[
https://issues.apache.org/jira/browse/CXF-4077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13209245#comment-13209245
]
Philippe CERY commented on CXF-4077:
------------------------------------
Suppose a WS client C, a WS proxy PX and a WS provider PV. C sends a SOAP
request to PX, then PX forwards the request to PV. PX uses Camel to route the
request from C to PV.
The request's soap:Body tag is digitally signed by C
(WSHandlerConstants.SIGNATURE_PARTS,
"{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body";) for PV. As a proxy,
PX cannot validate the signature or modify the request. Thus, the
WSS4JInInterceptor on the PX inbound endpoint is configured to ignore the
Signature (using wss4j.processor.map with the Signature header QName as key and
null as the value).
When a tag is signed, there is a wsu:Id attribute and the associated wsu
namespace declaration added on this tag.
PX receives from C a message in which the soap:Body tag has these attributes
but the soap:Body tag in the message sent to PV has no attributes thus PV
cannot validate the signature (the part signed by C is modified when received
by PV) and the request is rejected.
The issue is when SoapOutInterceptor creates the soap:Body tag at the end of
writeSoapEnvelopeStart method. A new empty Body tag is add to the
XMLStreamWriter. And the next interceptors do not add the missing attributes.
To temporarily solve this, I have added my own interceptor right after the
SoapOutInterceptor. This interceptor gets the inbound message
(PhaseInterceptorChain.PREVIOUS_MESSAGE key) from the outbound message and
retrieve the original soap:Body element. If that element has attributes, I add
them to the XMLStreamWriter.
My patch works but it would be more efficient if ReadHeadersInterceptor or
StartBodyInterceptor could get these attributes and store them in the message
HashMap as it is done for the SOAP headers. Then the SoapOutInterceptor would
retrieve the stored attributes (if any) and add them to the outbound message
soap:Body element.
> Body tag attributes from inbound message are lost in outbound message
> ---------------------------------------------------------------------
>
> Key: CXF-4077
> URL: https://issues.apache.org/jira/browse/CXF-4077
> Project: CXF
> Issue Type: Bug
> Components: JAX-WS Runtime, Soap Binding
> Affects Versions: 2.4.4, 2.5.1
> Environment: jdk 1.6.0_30, tomcat 6.0.35, camel 2.9.0, cxf 2.5.1
> Reporter: Philippe CERY
> Fix For: NeedMoreInfo
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> Suppose you want to sign the whole soap body of your message. The Body tag
> will have 2 attributes xmlns:wsu and wsu:Id added.
> I want my server to forward the message to another server without checking
> signature and of course without modifying the signed part.
> But the In interceptors (ReadHeadersInterceptor and StartBodyInterceptor)
> ignore these attributes while parsing the inbound message and the
> SoapOutInterceptor creates a new empty soap Body element.
> So, the signed part is considered as modified by the second server and the
> message is rejected.
> If I want to sign any other part inside the body element, it works.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
