Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-3453

WS-Security signed headers fail when schema validation enabled

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.3.1, 2.3.3
    • 2.4, 2.3.4
    • WS-* Components
    • None

    Description

      After turning on schema validation on a web-service with headers that are signed, but not encrypted, the schema validation fails because the "wsu:Id" is not allowed in the schema.

      I've seen two forms of this: a complex type header fails with an error saying that the "wsu:Id" attribute isn't allowed, and a simple type header fails saying that no attributes are allowed (except for type, nill, schemaInstance, etc.).

      I think this is a bug, as I don't know anything in the WS-Security specs that would prevent signing of simple type headers or prevent subsequent schema validation.

      I've worked around this by using complex types and adding "<xsd:anyAttribute namespace="##any" processContents="skip"/>" to those types, but it doesn't seem like this should be necessary, and doesn't fix the simple type problem.

      Attachments

        1. SignedHeaderBug.zip
          44 kB
          Ross M. Lodge

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. CXF-5831 WSUIDValidationHandler is more strict than default behavior of JAXB

          • Major - Major loss of function.
          • Closed

          Activity

            People

              dkulp Daniel Kulp
              eddardstark Ross M. Lodge
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: