[ 
https://issues.apache.org/jira/browse/WSS-235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

martin voegeli updated WSS-235:
-------------------------------


Problem also arises with xmlbeans/2.5.0

> xmlsec/1.4.3 not compatible with xmlbeans/2.4.0, resulting in 
> NullPointerException in IdResolver, more robustness would help
> ----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WSS-235
>                 URL: https://issues.apache.org/jira/browse/WSS-235
>             Project: WSS4J
>          Issue Type: Wish
>         Environment: xmm security structure generated with xmlbeans, verified 
> with xmlsec.
>            Reporter: martin voegeli
>            Assignee: Ruchith Udayanga Fernando
>            Priority: Minor
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> IdResolver.java was refactored from release xmlsec/1.3.0 to xmlsec/1.4.3.
> (I know, not part of wss4j, but xmlsec seams to be a sub-component here).
> Symptoms:
> java.lang.NullPointerException
>     at org.apache.xml.security.utils.IdResolver.isElement(Unknown Source)
>     at org.apache.xml.security.utils.IdResolver.getEl(Unknown Source)
>     at org.apache.xml.security.utils.IdResolver.getElementBySearching(Unknown 
> Source)
>     at org.apache.xml.security.utils.IdResolver.getElementById(Unknown Source)
>     at 
> org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineResolve(Unknown
>  Source)
>     at 
> org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown 
> Source)
> Problem: 
> Under certain circumstances, the ID attribute of an XML node in the XMLBeans 
> DOM implementation is treated as !nodeCanHavePrefixUri (which might not be 
> DOM specification compliant, but never mind). The Id Resolver code does not 
> expect this behavior
> xmlbenas/2.4.0 org.apache.xmlbeans.impl.store.DomImpl
>     public static String _node_getLocalName ( Dom n )
>     {
>         if (! n.nodeCanHavePrefixUri() ) return null;
>         QName name = n.getQName();
>         return name == null ? "" : name.getLocalPart();
>     }
> xml-security/1.4.3 org.apache.xml.security.utils.IdResolver:
> Suggested robustness optimization near line 247:
>             String name=n.getLocalName();
>             if (name == null) { name = n.getName(); }           <<<
> Changing xmlbeans to not return null as a local name might be the better 
> solution but that change seems somewhat risky.
> thanks
> martin

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org
For additional commands, e-mail: wss4j-dev-h...@ws.apache.org

Reply via email to