[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xmlrpc-user
Subject:    Re: Can WSSecurityEngine.processSecurityHeader() report which
From:       Colm O hEigeartaigh <coheigea () apache ! org>
Date:       2011-03-31 8:04:22
Message-ID: AANLkTimCJgiE-smPBmhiDazGCPm93sa_5wh=topK=oSA () mail ! gmail ! com
[Download RAW message or body]

You can see the exact reason for signature validation failure in WSS4J
1.6 if you turn on debug logging. You can't see it in WSS4J 1.5, as
the API we were using (Apache Santuario as opposed to JSR-105) wasn't
powerful enough to give us the information required. It's not possible
to include the information in the exception that's thrown, as that
could lead to leaking security information to an attacked.

Colm.

On Wed, Mar 30, 2011 at 10:15 PM, Yang, Gang CTR US USA
<gang.yang@us.army.mil> wrote:
> Classification: UNCLASSIFIED
> Caveats: NONE
>
> Hi,
>
>
>
> When there are more than one parts being signed and the validation failed,
> WSSecurityEngine.processSecurityHeader() simply throws an
> WSSecurityException. Can some details of the failure be reported somehow,
> such as which Reference failed and for what reason?
>
>
>
> Thanks,
>
> Gang
>
> Classification: UNCLASSIFIED
> Caveats: NONE
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]