Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
None
-
None
-
None
Description
Rampart is unable to add security headers to a SOAP message that does not have an existing SOAP header.
The actual root cause of this issue is that headers added using DOOM to a SOAP envelope that does not already have a header, are lost during serialization.
The following code sample provided by Ruchith explains and is able to recreate this issue. The header is lost unless the " //fac.createSOAPHeader(env);" line is uncommeted
-----------------------------------------------------------------------------------------------------
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMText;
import org.apache.axiom.om.impl.dom.factory.OMDOMFactory;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.soap.SOAPFactory;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder;
import org.apache.axiom.soap.impl.dom.soap11.SOAP11Factory;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import javax.xml.namespace.QName;
import junit.framework.TestCase;
/**
*
- @author Ruchith Fernando (ruchith.fernando@gmail.com)
*/
public class SerializerTest extends TestCase {
public SerializerTest() {
}
public SerializerTest(String arg0)
{ super(arg0); }public void test1() throws Exception
{ SOAPFactory fac = OMAbstractFactory.getSOAP11Factory(); SOAPEnvelope env = fac.createSOAPEnvelope(); fac.createSOAPBody(env); //fac.createSOAPHeader(env); fac = new SOAP11Factory(); StAXSOAPModelBuilder builder = new StAXSOAPModelBuilder(env.getXMLStreamReader(), fac, null); SOAPEnvelope domEnv = builder.getSOAPEnvelope(); Element elem = (Element)domEnv; Document doc = elem.getOwnerDocument(); WSSecurityUtil.findWsseSecurityHeaderBlock(doc, elem, true); String s = domEnv.toString(); System.out.println(s); }}