Uploaded image for project: 'Rampart'
  1. Rampart
  2. RAMPART-196

Rampart removes CDATA markup from SOAPBody elements. Reproducible in versions 1.3/1.4/1.4.1

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Invalid
    • 1.3, 1.4
    • 1.3, 1.4
    • rampart-core
    • None

    Description

      Hi,
      Rampart removes CDATA markup from the body of a SOAP Envelope.

      This is a critical issue because data needs to be put in CDATA tags for the recipient to process. We cannot reset the CDATA tags because we are signing the message. If we modify the SOAP Body after Rampart's Security , then the hash generated during signing will be wrong.

      Root cause of the problem
      The CDATA disappears because the SOAPEnvelope is converted from AXIOM object to an org.w3c.dom.Document object. I found this while I was debugging the code. The exact class where the conversion is done is RampartMessageData.class.

      Steps to reproduce:
      The steps to reproduce are shown below. I have used Rampart 1.4 , example 04. But the problem is persistent in Rampart 1.3, 1.4, 1.4.1 and on all OS.

      1. Download Rampart 1.4 from http://mirrors.enquira.co.uk/apache/ws/rampart/1_4/rampart-dist-1.4-bin.zip.
      2. Extract it to d:\
      3. Ensure AXIS2_HOME is set to Axis2 1.4. Mine is d:\axis2-1.4. Ensure ANT_HOME and JAVA_HOME is set.
      4. Open a command prompt.

      prompt> cd D:\rampart-1.4\samples\
      prompt>ant
      -------------The above step will copy the rampart jars to AXIS2_HOME installation.

      prompt> cd D:\rampart-1.4\samples\basic
      prompt> ant service.04

      5. Edit D:\rampart-1.4\samples\basic\sample04\src\org\apache\rampart\samples\sample04\Client.java
      Add the imports.

      import org.apache.axiom.om.impl.llom.OMTextImpl;
      import javax.xml.stream.XMLStreamConstants;

      In getPayload(), replace

      childElem.setText(value);

      with

      OMTextImpl omText = (OMTextImpl) childElem.getOMFactory().createOMText(childElem,value,XMLStreamConstants.CDATA);

      Save the file.

      5. Open another DOS prompt.
      prompt> cd D:\rampart-1.4\samples\basic
      prompt> ant client.04

      Observe the SOAP request using TCP Monitor.

      <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-22584918">
      <ns1:echo xmlns:ns1="http://sample04.samples.rampart.apache.org">
      <param0>Hello world</param0>
      </ns1:echo>
      </soapenv:Body>

      The CDATA tag is not present.

      6. Edit D:\rampart-1.4\samples\basic\sample04\client.axis2.xml. Remove the line <module ref="rampart" /> and save the file.

      7. Repeat the step 5 and observe the SOAPBody in TCP Monitor.

      <soapenv:Body><ns1:echo xmlns:ns1="http://sample04.samples.rampart.apache.org">
      <param0><![CDATA[Hello world]]></param0>
      </ns1:echo></soapenv:Body>

      The CDATA tag is intact.

      Please advice.

      Regards,
      Vinay Cardoza

      Attachments

        Activity

          People

            ruchith Ruchith B. Gunaratne
            vinaycardoza Vinay Cardoza
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: