Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-7363

Support saaj-impl 1.4

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 3.2.5
    • None
    • None
    • Unknown

    Description

      org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor (and actions like UsernameTokenAction) don't build the dom correctly and it fails with saaj(impl 1.4, here a way to build correctly the dom for the header appending:

      new WSS4JOutInterceptor(outProps) {
            @Override
            protected void doSenderAction(final Document doc, final RequestData reqData,
                                          final List<HandlerAction> actions, final boolean isRequest) throws WSSecurityException {
                final String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());

                Element header = XMLUtils.getDirectChildElement(doc.getDocumentElement(), WSConstants.ELEM_HEADER, soapNamespace);
                final Element envelope = doc.getDocumentElement();
                if (header == null) {
                    header = createElementInSameNamespace(envelope.getOwnerDocument(), envelope, WSConstants.ELEM_HEADER);
                    final Node firstChild = envelope.getFirstChild();
                    if (firstChild == null) {
                        envelope.appendChild(header);
                    } else {
                        envelope.insertBefore(header, firstChild);
                    }
                }

                Element securityHeader = WSSecurityUtil.getSecurityHeader(header, getString(WSHandlerConstants.ACTOR, reqData.getMsgContext()), WSConstants.URI_SOAP12_ENV.equals(soapNamespace));
                if (securityHeader == null) {
                    securityHeader = header.getOwnerDocument().createElementNS(WSConstants.WSSE_NS, "wsse:Security");
                    securityHeader.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:wsse", WSConstants.WSSE_NS);
                    final Node firstChild = header.getFirstChild();
                    if (firstChild == null) {
                        header.appendChild(securityHeader);
                    } else {
                        header.insertBefore(securityHeader, firstChild);
                    }
                }

                super.doSenderAction(doc, reqData, actions, isRequest);
            }

            private Element createElementInSameNamespace(final Document doc, final Element parent, final String localName) {
                String qName = localName;
                String prefix = parent.getPrefix();
                if (prefix != null && prefix.length() > 0) {
                    qName = prefix + ":" + localName;
                }

                String nsUri = parent.getNamespaceURI();
                return doc.createElementNS(nsUri, qName);
            }
        }

      Same kind of document fix should be done on the actions.

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            romain.manni-bucau Romain Manni-Bucau
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: