Hello,
How can I create signatures that don't have XML linefeed characters in them?
(
)
The server receiving the transmission is saying that the ampersand or hash
could be the cause of a 'potential threat' fault, as if it could be a SQL
injection error.
Last year the signatures had no line feeds at all - but there have been
several changes and I'm not sure when it started happening. (Currently
using CXF 3.2.1, WSSJ 2.2, and Java 1.8 - we had to upgrade to handle a new
requirement for sha-256 instead of sha-1.)
I've tried this (among other things) without success.
String xmlSec = "org.apache.xml.security.ignoreLineBreaks";
System.setProperty(xmlSec, "true");
Is there a cxf or Tomcat config file somewhere I could set this permanently
in? Or is this a red herring?
Could it be a WsHandler setting? (I've checked them all, don't see any that
would apply.) Or a mismatch in the versions above?
Thanks for any ideas.
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
