axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Bacik (JIRA)" <axis-...@ws.apache.org>
Subject [jira] Commented: (AXIS-2497) Axis modifies SOAP request making digital signature invalid
Date Wed, 19 Jul 2006 11:45:14 GMT
    [ http://issues.apache.org/jira/browse/AXIS-2497?page=comments#action_12422091 ] 
            
Peter Bacik commented on AXIS-2497:
-----------------------------------

I have tried also Axis 1.4 and it behaves exactly the same as Aixis 1.3

> Axis modifies SOAP request making digital signature invalid
> -----------------------------------------------------------
>
>                 Key: AXIS-2497
>                 URL: http://issues.apache.org/jira/browse/AXIS-2497
>             Project: Apache Axis
>          Issue Type: Bug
>          Components: Basic Architecture
>    Affects Versions: 1.3
>         Environment: Windows XP Pro, SUSE Linux, Tomcat 5.0.28
>            Reporter: Peter Bacik
>            Priority: Critical
>
> I'm using Apache XMLSec 1.3.0 to validate signature of incoming SOAP requests on the
server side. XMLSec API is invoked from inside of Axis BasicHandler. Problem is, that Axis
modifies the request (removes new lines), which makes the digest value and therefore also
the signature invalid. 
> DisablePrettyXML flag is set to true.
> I sent the same SOAP request to the server using Axis 1.2 and Axis 1.3. Signature of
the message sent to Axis 1.2 was validated successfully, message sent to Axis 1.3 had invalid
signature.
> ------
> Message traced on the TCP (I removed the header):
> <?xml version="1.0" encoding="UTF-8"?>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header>...</soapenv:Header><soapenv:Body
Id="Body">
> <spml:addRequest xmlns:spml="urn:SPML:2:0">
> <object>
> <Key>12345678901234561234567890123456</Key>
> <Id>01234567890123456789</Id>
> </object>
> </spml:addRequest>
> </soapenv:Body></soapenv:Envelope>
> Message received by Axis 1.2:
> <?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header>...</soapenv:Header><soapenv:Body
Id="Body">
> <spml:addRequest xmlns:spml="urn:SPML:2:0">
> <object>
> <Key>12345678901234561234567890123456</Key>
> <Id>01234567890123456789</Id>
> </object>
> </spml:addRequest>
> </soapenv:Body></soapenv:Envelope>
> Message received by Axis 1.3:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Header>...</soapenv:Header><soapenv:Body
Id="Body"><spml:addRequest xmlns:spml="urn:SPML:2:0">
> <object>
> <Key>12345678901234561234567890123456</Key>
> <Id>01234567890123456789</Id>
> </object>
> </spml:addRequest></soapenv:Body></soapenv:Envelope>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org


Mime
View raw message