We are connecting to a third party webservice and we need to sign the message and with multiple parts. We see signature generates
characters in BinarySecurityToken and the backend is treating as sql injection attack.
The SignatureValue element contains the actual value of the digital
signature and it is encoded using base64 and seems to be valid as per below rfc but looks third party webservice is treating differently..
https://www.ietf.org/rfc/rfc2045.txt
We use wss4j 2.2.1 with jdk1.8 and having issues while sending via apigee..
Is there a way to get rid or better way to do it? Please suggest.
Attached java snippet for reference..
Thankyou.
Solved! Go to Solution.
Updated to latest version of wss4j 2.2.4 and added below to get rid and issue got resolved.
==
String lineBreakPropName = "org.apache.xml.security.ignoreLineBreaks"; if (System.getProperty(lineBreakPropName) == null) { System.setProperty(lineBreakPropName, "true"); }
==
Looking forward for some help..
Updated to latest version of wss4j 2.2.4 and added below to get rid and issue got resolved.
==
String lineBreakPropName = "org.apache.xml.security.ignoreLineBreaks"; if (System.getProperty(lineBreakPropName) == null) { System.setProperty(lineBreakPropName, "true"); }
==
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |