Signature & Binary Security Token [SWS-842] #916
Description
stephane cizeron opened SWS-842 and commented
Hello,
When you want to sign the BinarySecurityToken with Wss4jSecurityInterceptor, in a previous version of spring 2.0.x and wss4j (1.5.x), you only had to add a special keyword Token in the signatureParts. Since spring-ws 2.1.x relies on wss4j 1.6.x, this keyword was removed from wss4j and the signature processing failed => Token element not found in the DOM. The current doc makes a reference to the old special keyword. Nowadays, it's impossible to sign the BST. When using STRTransform, we don't sign the BST but just a reference, that's not really the same issue and the signature validation fails on server.
if you have a replacement procedure in order to sign the BST, i will take it quickly.
Best regards
Affects: 2.1.3
Referenced from: commits 6d3db75