[jira] Updated: (WSS-145) Problem in upgrading to xml-sec 1.4.2

Thu, 16 Oct 2008 07:46:43 -0700 

     [ 
https://issues.apache.org/jira/browse/WSS-145?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colm O hEigeartaigh updated WSS-145:
------------------------------------

    Attachment: wss4j_wss145.patch


Werner, please have a look at the attached patch for this issue and let me know 
if this is acceptable to you. 

I followed the discussion on security-dev on this issue...it seemed to me that 
there wasn't a consensus on whether the bug was in WSS4J or xml-sec. In any 
case, a simple fix in WSS4J solves the problem, which essentially amounts to 
doing this whenever a KeyInfo object is created:

Element keyInfoElement = keyInfo.getElement();
keyInfoElement.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:"
        + WSConstants.SIG_PREFIX, WSConstants.SIG_NS);

This way, the "ds" namespace gets set properly on the DOM element.

There are no backwards compatibility issues, as I've tested the changes with 
both xmlsec 1.4.0 and 1.4.2, and the tests all pass.




> Problem in upgrading to xml-sec 1.4.2
> -------------------------------------
>
>                 Key: WSS-145
>                 URL: https://issues.apache.org/jira/browse/WSS-145
>             Project: WSS4J
>          Issue Type: Improvement
>          Components: WSS4J Core
>    Affects Versions: 1.5.4
>            Reporter: Colm O hEigeartaigh
>            Assignee: Werner Dittmann
>             Fix For: 1.5.5
>
>         Attachments: wss4j_wss145.patch
>
>
> WSS4J 1.5.4 has a dependency on xml-sec 1.4.0. xml-sec 1.4.1 has a major c14n 
> fix, but we ran into a critical problem with encryption, see:
> http://issues.apache.org/jira/browse/WSS-128
> Ideally we'd like to release WSS4J 1.5.5 with xml-sec 1.4.2. However, there's 
> a problem with namespace prefixes when signing a request:
> http://www.nabble.com/Undeclared-namespace-prefix-"ds"-error-tt19668706.html#a19668706
> It's still not clear at this stage whether it's a problem in WSS4J or 
> xml-sec, or why this problem doesn't appear when xml-sec 1.4.0 or 1.4.1 is 
> used.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to