[jira] Created: (RAMPART-282) invalid XML sent when Rampart is enabled

Tue, 16 Feb 2010 08:55:59 -0800 

invalid XML sent when Rampart is enabled
----------------------------------------

                 Key: RAMPART-282
                 URL: https://issues.apache.org/jira/browse/RAMPART-282
             Project: Rampart
          Issue Type: Bug
    Affects Versions: 1.4, 1.3, 1.5
         Environment: Axis2/Java 1.5.1
Windows 7
            Reporter: Russell Tempero
            Assignee: Ruchith Udayanga Fernando
         Attachments: request.with_rampart.xml, request.without_rampart.xml, 
test.wsdl

I have attached a WSDL which, when used to generate Java language bindings, 
demonstrates a problem in Rampart. The problem is that, when Rampart is 
enabled, a SOAP request that does not contain valid XML is sent to the server. 
When Rampart is not enabled, the problem goes away. I have attached two 
requests, one with Rampart enabled and the other that was sent without Rampart 
enabled.

If you look at line 14 of request.with_rampart.xml, you will notice that we 
have an instance of a BaseObject which has an xsi:type of "ns2:InstanceObject". 
You will also notice that the ns2 namespace alias is declared on the same line: 
xmlns:ns2='urn:objects.ws.test.com'. If you look at line 18 of the same file, 
you will see a second instance of a BaseObject which also has an xsi:type of 
"ns2:InstanceObject". However, in this case the ns2 namespace is not declared. 
Note that ns2 is also not declared in any of the parent elements. It is only 
declared in the aforementioned sibling element. This is invalid XML because ns2 
needs to be declared in order for it to be used in the xsi:type attribute.

Furthermore, please note that request.without_rampart.xml (which was generated 
using the same WSDL, Java code, etc, but without Rampart enabled) does not 
exhibit the same malformed XML.

I have attached the Java driver program that was used to send the request. I 
also attached the Ant build files so that you can see what options we are using 
to generate the Java bindings.

Fortunately, our security policy is simple enough that we can disable Rampart 
and add our own security header. That is our current workaround. You will 
notice code (which is currently commented out) that adds the security header 
manually in BasicCreate.java.

Please let me know if there is any further information that would be helpful.

Thanks,
Russell

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to