This repository was archived by the owner on Jan 30, 2019. It is now read-only.
This repository was archived by the owner on Jan 30, 2019. It is now read-only.
Signature parts verification failing #1688
Description
Signature verification part is defaulted to soap body. There is no other way to change it by specifying the parts.
In the SecurityRecipient.java, FilterProcessingContext fpContext = new FilterProcessingContext(context); is defaulting to body namespace.
fpContext -> securityPolicy -> _featureBinding -> targets.
There should be an API exposed to hook in the parts with namespaces that need to be verified.
The use case I have :
I have a connector protected with signed Timestamp.
Environment
Tomcat 6 , Metro 2.1 , JDK 1.6
Affected Versions
[2.1]