Rampart removes CDATA markup from SOAPBody elements. Reproducible in versions
1.3/1.4/1.4.1
-------------------------------------------------------------------------------------------
Key: RAMPART-196
URL: https://issues.apache.org/jira/browse/RAMPART-196
Project: Rampart
Issue Type: Bug
Components: rampart-core
Affects Versions: 1.4, 1.3
Reporter: Vinay Cardoza
Assignee: Ruchith Udayanga Fernando
Priority: Blocker
Hi,
Rampart removes CDATA markup from the body of a SOAP Envelope.
This is a critical issue because data needs to be put in CDATA tags for the
recipient to process. We cannot reset the CDATA tags because we are signing the
message. If we modify the SOAP Body after Rampart's Security , then the hash
generated during signing will be wrong.
Root cause of the problem
The CDATA disappears because the SOAPEnvelope is converted from AXIOM object to
an org.w3c.dom.Document object. I found this while I was debugging the code.
The exact class where the conversion is done is RampartMessageData.class.
Steps to reproduce:
The steps to reproduce are shown below. I have used Rampart 1.4 , example 04.
But the problem is persistent in Rampart 1.3, 1.4, 1.4.1 and on all OS.
1. Download Rampart 1.4 from
http://mirrors.enquira.co.uk/apache/ws/rampart/1_4/rampart-dist-1.4-bin.zip.
2. Extract it to d:\
3. Ensure AXIS2_HOME is set to Axis2 1.4. Mine is d:\axis2-1.4. Ensure ANT_HOME
and JAVA_HOME is set.
4. Open a command prompt.
prompt> cd D:\rampart-1.4\samples\
prompt>ant
-------------The above step will copy the rampart jars to AXIS2_HOME
installation.
prompt> cd D:\rampart-1.4\samples\basic
prompt> ant service.04
5. Edit
D:\rampart-1.4\samples\basic\sample04\src\org\apache\rampart\samples\sample04\Client.java
Add the imports.
import org.apache.axiom.om.impl.llom.OMTextImpl;
import javax.xml.stream.XMLStreamConstants;
In getPayload(), replace
childElem.setText(value);
with
OMTextImpl omText = (OMTextImpl)
childElem.getOMFactory().createOMText(childElem,value,XMLStreamConstants.CDATA);
Save the file.
5. Open another DOS prompt.
prompt> cd D:\rampart-1.4\samples\basic
prompt> ant client.04
Observe the SOAP request using TCP Monitor.
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="id-22584918">
<ns1:echo xmlns:ns1="http://sample04.samples.rampart.apache.org";>
<param0>Hello world</param0>
</ns1:echo>
</soapenv:Body>
The CDATA tag is not present.
6. Edit D:\rampart-1.4\samples\basic\sample04\client.axis2.xml. Remove the line
<module ref="rampart" /> and save the file.
7. Repeat the step 5 and observe the SOAPBody in TCP Monitor.
<soapenv:Body><ns1:echo xmlns:ns1="http://sample04.samples.rampart.apache.org";>
<param0><![CDATA[Hello world]]></param0>
</ns1:echo></soapenv:Body>
The CDATA tag is intact.
Please advice.
Regards,
Vinay Cardoza
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
