Details
-
Bug
-
Status: Closed
-
Blocker
-
Resolution: Invalid
-
1.3, 1.4
-
None
Description
Hi,
Rampart removes CDATA markup from the body of a SOAP Envelope.
This is a critical issue because data needs to be put in CDATA tags for the recipient to process. We cannot reset the CDATA tags because we are signing the message. If we modify the SOAP Body after Rampart's Security , then the hash generated during signing will be wrong.
Root cause of the problem
The CDATA disappears because the SOAPEnvelope is converted from AXIOM object to an org.w3c.dom.Document object. I found this while I was debugging the code. The exact class where the conversion is done is RampartMessageData.class.
Steps to reproduce:
The steps to reproduce are shown below. I have used Rampart 1.4 , example 04. But the problem is persistent in Rampart 1.3, 1.4, 1.4.1 and on all OS.
1. Download Rampart 1.4 from http://mirrors.enquira.co.uk/apache/ws/rampart/1_4/rampart-dist-1.4-bin.zip.
2. Extract it to d:\
3. Ensure AXIS2_HOME is set to Axis2 1.4. Mine is d:\axis2-1.4. Ensure ANT_HOME and JAVA_HOME is set.
4. Open a command prompt.
prompt> cd D:\rampart-1.4\samples\
prompt>ant
-------------The above step will copy the rampart jars to AXIS2_HOME installation.
prompt> cd D:\rampart-1.4\samples\basic
prompt> ant service.04
5. Edit D:\rampart-1.4\samples\basic\sample04\src\org\apache\rampart\samples\sample04\Client.java
Add the imports.
import org.apache.axiom.om.impl.llom.OMTextImpl;
import javax.xml.stream.XMLStreamConstants;
In getPayload(), replace
childElem.setText(value);
with
OMTextImpl omText = (OMTextImpl) childElem.getOMFactory().createOMText(childElem,value,XMLStreamConstants.CDATA);
Save the file.
5. Open another DOS prompt.
prompt> cd D:\rampart-1.4\samples\basic
prompt> ant client.04
Observe the SOAP request using TCP Monitor.
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-22584918">
<ns1:echo xmlns:ns1="http://sample04.samples.rampart.apache.org">
<param0>Hello world</param0>
</ns1:echo>
</soapenv:Body>
The CDATA tag is not present.
6. Edit D:\rampart-1.4\samples\basic\sample04\client.axis2.xml. Remove the line <module ref="rampart" /> and save the file.
7. Repeat the step 5 and observe the SOAPBody in TCP Monitor.
<soapenv:Body><ns1:echo xmlns:ns1="http://sample04.samples.rampart.apache.org">
<param0><![CDATA[Hello world]]></param0>
</ns1:echo></soapenv:Body>
The CDATA tag is intact.
Please advice.
Regards,
Vinay Cardoza