SignedEncryptedElements can incorrectly set the namespace of child xpaths
during serialization
----------------------------------------------------------------------------------------------
Key: RAMPART-276
URL: https://issues.apache.org/jira/browse/RAMPART-276
Project: Rampart
Issue Type: Bug
Components: rampart-policy
Affects Versions: 1.5
Reporter: Dave Bryant
Assignee: Ruchith Udayanga Fernando
If you create a security policy that includes signed or encrypted elements,
where the SignedEncryptedElements object contains multiple xpaths for
specifying parts of the message to sign/encrypt, and a namespace map to qualify
the prefixes used in xpaths exists, then serializing the
SignedEncryptedElements object incorrectly sets the namespace URI for the
second <sp:XPath> element that is output.
For example, if you specify two xpaths (xs:fred and rns1:bob) to be signed and
setup the namespace map appropriately to define the xs and rns1 prefixes, the
second XPath element is output using the xs prefix (the XML schema namespace)
instead of the sp prefix (the security policy namespace).
{code:xml}
<sp:SignedElements
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:XPath
xmlns:rns1="http://www.orionhealth.com/rhapsody/2009/11/TestService";>//xs:fred</sp:XPath>
<xs:XPath
xmlns:rns1="http://www.orionhealth.com/rhapsody/2009/11/TestService";>//rns1:bob</xs:XPath>
</sp:SignedElements>
{code}
The problem was introduced in revision 76056 of SignedEncryptedElements.java
(http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java?r1=653992&r2=760506)
where support was added to output the defined namespaces. The problem is that
the local variables 'prefix' and 'namespaceURI' is assigned when output the
namespace map, and then that same variable is reused to output the next XPath.
A patch that resolves this problem is below:
{code}
Index: src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
===================================================================
--- src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
(revision 61550)
+++ src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
(working copy)
@@ -122,9 +122,9 @@
Iterator<String> namespaces =
declaredNamespaces.keySet().iterator();
while(namespaces.hasNext()) {
- prefix = (String) namespaces.next();
- namespaceURI = (String) declaredNamespaces.get(prefix);
- writer.writeNamespace(prefix,namespaceURI);
+ final String declaredPrefix = (String) namespaces.next();
+ final String declaredNamespaceURI = (String)
declaredNamespaces.get(declaredPrefix);
+ writer.writeNamespace(declaredPrefix,declaredNamespaceURI);
}
writer.writeCharacters(xpathExpression);
{code}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
