You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by "Ariel C." <ar...@gmail.com> on 2015/02/23 23:22:56 UTC

Re: Problem with signature of message including comments

Hi everybody,

I post some more information about this issue.
Even when I cannot reproduce this in my local environment or with a unit
test, it is still happening when I deployed my application on our Websphere
7 App Servers.

I could deploy the application with some more logging and I could see that
the main problem is that XML comments are not being just eliminated as I
thought, but actually they are being replaced by its inner content (that is,
removing just the starting and ending comment tags) somewhere between
Message Logging Interceptor and WSS4J In Interceptor, in the incoming
interceptor chain.

This is what I've tested:
In LoggingInInterceptor I can see my incoming message, for example with this
in the body: <elem1>data</elem1>

Then, after WSS4J signature validation fails, I output the
W3CDOMStreamWriter property of message object, and I can see this:
<elem1>datatest</elem1>

XML Comment tags are being removed, but not its inner content. I think that
nothing should be removed, but at least, if all the comment is removed,
WSS4J will succesfully validate the signature, as we are using comment
excluded canonicalization.

I've searched everywhere in this forum and I could just find only this
related issue, but without any response:
http://cxf.547215.n5.nabble.com/Problem-with-SOAPMessage-and-Comments-tt5732556.html


As I cannot reproduce this in my local environment, I can only imagine that
my WAS App Server is loading different libraries than I do, probably those
referred to XMLStreamReader or XMLStreamWriter.
After all, between message logging and WSS4J, we have StaxInInterceptor,
SaajPreInInterceptor and inside WSS4J, the getSOAPMessage(msg) method which
indeed calls SAAJInInterceptor handleMessage.

Can anyone throw some light into this?


Thanks in advance,


Ariel C.





--
View this message in context: http://cxf.547215.n5.nabble.com/Problem-with-signature-of-message-including-comments-tp5752902p5754564.html
Sent from the cxf-user mailing list archive at Nabble.com.