Problems with namespaces prefixes when encrypting or signing
------------------------------------------------------------
Key: RAMPART-67
URL: https://issues.apache.org/jira/browse/RAMPART-67
Project: Rampart
Issue Type: Bug
Components: rampart-policy
Affects Versions: 1.2
Environment: Windows XP SP2, Java 1.6, Tomcat 6.0
Reporter: Jorge Fernández
Priority: Blocker
I found a strange behaviour in my service policy: I'm trying to encrypt
ServiceGroupId and some of my payload elements.
For example, in my service policy I have:
sp:EncryptedElements
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
</sp:EncryptedElements>
If the client sends elements defined with that prefix, there's no problem when
decrypting them in the service. But when I need to encrypt elements like that,
to send them back to the client, I have the exception:
org.apache.axis2.AxisFault: java.lang.RuntimeException:
org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at
prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
Caused by:
java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve
namespace prefix 'ns3'
at
org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
at
org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
at
org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
at
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve
namespace prefix 'ns3'
 at
org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at
org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
at
org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
at
org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
... 23 more
However, for other operations it has no problem. I have one that returns the
same data as the one above and it works perfect. The only difference in the
response, is the name of the operation.
I have this operations:
validate (In-Only OK)
logout (In-Only OK)
getOntologyFindings
getOntologyFindingsByConcept (OK)
getOntologyAbstractParameters
getOntologyAbstractParametersByType (OK, returns the same data as the previous
one) getOntologyUnits
getOntologySignals
getOntology
getPatients
getPrimitiveParameterData (OK)
Operations without (OK) throw the exception described above. You can see that
when the names are almos the same (as getPatients and getPatientsByType), the
longer works OK but the shorter doesn't. For some other, even if their names
are different, it doesn't work.
In the case of encrypting ServiceGroupID, it says it cannot resolve prefix
'axis2'. With other elements such as addressing headers and timestamp there is
no problem.
For some operations, I have a response like this:
<ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd";>
<parameterData xmlns="http://op_messages.medici_link/xsd";>
<annotations \
xmlns="http://external.communication_data_model.medici_link/xsd"; \
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:nil="true" \
/>
<dataSegments \
xmlns="http://external.communication_data_model.medici_link/xsd";> \
<beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
<data>
<xop:Include \
href="cid:1.urn:uuid:[EMAIL PROTECTED]" \
xmlns:xop="http://www.w3.org/2004/08/xop/include"; /> </data>
</dataSegments>
</parameterData>
</ns3:getPrimitiveDataResponse>
and I want to sign and encrypt annotations and dataSegments so I put that in
the policy but none of them are encrypted nor signed and neither I get any
exception.It seems that rampart isn't able to find them. I tried identifying
them in the policy with descendant::ns3:dataSegments and
descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
