You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Jorge Fernández (JIRA)" <ji...@apache.org> on 2007/08/09 17:57:42 UTC
[jira] Commented: (RAMPART-67) Problems with namespaces prefixes
when encrypting or signing
[ https://issues.apache.org/jira/browse/RAMPART-67?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518748 ]
Jorge Fernández commented on RAMPART-67:
----------------------------------------
The last part of the issue seems to be changed with new releases and now, inner elements have namespace prefixes but they are not recognised, throwing
rg.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> Problems with namespaces prefixes when encrypting or signing
> ------------------------------------------------------------
>
> Key: RAMPART-67
> URL: https://issues.apache.org/jira/browse/RAMPART-67
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, Java 1.6, Tomcat 6.0
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: JIRA70.rar, WebServiceTest.rar
>
>
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> validateSystem works OK but the validate, doesn't.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.
> It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments. Maybe this happens because they are defined in another namespace and they have no prefix in the message.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.