[
https://issues.apache.org/jira/browse/WSS-254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12996513#comment-12996513
]
Colm O hEigeartaigh commented on WSS-254:
-----------------------------------------
Hi Marcin,
I just merged a fix for this issue to trunk. I took a different approach to the
patch you submitted - I didn't make any changes to WSEncryptionPart itself.
When finding an element to sign/encrypt, if the WSEncryptionPart does not have
a DOM element stored in it, or a wsu:Id, and if the localname/namespace do not
refer to the SOAP body, then it finds all DOM elements that match the given
localname/namespace and processes them accordingly. I've explained it in more
detail here:
http://coheigea.blogspot.com/2011/02/wss4j-16-specifying-elements-to-sign-or.html
Please take a look at the solution, and mark this issue as resolved if you're
happy with it.
Colm.
> Encryption/signing of multiple message parts with same name not working
> -----------------------------------------------------------------------
>
> Key: WSS-254
> URL: https://issues.apache.org/jira/browse/WSS-254
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.6
> Environment: all. (found out an a windows vista machine with java 1.6)
> Reporter: Marcin Markiewicz
> Assignee: Colm O hEigeartaigh
> Priority: Critical
> Fix For: 1.6
>
> Attachments: WSSecEncrypt.java, WSSecEncrypt.java, WSSecEncrypt.java,
> patch.txt
>
>
> The current implementation of the class "WSSecEncypt" lookf in the document
> to encrypt for elements only by their name and namespace (this are the only
> informations provided by the class "WSEncryptionPart"). The search find the
> first element with this name and lets encrypt it. If there are other elements
> with the same name we wish to encrypt it cannot be done. But it is needed if
> one uses lists of elements
> Following example shows the issue:
> <xml...>
> <soapenv:Envelope>
> <soapenv:Header>
> <myNS:Header1>
> <!-- XML data-->
> </myNS:Header1>
> <myNS:Header2>
> <!-- XML data-->
> <myNS:attachment>
> <!-- some data we don't wish to encrypt -->
> <myNS:attachment>
> </myNS:Header2>
> ...
> <myNS:Attachments>
> <myNS:attachment>
> <!-- 1. binary data base64 encoded -->
> </myNS:attachment>
> <myNS:attachment>
> <!-- 2. binary data base64 encoded -->
> </myNS:attachment>
> <myNS:attachment>
> <!-- 3. binary data base64 encoded -->
> </myNS:attachment>
> ...
> </myNS:Attachments>
> ...
> <myNS:HeaderX>
> <!-- XML data-->
> </myNS:HeaderX>
> </soapenv:Header>
> <soapenv:Body>
> <!-- XML data-->
> </soapenv:Body>
> </soapenv:Envelope>
> if we use the WSEncyrpionPart this way:
> WSEncryptionPart encryptionPart = new WSEncryptionPart("attachment",
> "myNS-URI", "Content");
> then only the element "Envelope/Header/Header2/attachment" will be encryptet.
> Thus the one we don't want to encrypt, but the other ones will not be
> encrypted.
> To solve this problem a XPath support in WSEncryptionPart and WSSecEncryption
> is to be implemented (and maybe more...)
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
