Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-3453

WS-Security signed headers fail when schema validation enabled

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.1, 2.3.3
    • Fix Version/s: 2.4, 2.3.4
    • Component/s: WS-* Components
    • Labels:
      None

      Description

      After turning on schema validation on a web-service with headers that are signed, but not encrypted, the schema validation fails because the "wsu:Id" is not allowed in the schema.

      I've seen two forms of this: a complex type header fails with an error saying that the "wsu:Id" attribute isn't allowed, and a simple type header fails saying that no attributes are allowed (except for type, nill, schemaInstance, etc.).

      I think this is a bug, as I don't know anything in the WS-Security specs that would prevent signing of simple type headers or prevent subsequent schema validation.

      I've worked around this by using complex types and adding "<xsd:anyAttribute namespace="##any" processContents="skip"/>" to those types, but it doesn't seem like this should be necessary, and doesn't fix the simple type problem.

        Attachments

        1. SignedHeaderBug.zip
          44 kB
          Ross M. Lodge

          Issue Links

            Activity

              People

              • Assignee:
                dkulp Daniel Kulp
                Reporter:
                eddardstark Ross M. Lodge
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: