ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "martin voegeli (JIRA)" <j...@apache.org>
Subject [jira] Created: (WSS-235) xmlsec/1.4.3 not compatible with xmlbeans/2.4.0, resulting in NullPointerException in IdResolver, more robustness would help
Date Thu, 08 Jul 2010 06:54:49 GMT
xmlsec/1.4.3 not compatible with xmlbeans/2.4.0, resulting in NullPointerException in IdResolver,
more robustness would help
----------------------------------------------------------------------------------------------------------------------------

                 Key: WSS-235
                 URL: https://issues.apache.org/jira/browse/WSS-235
             Project: WSS4J
          Issue Type: Wish
         Environment: xmm security structure generated with xmlbeans, verified with xmlsec.
            Reporter: martin voegeli
            Assignee: Ruchith Udayanga Fernando
            Priority: Minor


IdResolver.java was refactored from release xmlsec/1.3.0 to xmlsec/1.4.3.
(I know, not part of wss4j, but xmlsec seams to be a sub-component here).

Symptoms:
java.lang.NullPointerException
    at org.apache.xml.security.utils.IdResolver.isElement(Unknown Source)
    at org.apache.xml.security.utils.IdResolver.getEl(Unknown Source)
    at org.apache.xml.security.utils.IdResolver.getElementBySearching(Unknown Source)
    at org.apache.xml.security.utils.IdResolver.getElementById(Unknown Source)
    at org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineResolve(Unknown
Source)
    at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)

Problem: 
Under certain circumstances, the ID attribute of an XML node in the XMLBeans DOM implementation
is treated as !nodeCanHavePrefixUri (which might not be DOM specification compliant, but never
mind). The Id Resolver code does not expect this behavior

xmlbenas/2.4.0 org.apache.xmlbeans.impl.store.DomImpl
    public static String _node_getLocalName ( Dom n )
    {
        if (! n.nodeCanHavePrefixUri() ) return null;
        QName name = n.getQName();
        return name == null ? "" : name.getLocalPart();
    }

xml-security/1.4.3 org.apache.xml.security.utils.IdResolver:
Suggested robustness optimization near line 247:
            String name=n.getLocalName();
            if (name == null) { name = n.getName(); }           <<<

Changing xmlbeans to not return null as a local name might be the better solution but that
change seems somewhat risky.

thanks
martin







-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message