cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rich Newcomb (JIRA)" <j...@apache.org>
Subject [jira] Created: (CXF-2914) Digest algorithm defined in WS-SecurityPolicy is not honored in WS-Security signature from client
Date Wed, 28 Jul 2010 02:57:16 GMT
Digest algorithm defined in WS-SecurityPolicy is not honored in WS-Security signature from
client
-------------------------------------------------------------------------------------------------

                 Key: CXF-2914
                 URL: https://issues.apache.org/jira/browse/CXF-2914
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 2.3, 2.2.10
            Reporter: Rich Newcomb


The digest algorithm "http://www.w3.org/2000/09/xmldsig#sha1" is used in digital signatures
from clients configured via WS-SecurityPolicy even when an AlgorithmSuite is defined within
the policy that should resolve to a different digest algorithm.  For example, the following
AlgorithmSuite policy should result in the digest algorithm of "http://www.w3.org/2001/04/xmlenc#sha256"
(per the WS-SecurityPolicy specification):

<sp:AlgorithmSuite>
    <wsp:Policy>
        <sp:Basic256Sha256 />
    </wsp:Policy>
</sp:AlgorithmSuite>

The correct digest algorithm is determined by the AlgorithmSuite in the Binding; however,
the algorithm information is not propagated to the WSSecSignature object that creates the
signature.



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message