Details
-
Wish
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
None
-
None
-
None
-
None
-
xmm security structure generated with xmlbeans, verified with xmlsec.
Description
IdResolver.java was refactored from release xmlsec/1.3.0 to xmlsec/1.4.3.
(I know, not part of wss4j, but xmlsec seams to be a sub-component here).
Symptoms:
java.lang.NullPointerException
at org.apache.xml.security.utils.IdResolver.isElement(Unknown Source)
at org.apache.xml.security.utils.IdResolver.getEl(Unknown Source)
at org.apache.xml.security.utils.IdResolver.getElementBySearching(Unknown Source)
at org.apache.xml.security.utils.IdResolver.getElementById(Unknown Source)
at org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineResolve(Unknown Source)
at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
Problem:
Under certain circumstances, the ID attribute of an XML node in the XMLBeans DOM implementation is treated as !nodeCanHavePrefixUri (which might not be DOM specification compliant, but never mind). The Id Resolver code does not expect this behavior
xmlbenas/2.4.0 org.apache.xmlbeans.impl.store.DomImpl
public static String _node_getLocalName ( Dom n )
xml-security/1.4.3 org.apache.xml.security.utils.IdResolver:
Suggested robustness optimization near line 247:
String name=n.getLocalName();
if (name == null)
<<<
Changing xmlbeans to not return null as a local name might be the better solution but that change seems somewhat risky.
thanks
martin