Author: alessio.soldano(a)jboss.com Date: 2013-03-25 12:15:44 -0400 (Mon, 25 Mar 2013) New Revision: 17408 Modified: thirdparty/wss4j/branches/wss4j-1.6.9/src/main/java/org/apache/ws/security/message/WSSecSignature.java Log: Backporting fix for WSS-421 Modified: thirdparty/wss4j/branches/wss4j-1.6.9/src/main/java/org/apache/ws/security/message/WSSecSignature.java =================================================================== --- thirdparty/wss4j/branches/wss4j-1.6.9/src/main/java/org/apache/ws/security/message/WSSecSignature.java 2013-03-25 15:57:11 UTC (rev 17407) +++ thirdparty/wss4j/branches/wss4j-1.6.9/src/main/java/org/apache/ws/security/message/WSSecSignature.java 2013-03-25 16:15:44 UTC (rev 17408) @@ -108,6 +108,7 @@ private X509Certificate useThisCert = null; private Element securityHeader = null; private boolean useCustomSecRef; + private boolean bstAddedToSecurityHeader = false; public WSSecSignature() { super(); @@ -443,10 +444,10 @@ * @param secHeader The security header */ public void prependBSTElementToHeader(WSSecHeader secHeader) { - if (bstToken != null) { + if (bstToken != null && !bstAddedToSecurityHeader) { WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), bstToken.getElement()); + bstAddedToSecurityHeader = true; } - bstToken = null; } /** @@ -454,11 +455,11 @@ * @param secHeader The security header */ public void appendBSTElementToHeader(WSSecHeader secHeader) { - if (bstToken != null) { + if (bstToken != null && !bstAddedToSecurityHeader) { Element secHeaderElement = secHeader.getSecurityHeader(); secHeaderElement.appendChild(bstToken.getElement()); + bstAddedToSecurityHeader = true; } - bstToken = null; } /**