[Design of JBoss Web Services] - Re: Signatures and CRs
by alessio.soldano@jboss.com
Here are my thoughs and what I did: generally speaking I think a message containing CRLF is valid. Parsers are able to deal with them and according to the specs CR must be converted to LF when parsing. When sending a message you should thus know that if there's a CR in the document's content, it should not be send as a literal otherwise it will be normalized to LF when the document is parsed; it should be encoded as & # x D ; instead (sorry for the padding spaces ;-) ).
As a matter of fact, according to my tests, if you don't run into any transition to DOM_VALID representation of the soap content (need to comment out most of the message logging stuff to achieve this), you already get this (the & # x D ; ) using our stack when outputting messages containing \r in a string content. Thus IMHO the problem was in the DOMWriter's normalize method which didn't convert \r into & # x D ; . So I fixed it. This way, along with the changes done for JBWS-1974, the wsse implementation computes the signature over an element whose content is what the user specified and will not be altered during parsing on client side.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4132914#4132914
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4132914