Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
1.5.8
-
None
Description
When a document contains a comment as its first child element, wss4j will not find the SOAP body. This causes a NullPointerException during signature validation.
For example
<?xml version="1.0"?>
<soap:Body....
with a valid document works, while
<?xml version="1.0?>
<!-- comment about document -->
<soap:Body...
will break.
It appears this is caused by code in org.apache.ws.security.util.WSSecurityUtil in findBodyElement where getFirstChild from the document is used. This will not be the expected document root, but a comment node.
Proposed patch:
diff -ru wss4j/src/org/apache/ws/security/util/WSSecurityUtil.java wss4j-patched/src/org/apache/ws/security/util/WSSecurityUtil.java
— wss4j/src/org/apache/ws/security/util/WSSecurityUtil.java 2010-07-01 10:01:06.277800000 +0200
+++ wss4j-patched/src/org/apache/ws/security/util/WSSecurityUtil.java 2010-07-01 10:04:55.673000000 +0200
@@ -193,7 +193,7 @@
public static Element findBodyElement(Document doc, SOAPConstants sc) {
Element soapBodyElement =
(Element) WSSecurityUtil.getDirectChild(
- doc.getFirstChild(),
+ doc.getDocumentElement(),
sc.getBodyQName().getLocalPart(),
sc.getEnvelopeURI()
);