[ http://issues.apache.org/jira/browse/AXIS-1458?page=comments#action_65910 ] Venkat Reddy commented on AXIS-1458: ------------------------------------
hi Yves, Could you run your tests again, or send me the minimal test case. I have run a test case for AXIS-1968, and seems the duplicate namespace decl are currently preserved by the current code in CVS. - venkat > Signature verification with WSS4J fails due to (guess) serialization bug in > Axis > -------------------------------------------------------------------------------- > > Key: AXIS-1458 > URL: http://issues.apache.org/jira/browse/AXIS-1458 > Project: Axis > Type: Bug > Components: Serialization/Deserialization > Versions: beta-1, beta-2 > Environment: SuSE 9.1, JDK 1.4.2-b28 > Reporter: Yves Langisch > Assignee: Venkat Reddy > > Here the problem description from my mail to the list: > ********************* > All, > I have following situation: > - Client with WSDoAllSender (just signing) > - Web Service with WSDOAllReceiver > Client-side I read an XML instance document, manipulate it and send it > over the signing handler to the web service. If I manipulate the > document then the verification fails server-side. This is very strange > since the signing process is at the very end of the handler chain. In > order to manipulate the document I transform the file to a JDOM > document, manipulate it, transform it back to a W3C document > and add it to the body of the envelope. It seems to be this transformation > from JDOM to W3C which causes the verification to fail at server-side. > Example: > <snip1> > InputStream i = new BufferedInputStream(new > FileInputStream(declaration)); > envelope.addBodyElement(new SOAPBodyElement(i)); > response = call.invoke(envelope) > </snip1> > <snip2> > // just do a transformation without any data manipulation > org.jdom.Document aSDDoc = > XMLHelper.getJDomDocumentFromFile(declaration); > org.w3c.dom.Document d = > XMLHelper.getW3CDocumentFromJDOMDocument(aSDDoc); > envelope.addBodyElement(new SOAPBodyElement(d.getDocumentElement())); > response = call.invoke(envelope) > </snip2> > The first one works fine (with Beta1, not with Beta2 -> same issue), the > second one fails at verification. Tracing the whole stuff I just found one > difference between the two calls. The second call has a duplicate namespace > entry (with beta2 both calls have these duplicate entries) in the body > element which is valid though: > <soapenv:Body wsu:Id="id-7719486" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><SDRequest > xmlns="http://xyz"; xmlns:ns1="http://xyz";> > The W3C document hasn't yet this duplicate namespace but the printout of the > envelope before invoking the call already has this duplicate namespace entry. > I saw that there are different forms of representation of content in the > SOAPEnvelope class thus I have the very vague guess that the digest > calculation is made on another representation (w/o the duplicate ns) than the > message which arrives at the other end. > Any ideas where problem could be? My mistake? Axis or WSS4 problem? > ************** -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
