Hi guys,
I am new on this community... but I read always as guess.
Now I have a big problem...
I have an EAR that contains a war.
This EAR expose some API for verify signature of a SAMLResponse.
I put this EAR on JBoss 5 and all works fine...
XMLSignature signature=null;
try {
signature = factory.unmarshalXMLSignature(context);
} catch (MarshalException e) {
e.printStackTrace();
}
boolean valid=signature.validate(context);
Validate method return true or false if input data in correct or incorrect...all works.
I put this EAR on a JBoss 7 and ALWAYS the validate method return FALSE.
I activade -verbose:class on both servers and I can see following..
On JBoss 5 log I have...
[Loaded org.apache.xml.security.signature.XMLSignature from jar:file:/<myPath>/deploy/MYEAR.ear/MYWAR.war/WEB-INF/lib/xmlsec-1.4.2.jar!/]
[Loaded javax.xml.crypto.dsig.XMLSignature from jar:file:/<myPath>/deploy/MYEAR.ear/MYWAR.war/WEB-INF/lib/xmlsec-1.4.2.jar!/]
On JBoss 7 log I have...
[Loaded org.apache.xml.security.signature.XMLSignature from vfs:/ <myPath>/deployments/MYEAR.ear/MYWAR.war/WEB-INF/lib/xmlsec-1.4.2.jar]
[Loaded javax.xml.crypto.dsig.XMLSignature from C:\Program Files (x86)\Java\jre6\lib\rt.jar]
This can be the problem ?
I have already checked if the problem is related to reference validation or sign validation.
Reference validation return true.
Is possible that the class in rt.jar return always false ?
How I can avoid that this class is loaded.
I have already a jboss-deployment-structure.xml
<jboss-deployment-structure>
<deployment >
<exclusions>
<module name="org.jboss.log4j" />
<module name="org.hibernate" />
</exclusions>
</deployment>
</jboss-deployment-structure>
Help me please