ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Help Error using WSS4j
Date Wed, 21 Jul 2010 16:37:58 GMT
Hi,

> In the code they compared two strings with the '=' operator, and not the
> equals(), check this bugged code in the jar src:

This is not a bug. The namespaces are assumed to be interned, which is
what most DOM parsers do, and so checking strings for equality using
"==" should work fine. This may change in a future (major) release of
XML Security, as we/they should possibly default to a more robust
solution.

Colm.

On Thu, Jul 15, 2010 at 1:23 PM, Ricuzzo <ricuzzo@gmail.com> wrote:
>
>
> Hi, Although it is an old post, i wanted to help solving this problem for
> all Java Developers dont waste their time as much as i did. I founda couple
> of the multiple reasons this error can happend, i  got solved.
> I use Weblogic 8.1 and Java 1.4. For some reasons I think if works fine for
> java 1.6 (maybe because some changes in the '=' operator in java 1.6). All
> the problems have the same root, 'it cannot read the resource/config.xml'
> file in the xmlsec.jar
>
> 1) First. Make sure you have permissions in your com.puter for reading doc.s
> inside the java project. The problem is in xmlsec.java, not in WSS4J. You
> can find inside the jar the following code:
> Class: org.apache.xml.security.Init;
>
> InputStream is = (InputStream) AccessController.doPrivileged(
> new PrivilegedAction() {
>        public Object run() {
>        String cfile =
> System.getProperty("org.apache.xml.security.resource.config");
>        return getClass().getResourceAsStream(cfile != null ? cfile :
> "resource/config.xml");
>                                                          
                                         }
>        });
>
> So make sure you have the priviledges for getting access to the config.xml
>
> 2) This one you gonna love it: The version xmlsec-1.4.3 and 1.4.1 ( dont
> know in 1.3 too) have a bug, a very big bug, wich prevents you from reading
> the file config.xml, in wich all the algoritms and java classes for
> encrypting are specified.
> Thebug is in  this Class: org.apache.xml.security.utils.ElementCheckerImpl;
>
> In the code they compared two strings with the '=' operator, and not the
> equals(), check this bugged code in the jar src:
>
> public boolean isNamespaceElement(Node el, String type, String ns) {
>                if ((el == null) ||
>        ¡¡¡¡Comparing strings with the != operator!!!!! -->
>
>         ns!=el.getNamespaceURI() || !el.getLocalName().equals(type)){
>                   return false;
>                }
>
>                return true;
>        }
>
>  Just change it: ns!=el.getNamespaceURI()   -->
> !ns.equals(el.getNamespaceURI())
>
> It will probably make your code work.
>
> Hope it helps. Good luck.
>
>
> --
> View this message in context: http://old.nabble.com/Help-Error-using-WSS4j-tp24920678p29172291.html
> Sent from the WSS4J mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message