[jira] [Commented] (RAMPART-356) Namespaces problem in RampartUtil.getPartsAndElements causes XPath problem: No Such Function

[Stefan Vladov (JIRA)]

    [ 
https://issues.apache.org/jira/browse/RAMPART-356?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13669387#comment-13669387
 ] 

Stefan Vladov commented on RAMPART-356:
---------------------------------------

I second that.
As far as I understand, what should be added to the jaxen namespace context are 
only the namespaces that are used in the xpath expression. The xpath engine 
does not need any other namespace and adding such is error prone.
The way I see it, there are two sides to this story.
1. All signed and/or encrypted elements in the policy should be discoverable - 
this should be easily achieved by only adding the declared namespaces from the 
SignedEncryptedElements to the namespace context. Should be fine this way, I 
think.
2. Rampart currently validates the presence of signed and/or encrypted elements 
returned by the wss4j engine by looking at the xpath expression in the 
WSDataRefs. IMO WSS4J should also build a namespace context while preparing the 
xpath in org.apache.wss4j.dom.processor.ReferenceListProcessor#getXPath 
(wss4j-dom module). The namespace context should be afterwards placed in the 
WSDataRef next to the xpath expression.

Please correct me if I'm missing sth.
Meanwhile I'll try the two suggested changes and will update the comment if it 
works out fine.

Regards,
Stefan
                
> Namespaces problem in RampartUtil.getPartsAndElements causes XPath problem: 
> No Such Function
> --------------------------------------------------------------------------------------------
>
>                 Key: RAMPART-356
>                 URL: https://issues.apache.org/jira/browse/RAMPART-356
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.5.2
>            Reporter: HJHorst
>
> I have a policy which contains an XPath expression to find some elements that 
> need to be signed: 
>                               <sp:SignedElements>
>                                       
> <sp:XPath>/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and 
> local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/'
>  and 
> local-name()='Header']/*[namespace-uri()='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>  and 
> local-name()='Security']/*[namespace-uri()='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>  and local-name()='Timestamp']</sp:XPath>
>                                       
> <sp:XPath>/*[namespace-uri()='http://www.w3.org/2003/05/soap-envelope' and 
> local-name()='Envelope']/*[namespace-uri()='http://www.w3.org/2003/05/soap-envelope'
>  and 
> local-name()='Header']/*[namespace-uri()='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>  and 
> local-name()='Security']/*[namespace-uri()='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>  and local-name()='Timestamp']</sp:XPath>
>                               </sp:SignedElements>
> I created a client to call the webservice and I get this exception:
> java.lang.RuntimeException: org.jaxen.UnresolvableException: No Such Function 
> {http://fluffy.nl/someservice/1.1/}:namespace-uri
>       at 
> org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:1251)
>       at 
> org.apache.rampart.util.RampartUtil.getSignedParts(RampartUtil.java:947)
>       at 
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:362)
>       at 
> org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:95)
>       at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
>       at 
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
>       at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
>       at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:254)
>       at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:419)
>       at 
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
>       at 
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
>       at 
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
>       at 
> wsrl.proxy.SomeService_V1_1Stub.getInfo(SomeService_V1_1Stub.java:503)
>       at project1.StatusCall.main(StatusCall.java:71)
> Caused by: org.jaxen.UnresolvableException: No Such Function 
> {http://fluffy.nl/someservice/1.1/}:namespace-uri
>       at 
> org.jaxen.SimpleFunctionContext.getFunction(SimpleFunctionContext.java:127)
>       at org.jaxen.ContextSupport.getFunction(ContextSupport.java:242)
>       at org.jaxen.Context.getFunction(Context.java:216)
>       at 
> org.jaxen.expr.DefaultFunctionCallExpr.evaluate(DefaultFunctionCallExpr.java:172)
>       at 
> org.jaxen.expr.DefaultEqualityExpr.evaluate(DefaultEqualityExpr.java:75)
>       at org.jaxen.expr.DefaultAndExpr.evaluate(DefaultAndExpr.java:82)
>       at org.jaxen.expr.DefaultPredicate.evaluate(DefaultPredicate.java:95)
>       at org.jaxen.expr.PredicateSet.applyPredicate(PredicateSet.java:269)
>       at org.jaxen.expr.PredicateSet.evaluatePredicates(PredicateSet.java:244)
>       at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:215)
>       at 
> org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
>       at 
> org.jaxen.expr.DefaultAbsoluteLocationPath.evaluate(DefaultAbsoluteLocationPath.java:113)
>       at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
>       at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:674)
>       at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:213)
>       at 
> org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:1211)
> I think the problem is caused by line 1190 of RampartUtil.java:       
>         // decide what exactly is going to be used - only the default 
> namespaces, or the list of all declared namespaces in the message !
>         Set namespaces = findAllPrefixNamespaces(envelope, decNamespaces);
>               
> Rampart tries to find all namespace declarations from my request envelope, 
> and with these declarations execute the XPath expression.
> My envelope has a default namespace declared somewhere, so there is no 
> prefix. This causes the exception on line 1211:
>                 List selectedNodes = xp.selectNodes(envelope);
> Jaxen assigns my default namespace to the XPath functions and can't find them 
> anymore.
> I think findAllPrefixNamespaces should not be called on the envelope at all, 
> perhaps on the WSDL, (perhaps not at all: see comments on RAMPART-67)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org