You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Andreas Triebel (JIRA)" <ji...@apache.org> on 2012/11/05 13:10:12 UTC
[jira] [Created] (CXF-4612) SAML assertion element is not imported
into SecurtyHeader document
Andreas Triebel created CXF-4612:
------------------------------------
Summary: SAML assertion element is not imported into SecurtyHeader document
Key: CXF-4612
URL: https://issues.apache.org/jira/browse/CXF-4612
Project: CXF
Issue Type: Bug
Components: JAX-WS Runtime
Reporter: Andreas Triebel
If org.apache.ws.security.saml.ext.SAMLCallback.setAssertionElement() is used to set the assertion element a DOMException exception is thrown in the policy handler using the assertion element.
This is due to a missing import of the SAML assertion into the SecurityHeader in org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSignatureParts().
Stacktrace:
Caused by: org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR: A node is used in a different document than the one that created it.
at org.apache.xerces.dom.ParentNode.internalInsertBefore(ParentNode.java:351)
at org.apache.xerces.dom.ParentNode.insertBefore(ParentNode.java:283)
at org.apache.xerces.dom.NodeImpl.appendChild(NodeImpl.java:236)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.insertAfter(AbstractBindingBuilder.java:190)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingElement(AbstractBindingBuilder.java:232)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSignatureParts(AbstractBindingBuilder.java:698)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingTokens(AbstractBindingBuilder.java:2126)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:144)
at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:98)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:165)
at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:89)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134
... 18 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (CXF-4612) SAML assertion element is not imported
into SecurityHeader document
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4612?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh reassigned CXF-4612:
----------------------------------------
Assignee: Colm O hEigeartaigh
> SAML assertion element is not imported into SecurityHeader document
> -------------------------------------------------------------------
>
> Key: CXF-4612
> URL: https://issues.apache.org/jira/browse/CXF-4612
> Project: CXF
> Issue Type: Bug
> Components: JAX-WS Runtime
> Reporter: Andreas Triebel
> Assignee: Colm O hEigeartaigh
> Labels: patch, security
>
> If org.apache.ws.security.saml.ext.SAMLCallback.setAssertionElement() is used to set the assertion element a DOMException exception is thrown in the policy handler using the assertion element.
> This is due to a missing import of the SAML assertion into the SecurityHeader in org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSignatureParts().
> Stacktrace:
> Caused by: org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR: A node is used in a different document than the one that created it.
> at org.apache.xerces.dom.ParentNode.internalInsertBefore(ParentNode.java:351)
> at org.apache.xerces.dom.ParentNode.insertBefore(ParentNode.java:283)
> at org.apache.xerces.dom.NodeImpl.appendChild(NodeImpl.java:236)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.insertAfter(AbstractBindingBuilder.java:190)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingElement(AbstractBindingBuilder.java:232)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSignatureParts(AbstractBindingBuilder.java:698)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingTokens(AbstractBindingBuilder.java:2126)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:144)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:98)
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:165)
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:89)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134
> ... 18 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CXF-4612) SAML assertion element is not imported
into SecurityHeader document
Posted by "Andreas Triebel (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4612?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andreas Triebel updated CXF-4612:
---------------------------------
Summary: SAML assertion element is not imported into SecurityHeader document (was: SAML assertion element is not imported into SecurtyHeader document)
> SAML assertion element is not imported into SecurityHeader document
> -------------------------------------------------------------------
>
> Key: CXF-4612
> URL: https://issues.apache.org/jira/browse/CXF-4612
> Project: CXF
> Issue Type: Bug
> Components: JAX-WS Runtime
> Reporter: Andreas Triebel
> Labels: patch, security
>
> If org.apache.ws.security.saml.ext.SAMLCallback.setAssertionElement() is used to set the assertion element a DOMException exception is thrown in the policy handler using the assertion element.
> This is due to a missing import of the SAML assertion into the SecurityHeader in org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSignatureParts().
> Stacktrace:
> Caused by: org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR: A node is used in a different document than the one that created it.
> at org.apache.xerces.dom.ParentNode.internalInsertBefore(ParentNode.java:351)
> at org.apache.xerces.dom.ParentNode.insertBefore(ParentNode.java:283)
> at org.apache.xerces.dom.NodeImpl.appendChild(NodeImpl.java:236)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.insertAfter(AbstractBindingBuilder.java:190)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingElement(AbstractBindingBuilder.java:232)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSignatureParts(AbstractBindingBuilder.java:698)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingTokens(AbstractBindingBuilder.java:2126)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:144)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:98)
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:165)
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:89)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134
> ... 18 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CXF-4612) SAML assertion element is not imported
into SecurityHeader document
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4612?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved CXF-4612.
--------------------------------------
Resolution: Fixed
> SAML assertion element is not imported into SecurityHeader document
> -------------------------------------------------------------------
>
> Key: CXF-4612
> URL: https://issues.apache.org/jira/browse/CXF-4612
> Project: CXF
> Issue Type: Bug
> Components: JAX-WS Runtime
> Affects Versions: 2.5.6, 2.6.3, 2.7.0
> Reporter: Andreas Triebel
> Assignee: Colm O hEigeartaigh
> Labels: patch, security
> Fix For: 2.5.7, 2.6.4, 2.7.1
>
>
> If org.apache.ws.security.saml.ext.SAMLCallback.setAssertionElement() is used to set the assertion element a DOMException exception is thrown in the policy handler using the assertion element.
> This is due to a missing import of the SAML assertion into the SecurityHeader in org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSignatureParts().
> Stacktrace:
> Caused by: org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR: A node is used in a different document than the one that created it.
> at org.apache.xerces.dom.ParentNode.internalInsertBefore(ParentNode.java:351)
> at org.apache.xerces.dom.ParentNode.insertBefore(ParentNode.java:283)
> at org.apache.xerces.dom.NodeImpl.appendChild(NodeImpl.java:236)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.insertAfter(AbstractBindingBuilder.java:190)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingElement(AbstractBindingBuilder.java:232)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSignatureParts(AbstractBindingBuilder.java:698)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingTokens(AbstractBindingBuilder.java:2126)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:144)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:98)
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:165)
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:89)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134
> ... 18 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CXF-4612) SAML assertion element is not imported
into SecurityHeader document
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4612?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated CXF-4612:
-------------------------------------
Affects Version/s: 2.5.6
2.6.3
2.7.0
Fix Version/s: 2.7.1
2.6.4
2.5.7
> SAML assertion element is not imported into SecurityHeader document
> -------------------------------------------------------------------
>
> Key: CXF-4612
> URL: https://issues.apache.org/jira/browse/CXF-4612
> Project: CXF
> Issue Type: Bug
> Components: JAX-WS Runtime
> Affects Versions: 2.5.6, 2.6.3, 2.7.0
> Reporter: Andreas Triebel
> Assignee: Colm O hEigeartaigh
> Labels: patch, security
> Fix For: 2.5.7, 2.6.4, 2.7.1
>
>
> If org.apache.ws.security.saml.ext.SAMLCallback.setAssertionElement() is used to set the assertion element a DOMException exception is thrown in the policy handler using the assertion element.
> This is due to a missing import of the SAML assertion into the SecurityHeader in org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSignatureParts().
> Stacktrace:
> Caused by: org.w3c.dom.DOMException: WRONG_DOCUMENT_ERR: A node is used in a different document than the one that created it.
> at org.apache.xerces.dom.ParentNode.internalInsertBefore(ParentNode.java:351)
> at org.apache.xerces.dom.ParentNode.insertBefore(ParentNode.java:283)
> at org.apache.xerces.dom.NodeImpl.appendChild(NodeImpl.java:236)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.insertAfter(AbstractBindingBuilder.java:190)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingElement(AbstractBindingBuilder.java:232)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSignatureParts(AbstractBindingBuilder.java:698)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.addSupportingTokens(AbstractBindingBuilder.java:2126)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doSignBeforeEncrypt(AsymmetricBindingHandler.java:144)
> at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:98)
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:165)
> at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:89)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134
> ... 18 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira