cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ross M. Lodge (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-3453) WS-Security signed headers fail when schema validation enabled
Date Wed, 01 Jun 2011 21:00:56 GMT

    [ https://issues.apache.org/jira/browse/CXF-3453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13042430#comment-13042430
] 

Ross M. Lodge commented on CXF-3453:
------------------------------------

I'm still seeing this problem for complex types (where the exception is cvc-complex-type.3.2.2),
both with 2.3.4 and 2.4 (and 2.4.1-SNAPSHOT and 2.3.4-SNAPSHOT).

> WS-Security signed headers fail when schema validation enabled
> --------------------------------------------------------------
>
>                 Key: CXF-3453
>                 URL: https://issues.apache.org/jira/browse/CXF-3453
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.3.1, 2.3.3
>            Reporter: Ross M. Lodge
>            Assignee: Daniel Kulp
>             Fix For: 2.4, 2.3.4
>
>         Attachments: SignedHeaderBug.zip
>
>
> After turning on schema validation on a web-service with headers that are signed, but
not encrypted, the schema validation fails because the "wsu:Id" is not allowed in the schema.
> I've seen two forms of this:  a complex type header fails with an error saying that the
"wsu:Id" attribute isn't allowed, and a simple type header fails saying that no attributes
are allowed (except for type, nill, schemaInstance, etc.).
> I think this is a bug, as I don't know anything in the WS-Security specs that would prevent
signing of simple type headers or prevent subsequent schema validation.
> I've worked around this by using complex types and adding "<xsd:anyAttribute namespace="##any"
processContents="skip"/>" to those types, but it doesn't seem like this should be necessary,
and doesn't fix the simple type problem.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message