You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Aaron Gourley (JIRA)" <ji...@apache.org> on 2007/06/04 15:16:36 UTC
[jira] Created: (RAMPART-47) Not all encrypted elements are
extracted by
org.apache.rampart.ValidatorData:extractEncryptedPartInformation()
Not all encrypted elements are extracted by org.apache.rampart.ValidatorData:extractEncryptedPartInformation()
--------------------------------------------------------------------------------------------------------------
Key: RAMPART-47
URL: https://issues.apache.org/jira/browse/RAMPART-47
Project: Rampart
Issue Type: Bug
Components: rampart-core
Affects Versions: 1.2
Reporter: Aaron Gourley
Not all encrypted elements are being extracted properly in Rampart 1.2, and an exception was incorrectly thrown because Rampart thought that the body element was not encrypted. I noticed this when the server was processing a message that had the UsernameToken and the Body encrypted. I used the Rampart 1.0 configuration on the client side to encrypt the UsernameToken element, and the policy.xml file that I used is included at the end of this JIRA for the server side. I used the EncryptedElements assertion in the policy.xml (which I am aware is not supported yet). Since I think I found a way to fix it I am reporting the problem with a proposed solution.
This was the server-side exception:
org.apache.axis2.AxisFault: Missing encryption result for id : null
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:81)
at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
Caused by: org.apache.rampart.RampartException: Missing encryption result for id : null
at org.apache.rampart.PolicyBasedResultsValidator.validateEncryptedParts(PolicyBasedResultsValidator.java:317)
at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:84)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
... 22 more
This is the code change that I made to fix the problem (in org.apache.rampart.ValidatorData):
private void extractEncryptedPartInformation() {
Node start = rmd.getDocument().getDocumentElement();
while(start != null) {
Element elem = (Element) WSSecurityUtil.findElement(start,
EncryptionConstants._TAG_ENCRYPTEDDATA, WSConstants.ENC_NS);
if(elem != null) {
Element parentElem = (Element)elem.getParentNode();
if(parentElem != null && parentElem.getLocalName().equals(SOAP11Constants.BODY_LOCAL_NAME) &&
parentElem.getNamespaceURI().equals(rmd.getSoapConstants().getEnvelopeURI())) {
this.bodyEncrDataId = elem.getAttribute("Id");
} else {
encryptedDataRefIds.add(elem.getAttribute("Id"));
}
start = elem;
}
// Find new starting point by traversing up the nodes to:
// Case 1: The root
// Case 2: The nearest ancestor with a next sibling
while( start != null && start.getNextSibling() == null )
{
start = start.getParentNode();
}
start = start != null ? start.getNextSibling() : null;
}
}
An example of a message that caused this failure is attached. The only element processed by the extractEncryptedPartInformation() method was /soapenv:Envelope/soapenv:Header/soapenv:Security/xenc:EncryptedData. The body was not processed later because 'start' was prematurely set to null.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (RAMPART-47) Not all encrypted elements are
extracted by
org.apache.rampart.ValidatorData:extractEncryptedPartInformation()
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-47?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya resolved RAMPART-47.
-----------------------------------------------
Resolution: Fixed
This fixed in the Rampart trunk. Checked the given policy with revision 612732.
> Not all encrypted elements are extracted by org.apache.rampart.ValidatorData:extractEncryptedPartInformation()
> --------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-47
> URL: https://issues.apache.org/jira/browse/RAMPART-47
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.2, 1.3
> Reporter: Aaron Gourley
> Attachments: ValidatorDataProblem-Message.xml, ValidatorDataProblem-policy.xml
>
>
> Not all encrypted elements are being extracted properly in Rampart 1.2, and an exception was incorrectly thrown because Rampart thought that the body element was not encrypted. I noticed this when the server was processing a message that had the UsernameToken and the Body encrypted. I used the Rampart 1.0 configuration on the client side to encrypt the UsernameToken element, and the policy.xml file that I used is included at the end of this JIRA for the server side. I used the EncryptedElements assertion in the policy.xml (which I am aware is not supported yet). Since I think I found a way to fix it I am reporting the problem with a proposed solution.
> This was the server-side exception:
> org.apache.axis2.AxisFault: Missing encryption result for id : null
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:81)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> at java.lang.Thread.run(Thread.java:595)
> Caused by: org.apache.rampart.RampartException: Missing encryption result for id : null
> at org.apache.rampart.PolicyBasedResultsValidator.validateEncryptedParts(PolicyBasedResultsValidator.java:317)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:84)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> ... 22 more
> This is the code change that I made to fix the problem (in org.apache.rampart.ValidatorData):
>
> private void extractEncryptedPartInformation() {
> Node start = rmd.getDocument().getDocumentElement();
> while(start != null) {
> Element elem = (Element) WSSecurityUtil.findElement(start,
> EncryptionConstants._TAG_ENCRYPTEDDATA, WSConstants.ENC_NS);
> if(elem != null) {
> Element parentElem = (Element)elem.getParentNode();
> if(parentElem != null && parentElem.getLocalName().equals(SOAP11Constants.BODY_LOCAL_NAME) &&
> parentElem.getNamespaceURI().equals(rmd.getSoapConstants().getEnvelopeURI())) {
> this.bodyEncrDataId = elem.getAttribute("Id");
> } else {
> encryptedDataRefIds.add(elem.getAttribute("Id"));
> }
> start = elem;
> }
>
> // Find new starting point by traversing up the nodes to:
> // Case 1: The root
> // Case 2: The nearest ancestor with a next sibling
> while( start != null && start.getNextSibling() == null )
> {
> start = start.getParentNode();
> }
> start = start != null ? start.getNextSibling() : null;
> }
> }
> An example of a message that caused this failure is attached. The only element processed by the extractEncryptedPartInformation() method was /soapenv:Envelope/soapenv:Header/soapenv:Security/xenc:EncryptedData. The body was not processed later because 'start' was prematurely set to null.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-47) Not all encrypted elements are
extracted by
org.apache.rampart.ValidatorData:extractEncryptedPartInformation()
Posted by "Aaron Gourley (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-47?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aaron Gourley updated RAMPART-47:
---------------------------------
Attachment: ValidatorDataProblem-policy.xml
Server's policy.xml file.
> Not all encrypted elements are extracted by org.apache.rampart.ValidatorData:extractEncryptedPartInformation()
> --------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-47
> URL: https://issues.apache.org/jira/browse/RAMPART-47
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.2
> Reporter: Aaron Gourley
> Attachments: ValidatorDataProblem-Message.xml, ValidatorDataProblem-policy.xml
>
>
> Not all encrypted elements are being extracted properly in Rampart 1.2, and an exception was incorrectly thrown because Rampart thought that the body element was not encrypted. I noticed this when the server was processing a message that had the UsernameToken and the Body encrypted. I used the Rampart 1.0 configuration on the client side to encrypt the UsernameToken element, and the policy.xml file that I used is included at the end of this JIRA for the server side. I used the EncryptedElements assertion in the policy.xml (which I am aware is not supported yet). Since I think I found a way to fix it I am reporting the problem with a proposed solution.
> This was the server-side exception:
> org.apache.axis2.AxisFault: Missing encryption result for id : null
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:81)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> at java.lang.Thread.run(Thread.java:595)
> Caused by: org.apache.rampart.RampartException: Missing encryption result for id : null
> at org.apache.rampart.PolicyBasedResultsValidator.validateEncryptedParts(PolicyBasedResultsValidator.java:317)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:84)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> ... 22 more
> This is the code change that I made to fix the problem (in org.apache.rampart.ValidatorData):
>
> private void extractEncryptedPartInformation() {
> Node start = rmd.getDocument().getDocumentElement();
> while(start != null) {
> Element elem = (Element) WSSecurityUtil.findElement(start,
> EncryptionConstants._TAG_ENCRYPTEDDATA, WSConstants.ENC_NS);
> if(elem != null) {
> Element parentElem = (Element)elem.getParentNode();
> if(parentElem != null && parentElem.getLocalName().equals(SOAP11Constants.BODY_LOCAL_NAME) &&
> parentElem.getNamespaceURI().equals(rmd.getSoapConstants().getEnvelopeURI())) {
> this.bodyEncrDataId = elem.getAttribute("Id");
> } else {
> encryptedDataRefIds.add(elem.getAttribute("Id"));
> }
> start = elem;
> }
>
> // Find new starting point by traversing up the nodes to:
> // Case 1: The root
> // Case 2: The nearest ancestor with a next sibling
> while( start != null && start.getNextSibling() == null )
> {
> start = start.getParentNode();
> }
> start = start != null ? start.getNextSibling() : null;
> }
> }
> An example of a message that caused this failure is attached. The only element processed by the extractEncryptedPartInformation() method was /soapenv:Envelope/soapenv:Header/soapenv:Security/xenc:EncryptedData. The body was not processed later because 'start' was prematurely set to null.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-47) Not all encrypted elements are
extracted by
org.apache.rampart.ValidatorData:extractEncryptedPartInformation()
Posted by "Aaron Gourley (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-47?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aaron Gourley updated RAMPART-47:
---------------------------------
Attachment: ValidatorDataProblem-Message.xml
Sample SOAP message exploiting the problem.
> Not all encrypted elements are extracted by org.apache.rampart.ValidatorData:extractEncryptedPartInformation()
> --------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-47
> URL: https://issues.apache.org/jira/browse/RAMPART-47
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.2
> Reporter: Aaron Gourley
> Attachments: ValidatorDataProblem-Message.xml, ValidatorDataProblem-policy.xml
>
>
> Not all encrypted elements are being extracted properly in Rampart 1.2, and an exception was incorrectly thrown because Rampart thought that the body element was not encrypted. I noticed this when the server was processing a message that had the UsernameToken and the Body encrypted. I used the Rampart 1.0 configuration on the client side to encrypt the UsernameToken element, and the policy.xml file that I used is included at the end of this JIRA for the server side. I used the EncryptedElements assertion in the policy.xml (which I am aware is not supported yet). Since I think I found a way to fix it I am reporting the problem with a proposed solution.
> This was the server-side exception:
> org.apache.axis2.AxisFault: Missing encryption result for id : null
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:81)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> at java.lang.Thread.run(Thread.java:595)
> Caused by: org.apache.rampart.RampartException: Missing encryption result for id : null
> at org.apache.rampart.PolicyBasedResultsValidator.validateEncryptedParts(PolicyBasedResultsValidator.java:317)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:84)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> ... 22 more
> This is the code change that I made to fix the problem (in org.apache.rampart.ValidatorData):
>
> private void extractEncryptedPartInformation() {
> Node start = rmd.getDocument().getDocumentElement();
> while(start != null) {
> Element elem = (Element) WSSecurityUtil.findElement(start,
> EncryptionConstants._TAG_ENCRYPTEDDATA, WSConstants.ENC_NS);
> if(elem != null) {
> Element parentElem = (Element)elem.getParentNode();
> if(parentElem != null && parentElem.getLocalName().equals(SOAP11Constants.BODY_LOCAL_NAME) &&
> parentElem.getNamespaceURI().equals(rmd.getSoapConstants().getEnvelopeURI())) {
> this.bodyEncrDataId = elem.getAttribute("Id");
> } else {
> encryptedDataRefIds.add(elem.getAttribute("Id"));
> }
> start = elem;
> }
>
> // Find new starting point by traversing up the nodes to:
> // Case 1: The root
> // Case 2: The nearest ancestor with a next sibling
> while( start != null && start.getNextSibling() == null )
> {
> start = start.getParentNode();
> }
> start = start != null ? start.getNextSibling() : null;
> }
> }
> An example of a message that caused this failure is attached. The only element processed by the extractEncryptedPartInformation() method was /soapenv:Envelope/soapenv:Header/soapenv:Security/xenc:EncryptedData. The body was not processed later because 'start' was prematurely set to null.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-47) Not all encrypted elements are
extracted by
org.apache.rampart.ValidatorData:extractEncryptedPartInformation()
Posted by "Aaron Gourley (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-47?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aaron Gourley updated RAMPART-47:
---------------------------------
Affects Version/s: 1.3
> Not all encrypted elements are extracted by org.apache.rampart.ValidatorData:extractEncryptedPartInformation()
> --------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-47
> URL: https://issues.apache.org/jira/browse/RAMPART-47
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.2, 1.3
> Reporter: Aaron Gourley
> Attachments: ValidatorDataProblem-Message.xml, ValidatorDataProblem-policy.xml
>
>
> Not all encrypted elements are being extracted properly in Rampart 1.2, and an exception was incorrectly thrown because Rampart thought that the body element was not encrypted. I noticed this when the server was processing a message that had the UsernameToken and the Body encrypted. I used the Rampart 1.0 configuration on the client side to encrypt the UsernameToken element, and the policy.xml file that I used is included at the end of this JIRA for the server side. I used the EncryptedElements assertion in the policy.xml (which I am aware is not supported yet). Since I think I found a way to fix it I am reporting the problem with a proposed solution.
> This was the server-side exception:
> org.apache.axis2.AxisFault: Missing encryption result for id : null
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:81)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> at java.lang.Thread.run(Thread.java:595)
> Caused by: org.apache.rampart.RampartException: Missing encryption result for id : null
> at org.apache.rampart.PolicyBasedResultsValidator.validateEncryptedParts(PolicyBasedResultsValidator.java:317)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:84)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> ... 22 more
> This is the code change that I made to fix the problem (in org.apache.rampart.ValidatorData):
>
> private void extractEncryptedPartInformation() {
> Node start = rmd.getDocument().getDocumentElement();
> while(start != null) {
> Element elem = (Element) WSSecurityUtil.findElement(start,
> EncryptionConstants._TAG_ENCRYPTEDDATA, WSConstants.ENC_NS);
> if(elem != null) {
> Element parentElem = (Element)elem.getParentNode();
> if(parentElem != null && parentElem.getLocalName().equals(SOAP11Constants.BODY_LOCAL_NAME) &&
> parentElem.getNamespaceURI().equals(rmd.getSoapConstants().getEnvelopeURI())) {
> this.bodyEncrDataId = elem.getAttribute("Id");
> } else {
> encryptedDataRefIds.add(elem.getAttribute("Id"));
> }
> start = elem;
> }
>
> // Find new starting point by traversing up the nodes to:
> // Case 1: The root
> // Case 2: The nearest ancestor with a next sibling
> while( start != null && start.getNextSibling() == null )
> {
> start = start.getParentNode();
> }
> start = start != null ? start.getNextSibling() : null;
> }
> }
> An example of a message that caused this failure is attached. The only element processed by the extractEncryptedPartInformation() method was /soapenv:Envelope/soapenv:Header/soapenv:Security/xenc:EncryptedData. The body was not processed later because 'start' was prematurely set to null.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (RAMPART-47) Not all encrypted
elements are extracted by
org.apache.rampart.ValidatorData:extractEncryptedPartInformation()
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-47?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12560208#action_12560208 ]
nandana.cse edited comment on RAMPART-47 at 1/17/08 7:39 PM:
----------------------------------------------------------------------------
This is fixed in the Rampart trunk. Checked the given policy with revision 612732.
was (Author: nandana.cse):
This fixed in the Rampart trunk. Checked the given policy with revision 612732.
> Not all encrypted elements are extracted by org.apache.rampart.ValidatorData:extractEncryptedPartInformation()
> --------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-47
> URL: https://issues.apache.org/jira/browse/RAMPART-47
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.2, 1.3
> Reporter: Aaron Gourley
> Attachments: ValidatorDataProblem-Message.xml, ValidatorDataProblem-policy.xml
>
>
> Not all encrypted elements are being extracted properly in Rampart 1.2, and an exception was incorrectly thrown because Rampart thought that the body element was not encrypted. I noticed this when the server was processing a message that had the UsernameToken and the Body encrypted. I used the Rampart 1.0 configuration on the client side to encrypt the UsernameToken element, and the policy.xml file that I used is included at the end of this JIRA for the server side. I used the EncryptedElements assertion in the policy.xml (which I am aware is not supported yet). Since I think I found a way to fix it I am reporting the problem with a proposed solution.
> This was the server-side exception:
> org.apache.axis2.AxisFault: Missing encryption result for id : null
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:81)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> at java.lang.Thread.run(Thread.java:595)
> Caused by: org.apache.rampart.RampartException: Missing encryption result for id : null
> at org.apache.rampart.PolicyBasedResultsValidator.validateEncryptedParts(PolicyBasedResultsValidator.java:317)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:84)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> ... 22 more
> This is the code change that I made to fix the problem (in org.apache.rampart.ValidatorData):
>
> private void extractEncryptedPartInformation() {
> Node start = rmd.getDocument().getDocumentElement();
> while(start != null) {
> Element elem = (Element) WSSecurityUtil.findElement(start,
> EncryptionConstants._TAG_ENCRYPTEDDATA, WSConstants.ENC_NS);
> if(elem != null) {
> Element parentElem = (Element)elem.getParentNode();
> if(parentElem != null && parentElem.getLocalName().equals(SOAP11Constants.BODY_LOCAL_NAME) &&
> parentElem.getNamespaceURI().equals(rmd.getSoapConstants().getEnvelopeURI())) {
> this.bodyEncrDataId = elem.getAttribute("Id");
> } else {
> encryptedDataRefIds.add(elem.getAttribute("Id"));
> }
> start = elem;
> }
>
> // Find new starting point by traversing up the nodes to:
> // Case 1: The root
> // Case 2: The nearest ancestor with a next sibling
> while( start != null && start.getNextSibling() == null )
> {
> start = start.getParentNode();
> }
> start = start != null ? start.getNextSibling() : null;
> }
> }
> An example of a message that caused this failure is attached. The only element processed by the extractEncryptedPartInformation() method was /soapenv:Envelope/soapenv:Header/soapenv:Security/xenc:EncryptedData. The body was not processed later because 'start' was prematurely set to null.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.