By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
428,558 Members | 1,399 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 428,558 IT Pros & Developers. It's quick & easy.

Signing headers with carriage returns

P: n/a
Hi,

I'm noticed a problem testing a JAX-WS client with a WSE server. The
JAX-WS client adds carriage returns to a SOAP header element that is
signed. This causes the WSE server to raise an error: "The signature
or decryption failed". If the carriage returns are removed, the same
web service call is successful.

I tried replicating the situation with a WSE client. I created a WSE
client that adds a SOAP header element that contains a carriage return
and is signed (using output filters). The WSE server raises the same
error: "The signature or decryption failed". When there are no
carriage returns in the signed header element, the WSE client's web
service call is successful.

It would seem that the WSE server has a problem validating signed
header elements that contain carriage returns. Security fails when it
shouldn't.

Is there a way around this problem? The clients that can call this WSE
service are not within my control, so I can't ensure no carriage
returns are in signed header elements in SOAP requests.

Thanks in advance for your help.

Mark

Apr 27 '07 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.