Hi
I have ran into the following issue. I am not sure if it is due to my
incompetence or that it is possibly a bug in apache-axis, I thought it
would be worth mentioning anyway.....
I'm trying to invoke a remote method via SOAP and I try to pass it a bit
of XML as parameters. I have the XML available as DOM tree. If I insert
the DOM tree into the SOAP part via the importNode() method, the
namespaces get screwed up. The original XML looks like:
<ns1:elem1 xmlns:ns1="uri1" xmlns:ns2="uri2" xmlns:ns3="uri3">
<ns2:child1 />
<ns2:child1>
<ns3:grandchild1 />
</ns2:child1/>
</ns1:elem1>
When sending the SOAP message across, the following XML goes over the
wire:
<ns1:elem1 xmlns:ns1="uri1" xmlns:ns2="uri2" xmlns:ns3="uri3">
<ns2:child1 xmlns:ns2=""/>
<ns2:child1 xmlns:ns2="">
<ns3:grandchild1 xmlns:ns3=""/>
</ns2:child1/>
</ns1:elem1>
This XML immediately generates an exception on the receiver side as the
namespace URIs defined as "" are not valid. After 3 days of digging
around, I found out that there is a problem with the DOM tree I try to
import. It turned out that the DOM tree was not namespace aware. As soon
as I managed to get a DOM tree that is namespace aware, the SOAP message
is correct. (I used DOM trees obtained from various sources, parsed from
file, converted from JDOM, quite bizarre that all of them appear not to
be namespace aware.)
While finding this problem, I used a debugger to step through the code
to try to find where it went wrong. In doing so, I found a point in the
Call.java class that may be bug, or it may only look like a bug to me as
a result of my erroneous DOM tree. The point is in the method "public
void invoke() throws AxisFault". The snippet below illustrates is from
this method. The point where the bug might be is the second if
statement:
if (body != null) {
if ( body.getNamespaceURI() == null ) {
throw new AxisFault("Call.invoke",
Messages.getMessage("cantInvoke00", body.getName()),
null, null);
} else {
msgContext.setTargetService(body.getNamespaceURI());
}
}
A test is done to see where if the body has a namespace URI. This is
done by testing body.getNamespaceURI() == null. However in my particular
case, the namespace URI wouldn't be null but an empty string. Shouldn't
there also be tested for that? Probably it is wrong to have the
namespace set to "", so shouldn't it be treated the same as if it was
null, or maybe, as it wrong, should an exception be thrown?
I realize that that problem probably isn't too common as most people
will use a 'correct' DOM tree, in which case the namespace URI probably
will be either null or non-empty and this issue will not occur. On the
other hand, as it is likely (or even sure?) that namespaces defined as
"" will throw exceptions on the receiver end, isn't it better to throw
an exception straight away? (So that you know that you are passing
malicious input).
Another solution could be to block empty namespaces in the serializer.
If the empty namespace declarations wouldn't have been inserted, the
receiver end would have parsed the document correctly anyway.
Best Regards and thanks in advance,
Alex Buisman
