[jira] Created: (AXIS-2497) Axis modifies SOAP request making digital signature invalid

Fri, 09 Jun 2006 04:23:38 -0700 

Axis modifies SOAP request making digital signature invalid
-----------------------------------------------------------

         Key: AXIS-2497
         URL: http://issues.apache.org/jira/browse/AXIS-2497
     Project: Apache Axis
        Type: Bug

  Components: Basic Architecture  
    Versions: 1.3    
 Environment: Windows XP Pro, SUSE Linux, Tomcat 5.0.28
    Reporter: Peter Bacik
    Priority: Critical


I'm using Apache XMLSec 1.3.0 to validate signature of incoming SOAP requests 
on the server side. XMLSec API is invoked from inside of Axis BasicHandler. 
Problem is, that Axis modifies the request (removes new lines), which makes the 
digest value and therefore also the signature invalid. 

DisablePrettyXML flag is set to true.

I sent the same SOAP request to the server using Axis 1.2 and Axis 1.3. 
Signature of the message sent to Axis 1.2 was validated successfully, message 
sent to Axis 1.3 had invalid signature.

------

Message traced on the TCP (I removed the header):
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; 
xmlns:xsd="http://www.w3.org/2001/XMLSchema"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><soapenv:Header>...</soapenv:Header><soapenv:Body
 Id="Body">
<spml:addRequest xmlns:spml="urn:SPML:2:0">
<object>
<Key>12345678901234561234567890123456</Key>
<Id>01234567890123456789</Id>
</object>
</spml:addRequest>
</soapenv:Body></soapenv:Envelope>

Message received by Axis 1.2:
<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; 
xmlns:xsd="http://www.w3.org/2001/XMLSchema"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><soapenv:Header>...</soapenv:Header><soapenv:Body
 Id="Body">
<spml:addRequest xmlns:spml="urn:SPML:2:0">
<object>
<Key>12345678901234561234567890123456</Key>
<Id>01234567890123456789</Id>
</object>
</spml:addRequest>
</soapenv:Body></soapenv:Envelope>

Message received by Axis 1.3:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; 
xmlns:xsd="http://www.w3.org/2001/XMLSchema"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><soapenv:Header>...</soapenv:Header><soapenv:Body
 Id="Body"><spml:addRequest xmlns:spml="urn:SPML:2:0">
<object>
<Key>12345678901234561234567890123456</Key>
<Id>01234567890123456789</Id>
</object>
</spml:addRequest></soapenv:Body></soapenv:Envelope>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to