[
https://issues.apache.org/jira/browse/RAMPART-282?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Lazarski resolved RAMPART-282.
-------------------------------------
Resolution: Fixed
Seems to have been fixed a long time ago - please re-open if not.
> invalid XML sent when Rampart is enabled
> ----------------------------------------
>
> Key: RAMPART-282
> URL: https://issues.apache.org/jira/browse/RAMPART-282
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.3, 1.4, 1.5
> Environment: Axis2/Java 1.5.1
> Windows 7
> Reporter: Russell Tempero
> Priority: Major
> Attachments: BasicCreate.java, antbuild.properties, build.xml,
> request.with_rampart.xml, request.without_rampart.xml, test.wsdl
>
> Original Estimate: 48h
> Remaining Estimate: 48h
>
> I have attached a WSDL which, when used to generate Java language bindings,
> demonstrates a problem in Rampart. The problem is that, when Rampart is
> enabled, a SOAP request that does not contain valid XML is sent to the
> server. When Rampart is not enabled, the problem goes away. I have attached
> two requests, one with Rampart enabled and the other that was sent without
> Rampart enabled.
> If you look at line 14 of request.with_rampart.xml, you will notice that we
> have an instance of a BaseObject which has an xsi:type of
> "ns2:InstanceObject". You will also notice that the ns2 namespace alias is
> declared on the same line: xmlns:ns2='urn:objects.ws.test.com'. If you look
> at line 18 of the same file, you will see a second instance of a BaseObject
> which also has an xsi:type of "ns2:InstanceObject". However, in this case the
> ns2 namespace is not declared. Note that ns2 is also not declared in any of
> the parent elements. It is only declared in the aforementioned sibling
> element. This is invalid XML because ns2 needs to be declared in order for it
> to be used in the xsi:type attribute.
> Furthermore, please note that request.without_rampart.xml (which was
> generated using the same WSDL, Java code, etc, but without Rampart enabled)
> does not exhibit the same malformed XML.
> I have attached the Java driver program that was used to send the request. I
> also attached the Ant build files so that you can see what options we are
> using to generate the Java bindings.
> Fortunately, our security policy is simple enough that we can disable Rampart
> and add our own security header. That is our current workaround. You will
> notice code (which is currently commented out) that adds the security header
> manually in BasicCreate.java.
> Please let me know if there is any further information that would be helpful.
> Thanks,
> Russell
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
