[ http://issues.apache.org/jira/browse/AXIS-2497?page=comments#action_12422091 ] Peter Bacik commented on AXIS-2497: -----------------------------------
I have tried also Axis 1.4 and it behaves exactly the same as Aixis 1.3 > Axis modifies SOAP request making digital signature invalid > ----------------------------------------------------------- > > Key: AXIS-2497 > URL: http://issues.apache.org/jira/browse/AXIS-2497 > Project: Apache Axis > Issue Type: Bug > Components: Basic Architecture > Affects Versions: 1.3 > Environment: Windows XP Pro, SUSE Linux, Tomcat 5.0.28 > Reporter: Peter Bacik > Priority: Critical > > I'm using Apache XMLSec 1.3.0 to validate signature of incoming SOAP requests > on the server side. XMLSec API is invoked from inside of Axis BasicHandler. > Problem is, that Axis modifies the request (removes new lines), which makes > the digest value and therefore also the signature invalid. > DisablePrettyXML flag is set to true. > I sent the same SOAP request to the server using Axis 1.2 and Axis 1.3. > Signature of the message sent to Axis 1.2 was validated successfully, message > sent to Axis 1.3 had invalid signature. > ------ > Message traced on the TCP (I removed the header): > <?xml version="1.0" encoding="UTF-8"?> > <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><soapenv:Header>...</soapenv:Header><soapenv:Body > Id="Body"> > <spml:addRequest xmlns:spml="urn:SPML:2:0"> > <object> > <Key>12345678901234561234567890123456</Key> > <Id>01234567890123456789</Id> > </object> > </spml:addRequest> > </soapenv:Body></soapenv:Envelope> > Message received by Axis 1.2: > <?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><soapenv:Header>...</soapenv:Header><soapenv:Body > Id="Body"> > <spml:addRequest xmlns:spml="urn:SPML:2:0"> > <object> > <Key>12345678901234561234567890123456</Key> > <Id>01234567890123456789</Id> > </object> > </spml:addRequest> > </soapenv:Body></soapenv:Envelope> > Message received by Axis 1.3: > <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><soapenv:Header>...</soapenv:Header><soapenv:Body > Id="Body"><spml:addRequest xmlns:spml="urn:SPML:2:0"> > <object> > <Key>12345678901234561234567890123456</Key> > <Id>01234567890123456789</Id> > </object> > </spml:addRequest></soapenv:Body></soapenv:Envelope> -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
