cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ross M. Lodge (JIRA)" <>
Subject [jira] [Created] (CXF-3453) WS-Security signed headers fail when schema validation enabled
Date Mon, 11 Apr 2011 20:09:06 GMT
WS-Security signed headers fail when schema validation enabled

                 Key: CXF-3453
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 2.3.3, 2.3.1
            Reporter: Ross M. Lodge

After turning on schema validation on a web-service with headers that are signed, but not
encrypted, the schema validation fails because the "wsu:Id" is not allowed in the schema.

I've seen two forms of this:  a complex type header fails with an error saying that the "wsu:Id"
attribute isn't allowed, and a simple type header fails saying that no attributes are allowed
(except for type, nill, schemaInstance, etc.).

I think this is a bug, as I don't know anything in the WS-Security specs that would prevent
signing of simple type headers or prevent subsequent schema validation.

I've worked around this by using complex types and adding "<xsd:anyAttribute namespace="##any"
processContents="skip"/>" to those types, but it doesn't seem like this should be necessary,
and doesn't fix the simple type problem.

This message is automatically generated by JIRA.
For more information on JIRA, see:

View raw message