[CXF-6209] Bug in processing Signed/Encrypted Elements policies with multiple XPaths - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.0.3, 2.7.14
Fix Version/s: 3.0.4, 2.7.15
Component/s: WS-* Components
Labels:
None

Estimated Complexity:
Unknown

Description

There is a bug in the WS-SecurityPolicy layer in CXF when matching a request message against a Signed/Encrypted Elements security policy with multiple XPath expressions. The namespace/prefixes are only read from the first XPath policy, meaning that if the second or subsequent policy uses a different prefix that isn't in scope, the policy validation will fail.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 20/Jan/15 14:58

Updated:: 16/Feb/15 16:09

Resolved:: 20/Jan/15 16:07