You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-c-dev@ws.apache.org by "Russell Tempero (JIRA)" <ji...@apache.org> on 2009/11/24 16:41:39 UTC

[jira] Updated: (RAMPARTC-141) Rampart does not correctly parse a security header that has whitespace between elements

     [ https://issues.apache.org/jira/browse/RAMPARTC-141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Russell Tempero updated RAMPARTC-141:
-------------------------------------

    Attachment: security_header_whitespace.diff

I am attaching a partial fix for this issue that we have applied to our working copy. The patch only fixes this issue for the parts of the WS-Security specification that we need and is by no mean complete.

> Rampart does not correctly parse a security header that has whitespace between elements
> ---------------------------------------------------------------------------------------
>
>                 Key: RAMPARTC-141
>                 URL: https://issues.apache.org/jira/browse/RAMPARTC-141
>             Project: Rampart/C
>          Issue Type: Bug
>          Components: Rampart-core
>    Affects Versions: 1.3.0
>         Environment: $ gcc --version
> gcc (GCC) 4.2.2
> Copyright (C) 2007 Free Software Foundation, Inc.
> This is free software; see the source for copying conditions.  There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> $ ld --version
> GNU ld version 2.17.50.0.6-2.el5 20061020
> Copyright 2005 Free Software Foundation, Inc.
> This program is free software; you may redistribute it under the terms of
> the GNU General Public License.  This program has absolutely no warranty.
> $ uname -a
> Linux <hostname> 2.6.18-8.el5 #1 SMP Thu Mar 15 19:46:53 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux
>            Reporter: Russell Tempero
>            Assignee: Malinda Kaushalye Kapuruge
>         Attachments: security_header_whitespace.diff
>
>
> Rampart fails when parsing a SOAP security header that is formatted to contain whitespace. For example, the following will be processed correctly:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>     <soapenv:Header>
>         <wsse:Security soapenv:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wssu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken><wsse:Username>admin</wsse:Username><wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"></wsse:Password></wsse:UsernameToken></wsse:Security>
>     </soapenv:Header>
>    <soapenv:Body>
>     .
>     .
>     .
>    </soapenv:Body>
> </soapenv:Envelope>
> But this will not:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>     <soapenv:Header>
>         <wsse:Security soapenv:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wssu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>             <wsse:UsernameToken>
>                 <wsse:Username>admin</wsse:Username>
>                 <wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"></wsse:Password>
>             </wsse:UsernameToken>
>         </wsse:Security>
>     </soapenv:Header>
>    <soapenv:Body>
>     .
>     .
>     .
>    </soapenv:Body>
> </soapenv:Envelope>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.