Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
1.6
-
None
-
None
Description
According to this blog entry: http://coheigea.blogspot.com/2011/01/wss4j-16-crypto-property-change.html
Quote: "One final note - when building a validation chain to validate a received credential, WSS4J uses both the truststore and the keystore. This is for backwards compatibility reasons, where the user does not specify a truststore using the new config."
Recommend switching this algorithm to not use the keystore for validation if the truststore is explicitly validated.