[
https://issues.apache.org/jira/browse/CXF-7369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16007822#comment-16007822
]
Colm O hEigeartaigh commented on CXF-7369:
------------------------------------------
This is not a bug - the sending code is absolutely allowed use a wsu:Id instead
of an existing "id" attribute when signing the request.
> Signed element with an attribute named Id leaves a WSS Id attribute in the
> response
> ------------------------------------------------------------------------------------
>
> Key: CXF-7369
> URL: https://issues.apache.org/jira/browse/CXF-7369
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 3.1.8, 3.1.11
> Environment: Weblogic 12.1
> Java 1.8.0_121
> RedHat Linux
> Reporter: Cullen Davis
>
> Setup:
> Create a Soap service that has a WssRequiredSignatureHandler.
> Create an XML Element that has an attribute named id.
> Create a soap request that uses the element with the id attribute
> Specify that body be of the Soap request be a WSS Signed Element.
> Invoke the Soap service method.
> Expected Result
> The SOAP response will have an element with a single id attribute
> Actual Result:
> The SOAP response will have an element with a expected id attribute as well
> as an extra wsu:Id attribute. wsu maps to
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> Work Around
> Rename the attribute.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
