/sp:EncryptedParts/sp:Header needs qualified attribute names
------------------------------------------------------------
Key: RAMPART-122
URL: https://issues.apache.org/jira/browse/RAMPART-122
Project: Rampart
Issue Type: Bug
Components: rampart-policy
Affects Versions: 1.3
Reporter: Kent Tong
The following policy assertion will cause rampart to throw a
NullPointerException:
<sp:EncryptedParts>
<sp:Header Name="Signature"
Namespace="http://www.w3.org/2000/09/xmldsig#"; />
</sp:EncryptedParts>
The offending line is shown below:
public class EncryptedPartsBuilder implements AssertionBuilder {
...
private void processElement(OMElement element, SignedEncryptedParts parent)
{
QName name = element.getQName();
if (HEADER.equals(name)) {
Header header = new Header();
OMAttribute nameAttribute = element.getAttribute(NAME);
if( nameAttribute != null ) {
header.setName(nameAttribute.getAttributeValue());
}
OMAttribute namespaceAttribute = element.getAttribute(NAMESPACE);
header.setNamespace(namespaceAttribute.getAttributeValue());
<====== THIS LINE FAILS
} else if (BODY.equals(name)) {
parent.setBody(true);
}
}
}
It works if the policy assertion is changed to quality the attribute names:
<sp:EncryptedParts>
<sp:Header sp:Name="Signature"
sp:Namespace="http://www.w3.org/2000/09/xmldsig#"; />
</sp:EncryptedParts>
However, this is against the WS-SecurityPolicy spec at
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826515
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
