spring-ws icon indicating copy to clipboard operation
spring-ws copied to clipboard
verified publisher icon spring-projects

XWS Security SignatureMethod with algorithm Hmac-sha1 [SWS-952]

Open gregturn opened this issue 9 years ago • 0 comments

Wajdi opened SWS-952 and commented

I have created an XWSSecurityInterceptor with a configurationPolicy within a file named policy.xml.

When I put <xwss:SignatureMethod algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> , then everything went fine and my SOAP message got signed.

But, when I put <xwss:SignatureMethod algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/> then I can see that an EncryptionKeyCallBack was trigged and not a SignatureKeyCallback. And as a result I have a NullPointerException in the SignatureProcessor ( line 408).

I am quiet sure that a policy file with no <Encrypt> that can somehow find an EncryptionKeyCallBack within it's XWSSecurityInterceptor, means that there is a bug.

Can anyone see and help me understand what's going on here?

Affects: 2.2.4

gregturn avatar Mar 22 '16 13:03 gregturn