[prev in list] [next in list] [prev in thread] [next in thread]
List: xmlrpc-dev
Subject: [jira] [Created] (WSS-644) Error when a SOAP-Fault is thrown with MTOM enabled
From: "Mike M. (JIRA)" <jira () apache ! org>
Date: 2019-02-14 13:46:00
Message-ID: JIRA.13215745.1550151925000.296315.1550151960727 () Atlassian ! JIRA
[Download RAW message or body]
Mike M. created WSS-644:
---------------------------
Summary: Error when a SOAP-Fault is thrown with MTOM enabled
Key: WSS-644
URL: https://issues.apache.org/jira/browse/WSS-644
Project: WSS4J
Issue Type: Bug
Affects Versions: 2.2.2
Environment: Tested with CXF 3.3.0 / WSS4J 2.2.2 on Oracle Java 8.
Reporter: Mike M.
Assignee: Colm O hEigeartaigh
We think we may have found an issue that looks very similar to [this Camel \
one|https://issues.apache.org/jira/browse/CAMEL-8663]: We use CXF/WSS4J for JAX-WS \
with JAXB in contract-first mode. We use WebService Security (signature & encryption) \
and have MTOM serialization enabled per policy using:
{code:xml}
<wsoma:OptimizedMimeSerialization />
{code}
Everything seems to work fine when normal responses are generated from our Server. \
However, when a SOAP-Fault occurs, the CXF client throws a parsing exception like \
this one (it says: "Prefix "soap" for element "soap:Fault" is not bound"):
{code}
Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 13; Präfix \
"soap" für Element "soap:Fault" ist nicht gebunden. at \
com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:257) at \
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:339)
at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121)
at org.apache.xml.security.utils.XMLUtils$DocumentBuilderProxy.parse(XMLUtils.java:1161)
at org.apache.wss4j.dom.util.EncryptionUtils.decryptXopAttachment(EncryptionUtils.java:399)
at org.apache.wss4j.dom.util.EncryptionUtils.decryptEncryptedData(EncryptionUtils.java:207)
... 49 more
{code}
When I debug into {{decryptXopAttachment}} at {{EncryptionUtils.java:399}} and look \
at what {{bytes}} it's trying to parse, they look something like this ({{<detail>}}'s \
contents omitted for readability):
{code:xml}
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>4</faultstring>
<detail>[...]</detail>
</soap:Fault>
{code}
And of course, looking only at the body's contents attached via XOP, the "soap" \
prefix isn't declared anywhere. It *is* declared in the {{<soap:Envelope>}} element, \
but since that's not being included in the validation here because the attachment is \
being validated on its own, that namespace declaration is missing.
- When we return "regular responses", this error isn't triggered because the "soap" \
prefix declared in the envelope isn't used in any of the bodie's elements, so all \
namespaces used in the body are being declared in it.
- If we disable MTOM, everything works fine - the response message will probably be \
parsed in its entirety, including the envelope and its namespace \
declarations.
- CAMEL-8663 seems to address this very issue on the Camel side (with help of CXF and \
an endpoint property called {{org.apache.cxf.binding.soap.addNamespaceContext}}, used \
in {{org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor}}). We need the \
same fix for standalone CXF/wss4j usage though.
- I compared wss4j's behavior to metro/wsit using the same policy and metro includes \
the envelope's namespaces in the element being attached like so: {code:xml}
<S:Fault xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<faultcode>S:Server</faultcode>
<faultstring>4</faultstring>
<detail>[...]</detail>
</S:Fault>
{code}
So my conclusion is that WSS4J/CXF (forgive me if I used the wrong Jira project) \
should repeat all namespaces declared in the {{<soap:Envelope>}} element in the \
xop-attached body if MTOM serializaiton is enabled.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic