users@glassfish.java.net

Glassfish eating newlines in SOAP message - how to stop?

From: <glassfish_at_javadesktop.org>
Date: Wed, 20 May 2009 00:43:05 PDT

Problem: I have a Web Service, which uses WSS4J inside a handler to validate signatures and decrypt the message and that sort of thing. Mostly that works just fine. However, I discovered that the client is sending through messages that look like this:

<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1023734535">
</SOAP-ENV:Body>

Note how there's a newline between the beginning and the end tag. The message body is signed. However, Glassfish seems to think it's ok to turn the above message into the following:

<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1023734535" />

That's very naughty, as now the signature doesn't validate... Oops.

My question is: How do I stop Glassfish from doing this? If this can't be done via a simple configuration command, which area of Glassfish is likely responsible, so that I can have a look at patching it myself?

The alternative would be to use Encryption instead of a Signature... Have tested this, and it fixes my problem just fine.

Another alternative would be if there was some way to specify the security information in a file that I can point Glassfish at - this file *cannot be the WSDL*, which is the reason I've gone down this road in the first place.
[Message sent by forum member 'ipsi' (ipsi)]

http://forums.java.net/jive/thread.jspa?messageID=346929