cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Kulp (JIRA)" <>
Subject [jira] [Assigned] (CXF-3453) WS-Security signed headers fail when schema validation enabled
Date Mon, 11 Apr 2011 23:18:05 GMT


Daniel Kulp reassigned CXF-3453:

    Assignee: Daniel Kulp

> WS-Security signed headers fail when schema validation enabled
> --------------------------------------------------------------
>                 Key: CXF-3453
>                 URL:
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.3.1, 2.3.3
>            Reporter: Ross M. Lodge
>            Assignee: Daniel Kulp
>             Fix For: 2.4, 2.3.4
>         Attachments:
> After turning on schema validation on a web-service with headers that are signed, but
not encrypted, the schema validation fails because the "wsu:Id" is not allowed in the schema.
> I've seen two forms of this:  a complex type header fails with an error saying that the
"wsu:Id" attribute isn't allowed, and a simple type header fails saying that no attributes
are allowed (except for type, nill, schemaInstance, etc.).
> I think this is a bug, as I don't know anything in the WS-Security specs that would prevent
signing of simple type headers or prevent subsequent schema validation.
> I've worked around this by using complex types and adding "<xsd:anyAttribute namespace="##any"
processContents="skip"/>" to those types, but it doesn't seem like this should be necessary,
and doesn't fix the simple type problem.

This message is automatically generated by JIRA.
For more information on JIRA, see:

View raw message