[jira] Updated: (WSS-234) Comment as first element in document causes NPE

Thu, 01 Jul 2010 08:07:47 -0700 

     [ 
https://issues.apache.org/jira/browse/WSS-234?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colm O hEigeartaigh updated WSS-234:
------------------------------------

    Fix Version/s: 1.5.9
                   1.6

> Comment as first element in document causes NPE
> -----------------------------------------------
>
>                 Key: WSS-234
>                 URL: https://issues.apache.org/jira/browse/WSS-234
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.8
>            Reporter: Remco Schaar
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>             Fix For: 1.5.9, 1.6
>
>
> When a document contains a comment as its first child element, wss4j will not 
> find the SOAP body. This causes a NullPointerException during signature 
> validation.
> For example
>     <?xml version="1.0"?>
>     <soap:Body....
> with a valid document works, while
>     <?xml version="1.0?>
>     <!-- comment about document -->
>     <soap:Body...
> will break.
> It appears this is caused by code in 
> org.apache.ws.security.util.WSSecurityUtil in findBodyElement where 
> getFirstChild from the document is used. This will not be the expected 
> document root, but a comment node.
> Proposed patch:
> diff -ru wss4j/src/org/apache/ws/security/util/WSSecurityUtil.java 
> wss4j-patched/src/org/apache/ws/security/util/WSSecurityUtil.java
> --- wss4j/src/org/apache/ws/security/util/WSSecurityUtil.java 2010-07-01 
> 10:01:06.277800000 +0200
> +++ wss4j-patched/src/org/apache/ws/security/util/WSSecurityUtil.java 
> 2010-07-01 10:04:55.673000000 +0200
> @@ -193,7 +193,7 @@
>      public static Element findBodyElement(Document doc, SOAPConstants sc) {
>          Element soapBodyElement = 
>              (Element) WSSecurityUtil.getDirectChild(
> -                doc.getFirstChild(), 
> +                doc.getDocumentElement(), 
>                  sc.getBodyQName().getLocalPart(), 
>                  sc.getEnvelopeURI()
>              );

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org
For additional commands, e-mail: wss4j-dev-h...@ws.apache.org

Reply via email to