ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <>
Subject [jira] [Closed] (WSS-473) BST signature element
Date Tue, 07 Oct 2014 08:03:34 GMT


Colm O hEigeartaigh closed WSS-473.

> BST signature element
> ---------------------
>                 Key: WSS-473
>                 URL:
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.6.11
>            Reporter: St├ęphane CIZERON
>            Assignee: Colm O hEigeartaigh
>              Labels: BST, signature
>             Fix For: 1.6.12
>   Original Estimate: 2h
>  Remaining Estimate: 2h
> In the 1.5.x versions, when we wanted to sign the BST, we used a special keyword 'Token'
and the signed element was the BST. 
> In 1.6.x, the Token keyword doesn' t exist anymore,  When the Token is used, a general
security error is raised (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found:, Token).
> If we use STRTransform, the validation fails because the signed element is the SecurityTokenReference
and not the BST.
> if we use  {}{}BinarySecurityToken
as WSEncryptionPart, we have the same general error => element not found. I check the,
the BST is appended at the end whereas if it was appened just after the prepare method (line
70), the last issue is OK.
> I tested it and it works, the validation BST signature is OK.
>             wsSign.prepare(doc, reqData.getSigCrypto(), reqData.getSecHeader());
>             wsSign.prependBSTElementToHeader(reqData.getSecHeader());
> Could you tell me first if it's a correct workaround? 
> And in the second time, if the correction could be packaged in the 1.6.12 quickly ?
> Best regards
> St├ęphane

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message