You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Agusti Dosaiguas (JIRA)" <ax...@ws.apache.org> on 2007/05/07 19:50:15 UTC

[jira] Commented: (AXIS-2497) Axis modifies SOAP request making digital signature invalid

    [ https://issues.apache.org/jira/browse/AXIS-2497?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12494092 ] 

Agusti Dosaiguas commented on AXIS-2497:
----------------------------------------

The fix to SOAPEnvelope.java proposed by Yevgeny doesn't solve this issue.

> Axis modifies SOAP request making digital signature invalid
> -----------------------------------------------------------
>
>                 Key: AXIS-2497
>                 URL: https://issues.apache.org/jira/browse/AXIS-2497
>             Project: Axis
>          Issue Type: Bug
>          Components: Basic Architecture
>    Affects Versions: 1.3
>         Environment: Windows XP Pro, SUSE Linux, Tomcat 5.0.28
>            Reporter: Peter Bacik
>            Priority: Critical
>
> I'm using Apache XMLSec 1.3.0 to validate signature of incoming SOAP requests on the server side. XMLSec API is invoked from inside of Axis BasicHandler. Problem is, that Axis modifies the request (removes new lines), which makes the digest value and therefore also the signature invalid. 
> DisablePrettyXML flag is set to true.
> I sent the same SOAP request to the server using Axis 1.2 and Axis 1.3. Signature of the message sent to Axis 1.2 was validated successfully, message sent to Axis 1.3 had invalid signature.
> ------
> Message traced on the TCP (I removed the header):
> <?xml version="1.0" encoding="UTF-8"?>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header>...</soapenv:Header><soapenv:Body Id="Body">
> <spml:addRequest xmlns:spml="urn:SPML:2:0">
> <object>
> <Key>12345678901234561234567890123456</Key>
> <Id>01234567890123456789</Id>
> </object>
> </spml:addRequest>
> </soapenv:Body></soapenv:Envelope>
> Message received by Axis 1.2:
> <?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header>...</soapenv:Header><soapenv:Body Id="Body">
> <spml:addRequest xmlns:spml="urn:SPML:2:0">
> <object>
> <Key>12345678901234561234567890123456</Key>
> <Id>01234567890123456789</Id>
> </object>
> </spml:addRequest>
> </soapenv:Body></soapenv:Envelope>
> Message received by Axis 1.3:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header>...</soapenv:Header><soapenv:Body Id="Body"><spml:addRequest xmlns:spml="urn:SPML:2:0">
> <object>
> <Key>12345678901234561234567890123456</Key>
> <Id>01234567890123456789</Id>
> </object>
> </spml:addRequest></soapenv:Body></soapenv:Envelope>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org