axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "S.Uthaiyashankar (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (RAMPART-276) SignedEncryptedElements can incorrectly set the namespace of child xpaths during serialization
Date Tue, 21 Dec 2010 14:34:16 GMT

     [ https://issues.apache.org/jira/browse/RAMPART-276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

S.Uthaiyashankar resolved RAMPART-276.
--------------------------------------

       Resolution: Fixed
    Fix Version/s: NextVersion

Fixed in revision 1051508;

Thank you very much Dave Bryant for the patch. 

> SignedEncryptedElements can incorrectly set the namespace of child xpaths during serialization
> ----------------------------------------------------------------------------------------------
>
>                 Key: RAMPART-276
>                 URL: https://issues.apache.org/jira/browse/RAMPART-276
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-policy
>    Affects Versions: 1.5
>            Reporter: Dave Bryant
>            Assignee: S.Uthaiyashankar
>             Fix For: NextVersion
>
>
> If you create a security policy that includes signed or encrypted elements, where the
SignedEncryptedElements object contains multiple xpaths for specifying parts of the message
to sign/encrypt, and a namespace map to qualify the prefixes used in xpaths exists, then serializing
the SignedEncryptedElements object incorrectly sets the namespace URI for the second <sp:XPath>
element that is output.
> For example, if you specify two xpaths (xs:fred and rns1:bob) to be signed and setup
the namespace map appropriately to define the xs and rns1 prefixes, the second XPath element
is output using the xs prefix (the XML schema namespace) instead of the sp prefix (the security
policy namespace).
> {code:xml}
> <sp:SignedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>     <sp:XPath xmlns:rns1="http://www.orionhealth.com/rhapsody/2009/11/TestService">//xs:fred</sp:XPath>
>     <xs:XPath xmlns:rns1="http://www.orionhealth.com/rhapsody/2009/11/TestService">//rns1:bob</xs:XPath>
> </sp:SignedElements>
> {code}
> The problem was introduced in revision 76056 of SignedEncryptedElements.java (http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java?r1=653992&r2=760506)
where support was added to output the defined namespaces.  The problem is that the local variables
'prefix' and 'namespaceURI' is assigned when output the namespace map, and then that same
variable is reused to output the next XPath.
> A patch that resolves this problem is below:
> {code}
> Index: src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
> ===================================================================
> --- src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java	(revision
61550)
> +++ src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java	(working
copy)
> @@ -122,9 +122,9 @@
>              Iterator<String> namespaces = declaredNamespaces.keySet().iterator();
>  
>              while(namespaces.hasNext()) {
> -                prefix = (String) namespaces.next();
> -                namespaceURI = (String) declaredNamespaces.get(prefix);
> -                writer.writeNamespace(prefix,namespaceURI);
> +                final String declaredPrefix = (String) namespaces.next();
> +                final String declaredNamespaceURI = (String) declaredNamespaces.get(declaredPrefix);
> +                writer.writeNamespace(declaredPrefix,declaredNamespaceURI);
>              }
>  
>              writer.writeCharacters(xpathExpression);
> {code}

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message