[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ws-general
Subject:    [jira] [Created] (WSS-644) Error when a SOAP-Fault is thrown with MTOM enabled
From:       "Mike M. (JIRA)" <jira () apache ! org>
Date:       2019-02-14 13:46:00
Message-ID: JIRA.13215745.1550151925000.296315.1550151960727 () Atlassian ! JIRA
[Download RAW message or body]

Mike M. created WSS-644:
---------------------------

             Summary: Error when a SOAP-Fault is thrown with MTOM enabled
                 Key: WSS-644
                 URL: https://issues.apache.org/jira/browse/WSS-644
             Project: WSS4J
          Issue Type: Bug
    Affects Versions: 2.2.2
         Environment: Tested with CXF 3.3.0 / WSS4J 2.2.2 on Oracle Java 8.
            Reporter: Mike M.
            Assignee: Colm O hEigeartaigh


We think we may have found an issue that looks very similar to [this Camel \
one|https://issues.apache.org/jira/browse/CAMEL-8663]: We use CXF/WSS4J for JAX-WS \
with JAXB in contract-first mode. We use WebService Security (signature & encryption) \
and have MTOM serialization enabled per policy using:

{code:xml}
    <wsoma:OptimizedMimeSerialization />
{code}

Everything seems to work fine when normal responses are generated from our Server. \
However, when a SOAP-Fault occurs, the CXF client throws a parsing exception like \
this one (it says: "Prefix "soap" for element "soap:Fault" is not bound"):

{code}
Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 13; Präfix \
"soap" für Element "soap:Fault" ist nicht gebunden.  at \
com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:257)  at \
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:339)
  at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121)
	at org.apache.xml.security.utils.XMLUtils$DocumentBuilderProxy.parse(XMLUtils.java:1161)
  at org.apache.wss4j.dom.util.EncryptionUtils.decryptXopAttachment(EncryptionUtils.java:399)
  at org.apache.wss4j.dom.util.EncryptionUtils.decryptEncryptedData(EncryptionUtils.java:207)
                
	... 49 more
{code}

When I debug into {{decryptXopAttachment}} at {{EncryptionUtils.java:399}} and look \
at what {{bytes}} it's trying to parse, they look something like this ({{<detail>}}'s \
contents omitted for readability):

{code:xml}
<soap:Fault>
    <faultcode>soap:Server</faultcode>
    <faultstring>4</faultstring>
    <detail>[...]</detail>
</soap:Fault>
{code}

And of course, looking only at the body's contents attached via XOP, the "soap" \
prefix isn't declared anywhere. It *is* declared in the {{<soap:Envelope>}} element, \
but since that's not being included in the validation here because the attachment is \
being validated on its own, that namespace declaration is missing.

- When we return "regular responses", this error isn't triggered because the "soap" \
prefix declared in the envelope isn't used in any of the bodie's elements, so all \
                namespaces used in the body are being declared in it.
- If we disable MTOM, everything works fine - the response message will probably be \
                parsed in its entirety, including the envelope and its namespace \
                declarations.
- CAMEL-8663 seems to address this very issue on the Camel side (with help of CXF and \
an endpoint property called {{org.apache.cxf.binding.soap.addNamespaceContext}}, used \
in {{org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor}}). We need the \
                same fix for standalone CXF/wss4j usage though.
- I compared wss4j's behavior to metro/wsit using the same policy and metro includes \
the envelope's namespaces in the element being attached like so: {code:xml}
<S:Fault xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
    <faultcode>S:Server</faultcode>
    <faultstring>4</faultstring>
    <detail>[...]</detail>
</S:Fault>
{code}

So my conclusion is that WSS4J/CXF (forgive me if I used the wrong Jira project) \
should repeat all namespaces declared in the {{<soap:Envelope>}} element in the \
xop-attached body if MTOM serializaiton is enabled.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]