Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-6209

Bug in processing Signed/Encrypted Elements policies with multiple XPaths

          Details

          • Type: Bug
          • Status: Closed
          • Priority: Minor
          • Resolution: Fixed
          • Affects Version/s: 3.0.3, 2.7.14
          • Fix Version/s: 3.0.4, 2.7.15
          • Component/s: WS-* Components
          • Labels:
            None
          • Estimated Complexity:
            Unknown

            Description


            There is a bug in the WS-SecurityPolicy layer in CXF when matching a request message against a Signed/Encrypted Elements security policy with multiple XPath expressions. The namespace/prefixes are only read from the first XPath policy, meaning that if the second or subsequent policy uses a different prefix that isn't in scope, the policy validation will fail.

              Attachments

                Activity

                  People

                  • Assignee:
                    coheigea Colm O hEigeartaigh
                    Reporter:
                    coheigea Colm O hEigeartaigh
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: