Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.3
-
None
Description
The method 'processElement' from class org.apache.ws.secpolicy.builders.EncryptedPartsBuilder doesn't add the 'sp:Header' elements to the SignedEncryptedParts instance:
private void processElement(OMElement element, SignedEncryptedParts parent) {
QName name = element.getQName();
if (HEADER.equals(name)) {
Header header = new Header();
OMAttribute nameAttribute = element.getAttribute(NAME);
if( nameAttribute != null )
OMAttribute namespaceAttribute = element.getAttribute(NAMESPACE);
header.setNamespace(namespaceAttribute.getAttributeValue());
<<== The following code is missing: parent.addHeader(header);
} else if (BODY.equals(name))
{ parent.setBody(true); }
}
The result from this "missing line of code" is that it's impossible to process a message that has some encrypted element besides the SOAP body.