Hello, I am trying to use Apache XML Security through Spring web services 1.5.6 (WSS4JInterceptor) to digitally sign messages.
At runtime I get the following exception: ERROR o.a.w.s.message.WSSecSignature - org.apache.xml.security.exceptions.XMLSecurityException: Cannot create a http://www.w3.org/2000/09/xmldsig#:ds:SignatureMethod from a http://www.w3.org/2000/09/xmldsig#:SignatureMethod element at org.apache.xml.security.utils.ElementCheckerImpl$InternedNsChecker.guaranteeThatElementInCorrectSpace(Unknown Source) at org.apache.xml.security.utils.ElementProxy.guaranteeThatElementInCorrectSpace(Unknown Source) at org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source) at org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown Source) at org.apache.xml.security.algorithms.Algorithm.<init>(Unknown Source) at org.apache.xml.security.algorithms.SignatureAlgorithm.<init>(Unknown Source) at org.apache.xml.security.signature.SignedInfo.<init>(Unknown Source) at org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source) at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:366) at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:746) at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:54) at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:201) at org.springframework.ws.soap.security.wss4j.Wss4jHandler.doSenderAction(Wss4jHandler.java:162) at org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:457) I downloaded wssj-1.5.5 and xmlsec-1.4.2 source code to understand what's going on. Trying to construct XMLSignature in WSSecSignature.java throws the exception: SignatureAlgorithm signatureAlgorithm = new SignatureAlgorithm(doc, sigAlgo); sig = new XMLSignature(doc, null, signatureAlgorithm.getElement(), canonElem); _constructionElement of signatureAlgorithm instance looks something like: <ds:SignatureMethod...../>. I am assuming, while creating instance of XMLSignature the guaranteeThatElementInCorrectSpace() method tries to compare <SignatureMethod.../> with <ds:SignatureMethod../> and hence the exception. For some reason the "ds" prefix does not get set in the call to XMLSignature's constructor. Not sure if this is due to Wss4JInterceptor configuration, or conflicting jars or plain bug in wss4j-1.5.5 or xmlsec-1.4.2. Could some one please guide. Thanks, -- Mihir.
