You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-c-dev@ws.apache.org by "Russell Tempero (JIRA)" <ji...@apache.org> on 2009/11/24 16:41:39 UTC
[jira] Updated: (RAMPARTC-141) Rampart does not correctly parse a
security header that has whitespace between elements
[ https://issues.apache.org/jira/browse/RAMPARTC-141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Russell Tempero updated RAMPARTC-141:
-------------------------------------
Attachment: security_header_whitespace.diff
I am attaching a partial fix for this issue that we have applied to our working copy. The patch only fixes this issue for the parts of the WS-Security specification that we need and is by no mean complete.
> Rampart does not correctly parse a security header that has whitespace between elements
> ---------------------------------------------------------------------------------------
>
> Key: RAMPARTC-141
> URL: https://issues.apache.org/jira/browse/RAMPARTC-141
> Project: Rampart/C
> Issue Type: Bug
> Components: Rampart-core
> Affects Versions: 1.3.0
> Environment: $ gcc --version
> gcc (GCC) 4.2.2
> Copyright (C) 2007 Free Software Foundation, Inc.
> This is free software; see the source for copying conditions. There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> $ ld --version
> GNU ld version 2.17.50.0.6-2.el5 20061020
> Copyright 2005 Free Software Foundation, Inc.
> This program is free software; you may redistribute it under the terms of
> the GNU General Public License. This program has absolutely no warranty.
> $ uname -a
> Linux <hostname> 2.6.18-8.el5 #1 SMP Thu Mar 15 19:46:53 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux
> Reporter: Russell Tempero
> Assignee: Malinda Kaushalye Kapuruge
> Attachments: security_header_whitespace.diff
>
>
> Rampart fails when parsing a SOAP security header that is formatted to contain whitespace. For example, the following will be processed correctly:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soapenv:Header>
> <wsse:Security soapenv:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wssu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken><wsse:Username>admin</wsse:Username><wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"></wsse:Password></wsse:UsernameToken></wsse:Security>
> </soapenv:Header>
> <soapenv:Body>
> .
> .
> .
> </soapenv:Body>
> </soapenv:Envelope>
> But this will not:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soapenv:Header>
> <wsse:Security soapenv:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wssu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <wsse:UsernameToken>
> <wsse:Username>admin</wsse:Username>
> <wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"></wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
> <soapenv:Body>
> .
> .
> .
> </soapenv:Body>
> </soapenv:Envelope>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.