Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8325

Schema validation allows invalid SOAP header

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.3.7
    • Fix Version/s: 3.3.8, 3.4.1
    • Component/s: Core
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      Hi,

      In our environment we have a SOAP request similar to the following:

      <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:v1="http://some.name.space/v1.1">
         <soap:Header>
            <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">*Security Header*</wsse:Security>
            <soap:Body>
               <v1:Method></v1:Method>
            </soap:Body>
         </soap:Header>
      </soap:Envelope>
      

      As you can see the soap:Body is part of the soap:Header which, according to the SOAP XML Schema, is not a valid construct.
      Schema-validation is turned on but no error occurrs. The body part is even treated as a valid body.

        Attachments

          Activity

            People

            • Assignee:
              ffang Freeman Yue Fang
              Reporter:
              thomas.monninger Thomas Monninger
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: