Jian, Signature as defined by OASIS WSS specifications is based on w3c xmlsec specification. Any modification of the message inside hte <SignedInfo> tag of the request usually cause the verification ot fail. This includes modifications like adding blanks, tabs, newlines etc.
Regards, Werner Fang Jian wrote: > werner, > > I removed the XMLCanonicalizer and used the real > captured XML soap message as the input to the server, > I found that the result is different, this time the > URI verfication is correct, but the XML signature > verification still fails. > > org.apache.xml.security.signature.Reference verify > INFO: Verification successful for URI "#id-3866500" > Oct 12, 2005 11:19:55 AM > com.sun.xml.ws.transport.http.servlet.WSServletDelegate > doPost > SEVERE: caught throwable > java.lang.ExceptionInInitializerError > at > org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:628) > > When WSS4J signs the message, would blank spaces > affect the result? > > Thanks, > > Jian > > >>--- "Dittmann, Werner" <[EMAIL PROTECTED]> >>wrote: >> >> >>>Jian, >>> >>>the request etc seems ok for me. Because it is a >>>verification problem I guess it is a usual problem >>>of some "pretty printing" after the request was >>>signed. >>> >>>If this is the real captured request then I'm >> >>pretty >> >>>sure that some driver, some transport, etc >> >>modified >> >>>the >>>request after it got signed by WSS4J. Very often >> >>we >> >>>see that drivers or XML serializers insert blanks, >>>tabs, >>>and newlines in the request before they put it on >>>the >>>wire. Can you crosscheck that? >>> >>>Regards, >>>Werner >> >> >> >> >>__________________________________ >>Yahoo! Music Unlimited >>Access over 1 million songs. Try it free. >>http://music.yahoo.com/unlimited/ >> >> > > --------------------------------------------------------------------- > >>To unsubscribe, e-mail: >>[EMAIL PROTECTED] >>For additional commands, e-mail: >>[EMAIL PROTECTED] >> >> > > > > > > __________________________________ > Yahoo! Music Unlimited > Access over 1 million songs. Try it free. > http://music.yahoo.com/unlimited/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
