[ https://issues.apache.org/jira/browse/WSS-505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved WSS-505. ------------------------------------- Resolution: Fixed Fixed. Please test with the latest SNAPSHOT code to see if there are any other errors in this area. Colm. > WSSecurityUtil .storeElementInContext throws ArrayIndexOutOfBoundsException > --------------------------------------------------------------------------- > > Key: WSS-505 > URL: https://issues.apache.org/jira/browse/WSS-505 > Project: WSS4J > Issue Type: Bug > Components: WSS4J Core > Affects Versions: 1.6.16 > Environment: Windows 7, Java 7 > Reporter: Bruno Campolo > Assignee: Colm O hEigeartaigh > Fix For: 1.6.17 > > > When calling an Apache CXF STS, a RSTR is sent along with a corresponding > Signature element in the Security header. The XML Signature specification > states that a Reference URI="" should be allowed, but WSS4J throws an > ArrayIndexOutOfBoundsException in this case. > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> > <SignedInfo> > <CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> > <SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> > <Reference URI=""> > <Transforms> > <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" > /> > </Transforms> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" > /> > <DigestValue>#### REMOVED ####</DigestValue> > </Reference> > </SignedInfo> > <SignatureValue>#### REMOVED ####</SignatureValue> > <KeyInfo> > <wsse:SecurityTokenReference > wsu:Id="STR-96B0809D81C151981114049297131153"> > <wsse:Reference URI="1058eb35-d9a6-4ff8-84ac-4f6d35ba3b3c" > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" > /> > </wsse:SecurityTokenReference> > </KeyInfo> > </Signature> > It appears that the code that fails is in > org.apache.ws.security.util.SecurityUtil: > public static void storeElementInContext(DOMCryptoContext context, String > uri, Element element) { > String id = uri; > if (uri.charAt(0) == '#') { <---- Exception thrown here since uri > = "" > id = id.substring(1); > } > -- This message was sent by Atlassian JIRA (v6.2#6252) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail: dev-h...@ws.apache.org