Skip to content
This repository has been archived by the owner on Jan 30, 2019. It is now read-only.

Signature parts verification failing #1688

Open
glassfishrobot opened this issue Jul 17, 2014 · 3 comments
Open

Signature parts verification failing #1688

glassfishrobot opened this issue Jul 17, 2014 · 3 comments
Assignees
@glassfishrobot
Labels
Component: security ERR: Assignee Priority: Major Type: Bug

Comments

@glassfishrobot
Copy link
Contributor

Signature verification part is defaulted to soap body. There is no other way to change it by specifying the parts.

In the SecurityRecipient.java, FilterProcessingContext fpContext = new FilterProcessingContext(context); is defaulting to body namespace.

fpContext -> securityPolicy -> _featureBinding -> targets.

There should be an API exposed to hook in the parts with namespaces that need to be verified.

The use case I have :
I have a connector protected with signed Timestamp.

Environment

Tomcat 6 , Metro 2.1 , JDK 1.6

Affected Versions

[2.1]
@glassfishrobot
Copy link
Contributor Author

Reported by kjayashankar

@glassfishrobot
Copy link
Contributor Author

Was assigned to symonchang

@glassfishrobot
Copy link
Contributor Author

This issue was imported from java.net JIRA WSIT-1688

@glassfishrobot glassfishrobot self-assigned this Apr 24, 2017
@Tomas-Kraus Tomas-Kraus mentioned this issue Jun 2, 2022
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@glassfishrobot glassfishrobot

Labels
Component: security ERR: Assignee Priority: Major Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@glassfishrobot