[
https://issues.apache.org/jira/browse/CXF-8325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Freeman Yue Fang resolved CXF-8325.
-----------------------------------
Fix Version/s: 3.4.1
3.3.8
Resolution: Fixed
> Schema validation allows invalid SOAP header
> --------------------------------------------
>
> Key: CXF-8325
> URL: https://issues.apache.org/jira/browse/CXF-8325
> Project: CXF
> Issue Type: Bug
> Components: Core
> Affects Versions: 3.3.7
> Reporter: Thomas Monninger
> Assignee: Freeman Yue Fang
> Priority: Major
> Fix For: 3.3.8, 3.4.1
>
>
> Hi,
> In our environment we have a SOAP request similar to the following:
> {code:xml}
> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope";
> xmlns:v1="http://some.name.space/v1.1";>
> <soap:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>*Security
> Header*</wsse:Security>
> <soap:Body>
> <v1:Method></v1:Method>
> </soap:Body>
> </soap:Header>
> </soap:Envelope>
> {code}
> As you can see the {{soap:Body}} is part of the {{soap:Header}} which,
> according to the SOAP XML Schema, is not a valid construct.
> Schema-validation is turned on but no error occurrs. The body part is even
> treated as a valid body.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
