Hi guys,

I am new on this community... but I read always as guess.

Now I have a big problem...

I have an EAR that contains a war.

This EAR expose some API for verify signature of a SAMLResponse.

I put this EAR on JBoss 5 and all works fine...

XMLSignature signature=null;

try {

     signature = factory.unmarshalXMLSignature(context);

} catch (MarshalException e) {

      e.printStackTrace();

}

boolean valid=signature.validate(context);

 

Validate method return true or false if input data in correct or incorrect...all works.

I put this EAR on a JBoss 7 and ALWAYS the validate method return FALSE.

I activade -verbose:class on both servers and I can see following..

On JBoss 5 log I have...

[Loaded org.apache.xml.security.signature.XMLSignature from jar:file:/<myPath>/deploy/MYEAR.ear/MYWAR.war/WEB-INF/lib/xmlsec-1.4.2.jar!/]

[Loaded javax.xml.crypto.dsig.XMLSignature from jar:file:/<myPath>/deploy/MYEAR.ear/MYWAR.war/WEB-INF/lib/xmlsec-1.4.2.jar!/]

 

On JBoss 7 log I have...

[Loaded org.apache.xml.security.signature.XMLSignature from vfs:/ <myPath>/deployments/MYEAR.ear/MYWAR.war/WEB-INF/lib/xmlsec-1.4.2.jar]

[Loaded javax.xml.crypto.dsig.XMLSignature from C:\Program Files (x86)\Java\jre6\lib\rt.jar]

 

This can be the problem ?

I have already checked if the problem is related to reference validation or sign validation.

Reference validation return true.

Is possible that the class in rt.jar return always false ?

How I can avoid that this class is loaded.

I have already a jboss-deployment-structure.xml

<jboss-deployment-structure>

          <deployment >

                    <exclusions>

                              <module name="org.jboss.log4j" />

                              <module name="org.hibernate" />

                    </exclusions>

     </deployment> 

</jboss-deployment-structure>

 

Help me please