[
https://issues.apache.org/jira/browse/RAMPART-196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vinay Cardoza closed RAMPART-196.
---------------------------------
Resolution: Invalid
Fix Version/s: 1.3
1.4
This is not a bug. This is due to C14n canonicalization rules.
Link - http://www.w3.org/TR/xml-c14n.html
The CDATA tags are removed and replaced with the appropriate character content.
For text nodes, < > & characters are escaped appropriately.
> Rampart removes CDATA markup from SOAPBody elements. Reproducible in versions
> 1.3/1.4/1.4.1
> -------------------------------------------------------------------------------------------
>
> Key: RAMPART-196
> URL: https://issues.apache.org/jira/browse/RAMPART-196
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.3, 1.4
> Reporter: Vinay Cardoza
> Assignee: Ruchith Udayanga Fernando
> Priority: Blocker
> Fix For: 1.4, 1.3
>
>
> Hi,
> Rampart removes CDATA markup from the body of a SOAP Envelope.
> This is a critical issue because data needs to be put in CDATA tags for the
> recipient to process. We cannot reset the CDATA tags because we are signing
> the message. If we modify the SOAP Body after Rampart's Security , then the
> hash generated during signing will be wrong.
> Root cause of the problem
> The CDATA disappears because the SOAPEnvelope is converted from AXIOM object
> to an org.w3c.dom.Document object. I found this while I was debugging the
> code. The exact class where the conversion is done is
> RampartMessageData.class.
> Steps to reproduce:
> The steps to reproduce are shown below. I have used Rampart 1.4 , example 04.
> But the problem is persistent in Rampart 1.3, 1.4, 1.4.1 and on all OS.
> 1. Download Rampart 1.4 from
> http://mirrors.enquira.co.uk/apache/ws/rampart/1_4/rampart-dist-1.4-bin.zip.
> 2. Extract it to d:\
> 3. Ensure AXIS2_HOME is set to Axis2 1.4. Mine is d:\axis2-1.4. Ensure
> ANT_HOME and JAVA_HOME is set.
> 4. Open a command prompt.
> prompt> cd D:\rampart-1.4\samples\
> prompt>ant
> -------------The above step will copy the rampart jars to AXIS2_HOME
> installation.
> prompt> cd D:\rampart-1.4\samples\basic
> prompt> ant service.04
> 5. Edit
> D:\rampart-1.4\samples\basic\sample04\src\org\apache\rampart\samples\sample04\Client.java
>
> Add the imports.
> import org.apache.axiom.om.impl.llom.OMTextImpl;
> import javax.xml.stream.XMLStreamConstants;
> In getPayload(), replace
> childElem.setText(value);
> with
> OMTextImpl omText = (OMTextImpl)
> childElem.getOMFactory().createOMText(childElem,value,XMLStreamConstants.CDATA);
>
> Save the file.
> 5. Open another DOS prompt.
> prompt> cd D:\rampart-1.4\samples\basic
> prompt> ant client.04
> Observe the SOAP request using TCP Monitor.
> <soapenv:Body
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-22584918">
> <ns1:echo xmlns:ns1="http://sample04.samples.rampart.apache.org";>
> <param0>Hello world</param0>
> </ns1:echo>
> </soapenv:Body>
> The CDATA tag is not present.
> 6. Edit D:\rampart-1.4\samples\basic\sample04\client.axis2.xml. Remove the
> line <module ref="rampart" /> and save the file.
> 7. Repeat the step 5 and observe the SOAPBody in TCP Monitor.
> <soapenv:Body><ns1:echo
> xmlns:ns1="http://sample04.samples.rampart.apache.org";>
> <param0><![CDATA[Hello world]]></param0>
> </ns1:echo></soapenv:Body>
> The CDATA tag is intact.
> Please advice.
> Regards,
> Vinay Cardoza
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
