take it quickly.
Best regards
Affects: 2.1.3
Referenced from: commits 6d3db75
The text was updated successfully, but these errors were encountered: