You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Jorge Fernández (JIRA)" <ji...@apache.org> on 2007/08/08 13:04:59 UTC
[jira] Created: (RAMPART-67) Problems with namespaces prefixes when
encrypting or signing
Problems with namespaces prefixes when encrypting or signing
------------------------------------------------------------
Key: RAMPART-67
URL: https://issues.apache.org/jira/browse/RAMPART-67
Project: Rampart
Issue Type: Bug
Components: rampart-policy
Affects Versions: 1.2
Environment: Windows XP SP2, Java 1.6, Tomcat 6.0
Reporter: Jorge Fernández
Priority: Blocker
I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
For example, in my service policy I have:
sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
</sp:EncryptedElements>
If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
I have this operations:
validate (In-Only OK)
logout (In-Only OK)
getOntologyFindings
getOntologyFindingsByConcept (OK)
getOntologyAbstractParameters
getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
getOntologySignals
getOntology
getPatients
getPrimitiveParameterData (OK)
Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
For some operations, I have a response like this:
<ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
<parameterData xmlns="http://op_messages.medici_link/xsd">
<annotations \
xmlns="http://external.communication_data_model.medici_link/xsd" \
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
/>
<dataSegments \
xmlns="http://external.communication_data_model.medici_link/xsd"> \
<beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
<data>
<xop:Include \
href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
</dataSegments>
</parameterData>
</ns3:getPrimitiveDataResponse>
and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-67) Problems with namespaces prefixes when
encrypting or signing
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-67?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-67:
-----------------------------------
Attachment: WebServiceTest.rar
JIRA70.rar
New samples, simpler than the original
> Problems with namespaces prefixes when encrypting or signing
> ------------------------------------------------------------
>
> Key: RAMPART-67
> URL: https://issues.apache.org/jira/browse/RAMPART-67
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, Java 1.6, Tomcat 6.0
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: JIRA70.rar, WebServiceTest.rar
>
>
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-67) Problems with namespaces prefixes when
encrypting or signing
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-67?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-67:
-----------------------------------
Attachment: Webservice.rar
eclipse_projects.rar
> Problems with namespaces prefixes when encrypting or signing
> ------------------------------------------------------------
>
> Key: RAMPART-67
> URL: https://issues.apache.org/jira/browse/RAMPART-67
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, Java 1.6, Tomcat 6.0
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Webservice.rar
>
>
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-67) Problems with namespaces prefixes when
encrypting or signing
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-67?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-67:
-----------------------------------
Attachment: (was: WebServiceTest.rar)
> Problems with namespaces prefixes when encrypting or signing
> ------------------------------------------------------------
>
> Key: RAMPART-67
> URL: https://issues.apache.org/jira/browse/RAMPART-67
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, Java 1.6, Tomcat 6.0
> Reporter: Jorge Fernández
> Priority: Blocker
>
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> validateSystem works OK but the validate, doesn't.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.
> It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments. Maybe this happens because they are defined in another namespace and they have no prefix in the message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-67) Problems with namespaces prefixes when
encrypting or signing
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-67?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-67:
-----------------------------------
Description:
I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
For example, in my service policy I have:
sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
</sp:EncryptedElements>
If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
validateSystem works OK but the validate, doesn't.
In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
For some operations, I have a response like this:
<ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
<parameterData xmlns="http://op_messages.medici_link/xsd">
<annotations \
xmlns="http://external.communication_data_model.medici_link/xsd" \
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
/>
<dataSegments \
xmlns="http://external.communication_data_model.medici_link/xsd"> \
<beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
<data>
<xop:Include \
href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
</dataSegments>
</parameterData>
</ns3:getPrimitiveDataResponse>
and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.
It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments. Maybe this happens because they are defined in another namespace and they have no prefix in the message.
was:
I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
For example, in my service policy I have:
sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
</sp:EncryptedElements>
If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
I have this operations:
validate (In-Only OK)
logout (In-Only OK)
getOntologyFindings
getOntologyFindingsByConcept (OK)
getOntologyAbstractParameters
getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
getOntologySignals
getOntology
getPatients
getPrimitiveParameterData (OK)
Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
For some operations, I have a response like this:
<ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
<parameterData xmlns="http://op_messages.medici_link/xsd">
<annotations \
xmlns="http://external.communication_data_model.medici_link/xsd" \
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
/>
<dataSegments \
xmlns="http://external.communication_data_model.medici_link/xsd"> \
<beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
<data>
<xop:Include \
href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
</dataSegments>
</parameterData>
</ns3:getPrimitiveDataResponse>
and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
> Problems with namespaces prefixes when encrypting or signing
> ------------------------------------------------------------
>
> Key: RAMPART-67
> URL: https://issues.apache.org/jira/browse/RAMPART-67
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, Java 1.6, Tomcat 6.0
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: JIRA70.rar, WebServiceTest.rar
>
>
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> validateSystem works OK but the validate, doesn't.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.
> It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments. Maybe this happens because they are defined in another namespace and they have no prefix in the message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-67) Problems with namespaces prefixes when
encrypting or signing
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-67?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-67:
-----------------------------------
Attachment: (was: JIRA70.rar)
> Problems with namespaces prefixes when encrypting or signing
> ------------------------------------------------------------
>
> Key: RAMPART-67
> URL: https://issues.apache.org/jira/browse/RAMPART-67
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, Java 1.6, Tomcat 6.0
> Reporter: Jorge Fernández
> Priority: Blocker
>
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> validateSystem works OK but the validate, doesn't.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.
> It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments. Maybe this happens because they are defined in another namespace and they have no prefix in the message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-67) Problems with namespaces prefixes when
encrypting or signing
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-67?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-67:
-----------------------------------
Attachment: WebServiceTest.rar
JIRA70.rar
> Problems with namespaces prefixes when encrypting or signing
> ------------------------------------------------------------
>
> Key: RAMPART-67
> URL: https://issues.apache.org/jira/browse/RAMPART-67
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, Java 1.6, Tomcat 6.0
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: JIRA70.rar, WebServiceTest.rar
>
>
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> validateSystem works OK but the validate, doesn't.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.
> It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments. Maybe this happens because they are defined in another namespace and they have no prefix in the message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-67) Problems with namespaces prefixes when
encrypting or signing
Posted by "Ruchith Udayanga Fernando (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-67?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ruchith Udayanga Fernando updated RAMPART-67:
---------------------------------------------
Priority: Major (was: Blocker)
Lets fix this post rampart-1.3
> Problems with namespaces prefixes when encrypting or signing
> ------------------------------------------------------------
>
> Key: RAMPART-67
> URL: https://issues.apache.org/jira/browse/RAMPART-67
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, Java 1.6, Tomcat 6.0
> Reporter: Jorge Fernández
> Attachments: JIRA70.rar, WebServiceTest.rar
>
>
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> validateSystem works OK but the validate, doesn't.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.
> It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments. Maybe this happens because they are defined in another namespace and they have no prefix in the message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-67) Problems with namespaces prefixes
when encrypting or signing
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-67?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518748 ]
Jorge Fernández commented on RAMPART-67:
----------------------------------------
The last part of the issue seems to be changed with new releases and now, inner elements have namespace prefixes but they are not recognised, throwing
rg.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> Problems with namespaces prefixes when encrypting or signing
> ------------------------------------------------------------
>
> Key: RAMPART-67
> URL: https://issues.apache.org/jira/browse/RAMPART-67
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, Java 1.6, Tomcat 6.0
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: JIRA70.rar, WebServiceTest.rar
>
>
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> validateSystem works OK but the validate, doesn't.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.
> It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments. Maybe this happens because they are defined in another namespace and they have no prefix in the message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (RAMPART-67) Problems with namespaces prefixes
when encrypting or signing
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-67?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya resolved RAMPART-67.
-----------------------------------------------
Resolution: Fixed
<sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:XPath xmlns:ns="http://somenamespace.org/ns">//ns:encElement</sp:XPath>
</sp:EncryptedElements>
Now we can define namespaces with in the XPath element when defining EncryptedElements and SignedElements.
> Problems with namespaces prefixes when encrypting or signing
> ------------------------------------------------------------
>
> Key: RAMPART-67
> URL: https://issues.apache.org/jira/browse/RAMPART-67
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, Java 1.6, Tomcat 6.0
> Reporter: Jorge Fernández
> Assignee: Nandana Mihindukulasooriya
> Attachments: JIRA70.rar, WebServiceTest.rar
>
>
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> validateSystem works OK but the validate, doesn't.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.
> It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments. Maybe this happens because they are defined in another namespace and they have no prefix in the message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-67) Problems with namespaces prefixes when
encrypting or signing
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-67?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-67:
-----------------------------------
Attachment: (was: eclipse_projects.rar)
> Problems with namespaces prefixes when encrypting or signing
> ------------------------------------------------------------
>
> Key: RAMPART-67
> URL: https://issues.apache.org/jira/browse/RAMPART-67
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, Java 1.6, Tomcat 6.0
> Reporter: Jorge Fernández
> Priority: Blocker
>
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (RAMPART-67) Problems with namespaces prefixes
when encrypting or signing
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-67?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya reassigned RAMPART-67:
-------------------------------------------------
Assignee: Nandana Mihindukulasooriya
> Problems with namespaces prefixes when encrypting or signing
> ------------------------------------------------------------
>
> Key: RAMPART-67
> URL: https://issues.apache.org/jira/browse/RAMPART-67
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, Java 1.6, Tomcat 6.0
> Reporter: Jorge Fernández
> Assignee: Nandana Mihindukulasooriya
> Attachments: JIRA70.rar, WebServiceTest.rar
>
>
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> validateSystem works OK but the validate, doesn't.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.
> It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments. Maybe this happens because they are defined in another namespace and they have no prefix in the message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-67) Problems with namespaces prefixes when
encrypting or signing
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-67?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-67:
-----------------------------------
Attachment: (was: Webservice.rar)
> Problems with namespaces prefixes when encrypting or signing
> ------------------------------------------------------------
>
> Key: RAMPART-67
> URL: https://issues.apache.org/jira/browse/RAMPART-67
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, Java 1.6, Tomcat 6.0
> Reporter: Jorge Fernández
> Priority: Blocker
>
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.