Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-6209

Bug in processing Signed/Encrypted Elements policies with multiple XPaths

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 3.0.3, 2.7.14
    • 3.0.4, 2.7.15
    • WS-* Components
    • None
    • Unknown

    Description


      There is a bug in the WS-SecurityPolicy layer in CXF when matching a request message against a Signed/Encrypted Elements security policy with multiple XPath expressions. The namespace/prefixes are only read from the first XPath policy, meaning that if the second or subsequent policy uses a different prefix that isn't in scope, the policy validation will fail.

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            coheigea Colm O hEigeartaigh
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: