You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "S.Uthaiyashankar (JIRA)" <ji...@apache.org> on 2010/12/21 15:26:03 UTC
[jira] Assigned: (RAMPART-276) SignedEncryptedElements can
incorrectly set the namespace of child xpaths during serialization
[ https://issues.apache.org/jira/browse/RAMPART-276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
S.Uthaiyashankar reassigned RAMPART-276:
----------------------------------------
Assignee: S.Uthaiyashankar (was: Ruchith Udayanga Fernando)
> SignedEncryptedElements can incorrectly set the namespace of child xpaths during serialization
> ----------------------------------------------------------------------------------------------
>
> Key: RAMPART-276
> URL: https://issues.apache.org/jira/browse/RAMPART-276
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.5
> Reporter: Dave Bryant
> Assignee: S.Uthaiyashankar
>
> If you create a security policy that includes signed or encrypted elements, where the SignedEncryptedElements object contains multiple xpaths for specifying parts of the message to sign/encrypt, and a namespace map to qualify the prefixes used in xpaths exists, then serializing the SignedEncryptedElements object incorrectly sets the namespace URI for the second <sp:XPath> element that is output.
> For example, if you specify two xpaths (xs:fred and rns1:bob) to be signed and setup the namespace map appropriately to define the xs and rns1 prefixes, the second XPath element is output using the xs prefix (the XML schema namespace) instead of the sp prefix (the security policy namespace).
> {code:xml}
> <sp:SignedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath xmlns:rns1="http://www.orionhealth.com/rhapsody/2009/11/TestService">//xs:fred</sp:XPath>
> <xs:XPath xmlns:rns1="http://www.orionhealth.com/rhapsody/2009/11/TestService">//rns1:bob</xs:XPath>
> </sp:SignedElements>
> {code}
> The problem was introduced in revision 76056 of SignedEncryptedElements.java (http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java?r1=653992&r2=760506) where support was added to output the defined namespaces. The problem is that the local variables 'prefix' and 'namespaceURI' is assigned when output the namespace map, and then that same variable is reused to output the next XPath.
> A patch that resolves this problem is below:
> {code}
> Index: src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
> ===================================================================
> --- src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java (revision 61550)
> +++ src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java (working copy)
> @@ -122,9 +122,9 @@
> Iterator<String> namespaces = declaredNamespaces.keySet().iterator();
>
> while(namespaces.hasNext()) {
> - prefix = (String) namespaces.next();
> - namespaceURI = (String) declaredNamespaces.get(prefix);
> - writer.writeNamespace(prefix,namespaceURI);
> + final String declaredPrefix = (String) namespaces.next();
> + final String declaredNamespaceURI = (String) declaredNamespaces.get(declaredPrefix);
> + writer.writeNamespace(declaredPrefix,declaredNamespaceURI);
> }
>
> writer.writeCharacters(xpathExpression);
> {code}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org