Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.2
-
None
-
None
-
Windows XP SP2, Java 1.6, Tomcat 6.0
Description
I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
For example, in my service policy I have:
sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
</sp:EncryptedElements>
If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
... 23 more
validateSystem works OK but the validate, doesn't.
In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
For some operations, I have a response like this:
<ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
<parameterData xmlns="http://op_messages.medici_link/xsd">
<annotations \
xmlns="http://external.communication_data_model.medici_link/xsd" \
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
/>
<dataSegments \
xmlns="http://external.communication_data_model.medici_link/xsd"> \
<beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
<data>
<xop:Include \
href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
</dataSegments>
</parameterData>
</ns3:getPrimitiveDataResponse>
and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.
It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments. Maybe this happens because they are defined in another namespace and they have no prefix in the message.