0 Replies Latest reply on Oct 12, 2011 11:52 AM by ccob

    Downgrade WSS4j version possible?

    ccob Newbie



      I have a web application that connects to an 3rd party web service which I have no control over.  Now the 3rd party web service seems to be using WSS4j 1.5.8 (or around that time). 


      The web requests require signing, timestamps and encryption.  But when the request is sent the server responds with a signature verify exception.  Previosly I have had it working when the application was running on AS6, but it was using XWSS for the encryption then.


      I have written a little test application that generates the SOAP request using both the 1.5.8 and 1.6.1 that's shipped with AS7 of WSS4j (by switching libraries) and sent the request to the 3rd party endpoint.  I get the expected encrypted response with the 1.5.8 version of WSS4j, but when I run the same test but with 1.6.1, the soap fault is sent back from the 3rd party server indicating the signature did not verify.


      So I then verified the payload from 1.5.8 with the 1.6.1 version within my test app, but it verified OK.  So it seems to be something specific the 3rd party is doing differently, which is using axis for the web services layer.


      One of the differences I can see since 1.5.8 is that the Base64 encoder is spliting lines on a 76 character boundry in the older release, but the newer version does not do this.  I am wondering if the 3rd party receiver is tripping up here.


      So I am basically looking for ways I can get it working with AS7, possibly downgrade WSS4j.


      Any help appreciated.