suntsa commented on PR #552: URL: https://github.com/apache/santuario-xml-security-java/pull/552#issuecomment-3728359585
This seems to be the same issue we have been wondering about in our project. We are also using WSS4J for signing attachments and see the warning in logs. We have `org.apache.santuario:xmlsec:4.0.4` and `org.apache.wss4j:wss4j-ws-security-dom:4.0.1`. Let me elaborate a bit on what is happening: `org.apache.wss4j.dom.transform.AttachmentContentSignatureTransform` does the transformation, writes to output stream and returns `null`. Then `org.apache.jcp.xml.dsig.internal.dom.DOMReference#transform` logs the warning because the transformation returned `null`. I find that behaviour strange because the javadoc of `javax.xml.crypto.dsig.Transform#transform(javax.xml.crypto.Data, javax.xml.crypto.XMLCryptoContext, java.io.OutputStream)` says: > Returns: the transformed data (or null if the data was written to the OutputStream parameter) Is there anything we can do differently to avoid the warning or is it, as coheigea suggests, a valid use-case where the `WARNING` logged by santuario is inappropriate? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
