santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 43685] Problem verifying signatures generated by BEA Aqualogic
Date Fri, 27 Jun 2008 16:06:09 GMT

--- Comment #16 from René Nielsen <>  2008-06-27 09:06:08 PST ---
Multiple things can go wrong using InclusiveNamespaces PrefixList="".

1) If the logical representation uses InclusiveNamespaces PrefixList="", but
the physical representation (the canonilized output before signing) completely
ignores it in only one end it poses a problem

2a) If InclusiveNamespaces PrefixList="" means different things in BEA and
WSS4J such as one end interpreting it as the default namespace

2b) If InclusiveNamespaces PrefixList="" means different things in BEA and
WSS4J such as one end interpreting it as part of the physical representation
and the other leaving it out, yet preserves it in the logical representation

This problem persist even after upgrading WebLogic Server 9.2 to Maintanance
Pack 3, where newline and Document Order is fixed in relation to

BEA Support and WSS4J both ask for more information, and both claims to be WS-I
compliant, however, they don't work together.

As I would expect BEA Support to download WSS4J and create a test, I would also
expect WSS4J to download WLS 9.2 with MP 3 and create a sample. I guess that
both parties find it just as hard and timeconsuming a task as I find it hard
and timeconsuming to provide the solution for you.

The BEA API doesn't allow one to print the canonilized output as WSS4J does.
BEA Support just wrote me today and said that signing (the step after
canonilization) often happens while streaming over the network or sometimes in
the handleRequest or handleResponse events. If that is true, then output of a
BEA client must be exactly what is output from the canonilization step.

Feel free to contact me by email, if you are interested in the BEA client and
the WSS4J serverside.

Anyway, thanks for responding Sean - I'm trying to get BEA Support to help me
provide the information you require, since I have to decompile and rewrite and
recompile the weblogic.jar in order to get the canonilized output.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.
View raw message