[CXF-8325] Schema validation allows invalid SOAP header - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.3.7
Fix Version/s: 3.3.8, 3.4.1
Component/s: Core
Labels:
None

Estimated Complexity:
Unknown

Description

Hi,

In our environment we have a SOAP request similar to the following:

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:v1="http://some.name.space/v1.1">
   <soap:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">*Security Header*</wsse:Security>
      <soap:Body>
         <v1:Method></v1:Method>
      </soap:Body>
   </soap:Header>
</soap:Envelope>

As you can see the soap:Body is part of the soap:Header which, according to the SOAP XML Schema, is not a valid construct.
Schema-validation is turned on but no error occurrs. The body part is even treated as a valid body.

Attachments

Activity

People

Assignee:: Freeman Yue Fang

Reporter:: Thomas Monninger

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 12/Aug/20 09:18

Updated:: 22/Dec/21 20:43

Resolved:: 21/Oct/20 18:25