|

»

»

»

»

[Issue 868] New - Security with List data type dropping xs namespace declaration

View: New views

12 Messages — Rating Filter: Alert me

	[Issue 868] New - Security with List data type dropping xs namespace declaration by haroldcarr :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://wsit.dev.java.net/issues/show_bug.cgi?id=868 Issue #\|868 Summary\|Security with List data type dropping xs namespace dec \|laration Component\|wsit Version\|1.1 Platform\|Sun OS/Version\|All URL\| Status\|NEW Status whiteboard\| Keywords\| Resolution\| Issue type\|DEFECT Priority\|P2 Subcomponent\|security Assigned to\|kumarjayanti Reported by\|haroldcarr ------- Additional comments from haroldcarr@... Thu Mar 27 17:25:32 +0000 2008 ------- NB 6.0.1 GF v2 ur1 b09d Metro 1.1 JDK 1.5.0_15 (with JCE installed) turn on wss client and server message dumping. Build and deploy GetDataWS (NB project attached). Build and run GetDataWSClient (NB project attached). This results in "prefix xs is not bound to a namespace. Looking at server.log (attached) at line 15 it shows that xs is defined on the server side before WSS processing. Looking at server.log line 252 it shows that xs is NOT defined on the client side after WSS processing. That seems to indicate the definition disappears in either server or client side WSS processing. Note: if the return type of GetDataWS.getData is changed from List to String then this code works. --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscribe@... For additional commands, e-mail: issues-help@...
	[Issue 868] Security with List data type dropping xs namespace declaration by haroldcarr :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://wsit.dev.java.net/issues/show_bug.cgi?id=868 ------- Additional comments from haroldcarr@... Thu Mar 27 17:26:41 +0000 2008 ------- Created an attachment (id=532) server.log --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscribe@... For additional commands, e-mail: issues-help@...
	[Issue 868] Security with List data type dropping xs namespace declaration by haroldcarr :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://wsit.dev.java.net/issues/show_bug.cgi?id=868 ------- Additional comments from haroldcarr@... Thu Mar 27 17:29:07 +0000 2008 ------- Created an attachment (id=533) GetDataWs (service) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscribe@... For additional commands, e-mail: issues-help@...
	[Issue 868] Security with List data type dropping xs namespace declaration by haroldcarr :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://wsit.dev.java.net/issues/show_bug.cgi?id=868 ------- Additional comments from haroldcarr@... Thu Mar 27 17:30:05 +0000 2008 ------- Created an attachment (id=534) GetDataWSClient (servlet based client) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscribe@... For additional commands, e-mail: issues-help@...
	[Issue 868] Security with List data type dropping xs namespace declaration by ashutoshshahi :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://wsit.dev.java.net/issues/show_bug.cgi?id=868 User ashutoshshahi changed the following: What \|Old value \|New value ================================================================================ Status\|NEW \|STARTED -------------------------------------------------------------------------------- ------- Additional comments from ashutoshshahi@... Fri Mar 28 09:38:24 +0000 2008 ------- Started looking into it. The namespace is being lost after the decryption of the payload. --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscribe@... For additional commands, e-mail: issues-help@...
	[Issue 868] Security with List data type dropping xs namespace declaration by ashutoshshahi :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://wsit.dev.java.net/issues/show_bug.cgi?id=868 ------- Additional comments from ashutoshshahi@... Fri Mar 28 12:41:40 +0000 2008 ------- Digging more into it, I see that the actual problem is during encryption, when we do not write namespaces for prefixes which are referenced only in attribute values during canonicalization. As the payload has elements like: <list xmlns:xs="..." xmlns:xsi="..." xsi:type="xs:int">0</list> we end up skipping writing xmlns:xs during canonicalization as xs is referenced only in value. Will work on fixing this. Ashutosh --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscribe@... For additional commands, e-mail: issues-help@...
	[Issue 868] Security with List data type dropping xs namespace declaration by haroldcarr :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://wsit.dev.java.net/issues/show_bug.cgi?id=868 User haroldcarr changed the following: What \|Old value \|New value ================================================================================ Target milestone\|not determined \|1.1.2 -------------------------------------------------------------------------------- ------- Additional comments from haroldcarr@... Fri Mar 28 15:22:06 +0000 2008 ------- Targetted for 1.1.2 --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscribe@... For additional commands, e-mail: issues-help@...
	[Issue 868] Security with List data type dropping xs namespace declaration by ashutoshshahi :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://wsit.dev.java.net/issues/show_bug.cgi?id=868 ------- Additional comments from ashutoshshahi@... Thu Apr 3 11:30:21 +0000 2008 ------- Checked in a fix on trunk. This should be considered as a workaround where we add XMLSchema namespace on the envelope to avoid the problem of it disappearing during canonicalization of payload. A proper solution is being worked out and will need some assistance from JAXB on which namespaces are being utilized. --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscribe@... For additional commands, e-mail: issues-help@...
	[Issue 868] Security with List data type dropping xs namespace declaration by kohsuke :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://wsit.dev.java.net/issues/show_bug.cgi?id=868 ------- Additional comments from kohsuke@... Thu Jun 5 16:51:21 +0000 2008 ------- We might be able to do this at JAXB level, by having the c14n code implement XmlOutput as defined in JAXB as https://jaxb2-sources.dev.java.net/source/browse/jaxb2-sources/jaxb-ri/runtime/src/com/sun/xml/bind/v2/runtime/output/XmlOutput.java?rev=1.8&view=log Note that a JAXB tree could contain a DOM tree where we have no way of knowing which namespaces are utilized, and a JAXB message could be converted into something else early on, perhaps by a JAX-WS Handler to DOM. So you really can't make this work 100% in all cases. --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscribe@... For additional commands, e-mail: issues-help@...
	[Issue 868] Security with List data type dropping xs namespace declaration by kumarjayanti-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://wsit.dev.java.net/issues/show_bug.cgi?id=868 User kumarjayanti changed the following: What \|Old value \|New value ================================================================================ Target milestone\|1.1.2 \|1.4 -------------------------------------------------------------------------------- ------- Additional comments from kumarjayanti@... Thu Jul 10 11:36:50 +0000 2008 ------- A workaround has been checked into Metro 1.3 and Metro 1.2 and Metro 1.1.2. Will attempt a properfix for a later release. --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscribe@... For additional commands, e-mail: issues-help@...
	[Issue 868] Security with List data type dropping xs namespace declaration by kumarjayanti-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://wsit.dev.java.net/issues/show_bug.cgi?id=868 User kumarjayanti changed the following: What \|Old value \|New value ================================================================================ Status\|STARTED \|RESOLVED -------------------------------------------------------------------------------- Resolution\| \|FIXED -------------------------------------------------------------------------------- ------- Additional comments from kumarjayanti@... Thu Jul 17 15:17:02 +0000 2008 ------- Marking fixed since we have a workaround checked in, but filed issue : https://wsit.dev.java.net/issues/show_bug.cgi?id=971 for a proper fix in Metro 1.4 --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscribe@... For additional commands, e-mail: issues-help@...
	[Issue 868] Security with List data type dropping xs namespace declaration by kumarjayanti-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://wsit.dev.java.net/issues/show_bug.cgi?id=868 User kumarjayanti changed the following: What \|Old value \|New value ================================================================================ Target milestone\|1.4 \|1.1.3 -------------------------------------------------------------------------------- ------- Additional comments from kumarjayanti@... Tue Jul 22 06:41:50 +0000 2008 ------- setting target milestone to 1.1.3 ( the earliest version in which the workaround has been ported) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscribe@... For additional commands, e-mail: issues-help@...

LightInTheBox - Buy quality products at wholesale price