0 Replies Latest reply on May 3, 2013 5:54 AM by vegetajboss

    Validate method of XMLSignature return always false after migration

    vegetajboss Newbie

      Hi guys,

      I am new on this community... but I read always as guess.

      Now I have a big problem...


      I have an EAR that contains a war.

      This EAR expose some API for verify signature of a SAMLResponse.

      I put this EAR on JBoss 5 and all works fine...


      XMLSignature signature=null;

      try {

           signature = factory.unmarshalXMLSignature(context);

      } catch (MarshalException e) {



      boolean valid=signature.validate(context);



      Validate method return true or false if input data in correct or incorrect...all works.

      I put this EAR on a JBoss 7 and ALWAYS the validate method return FALSE.


      I activade -verbose:class on both servers and I can see following..


      On JBoss 5 log I have...

      [Loaded org.apache.xml.security.signature.XMLSignature from jar:file:/<myPath>/deploy/MYEAR.ear/MYWAR.war/WEB-INF/lib/xmlsec-1.4.2.jar!/]

      [Loaded javax.xml.crypto.dsig.XMLSignature from jar:file:/<myPath>/deploy/MYEAR.ear/MYWAR.war/WEB-INF/lib/xmlsec-1.4.2.jar!/]



      On JBoss 7 log I have...


      [Loaded org.apache.xml.security.signature.XMLSignature from vfs:/ <myPath>/deployments/MYEAR.ear/MYWAR.war/WEB-INF/lib/xmlsec-1.4.2.jar]

      [Loaded javax.xml.crypto.dsig.XMLSignature from C:\Program Files (x86)\Java\jre6\lib\rt.jar]



      This can be the problem ?

      I have already checked if the problem is related to reference validation or sign validation.

      Reference validation return true.


      Is possible that the class in rt.jar return always false ?

      How I can avoid that this class is loaded.


      I have already a jboss-deployment-structure.xml



                <deployment >


                                    <module name="org.jboss.log4j" />

                                    <module name="org.hibernate" />






      Help me please