[
https://issues.apache.org/jira/browse/CXF-2554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12790275#action_12790275
]
Daniel Kulp commented on CXF-2554:
----------------------------------
I want to be clear about what the problem really is. In XML, you can have
multiple declarations of the same namespace within the same document. That's
perfectly fine. The last soap message you posted is valid with the 4 wsse and
6 wsu declarations.
The problem in the first soap message is that the wsu namespace is declared
twice on the SAME element. That is NOT allowed. For example, look at the
soap:Body:
{code:xml}
<soap:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="id-3">
{code}
The wsu namespace is defined twice on the same element. That is bad. THAT is
what I'm trying to figure out how to reproduce. Your testcase you attached
isn't reproducing that for me (or for you apparently as the last soap message
you attached doesn't have that problem).
Thus, what we need to figure out is how to create a test case that produces
that invalid element.
> JaxWsDynamicClientFactory.createClient(URL) and
> o.a.cxf.endpoint.Client.invoke(String operationName, Object... params)
> generates illegal XML, WstxParsingException on server.
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CXF-2554
> URL: https://issues.apache.org/jira/browse/CXF-2554
> Project: CXF
> Issue Type: Bug
> Affects Versions: 2.2.5, 2.2.6
> Environment: Microsoft Windows [Version 6.0.6002] (Vista Buisiness N
> 64 bits)
> java version "1.6.0_16"
> Java(TM) SE Runtime Environment (build 1.6.0_16-b01)
> Java HotSpot(TM) 64-Bit Server VM (build 14.2-b01, mixed mode)
> Reporter: Gary Gregory
> Assignee: Daniel Kulp
> Attachments: Apache CXF-2554.zip, Jre16_xml-Capture.JPG,
> TestBackEndWss.wsdl
>
>
> Creating a client with:
> JaxWsDynamicClientFactory.newInstance().createClient(URL)
> and calling it with:
> org.apache.cxf.endpoint.Client.invoke(String operationName, Object... params)
> throws the Exception
> com.ctc.wstx.exc.WstxParsingException: Duplicate declaration for namespace
> prefix 'wsu'.
> on in server built with CXF
> Attaching WSDL.
> Logging output:
> Nov 20, 2009 11:31:12 AM org.apache.cxf.endpoint.dynamic.DynamicClientFactory
> outputDebug
> INFO: Created classes:
> appinterface.seagullsw.com.appinterfaceserver.ObjectFactory,
> appinterface.seagullsw.com.appinterfaceserver.TestOneStringArgWssAll,
> appinterface.seagullsw.com.appinterfaceserver.TestOneStringArgWssAllInResponse,
>
> appinterface.seagullsw.com.appinterfaceserver.TestOneStringArgWssAllInResponseResponse,
>
> appinterface.seagullsw.com.appinterfaceserver.TestOneStringArgWssAllResponse,
> appinterface.seagullsw.com.appinterfaceserver.TestOneStringArgWssEncrypt,
> appinterface.seagullsw.com.appinterfaceserver.TestOneStringArgWssEncryptResponse,
> appinterface.seagullsw.com.appinterfaceserver.TestOneStringArgWssSignature,
> appinterface.seagullsw.com.appinterfaceserver.TestOneStringArgWssSignatureResponse,
> appinterface.seagullsw.com.appinterfaceserver.TestOneStringArgWssTimestamp,
> appinterface.seagullsw.com.appinterfaceserver.TestOneStringArgWssTimestampResponse,
>
> appinterface.seagullsw.com.appinterfaceserver.TestOneStringArgWssUsernameToken,
>
> appinterface.seagullsw.com.appinterfaceserver.TestOneStringArgWssUsernameTokenResponse
> Nov 20, 2009 11:31:18 AM org.apache.cxf.interceptor.LoggingInInterceptor
> logging
> INFO: Inbound Message
> ----------------------------
> ID: 15
> Address: /AppInterfaceServer
> Encoding: UTF-8
> Content-Type: text/xml; charset=UTF-8
> Headers: {content-type=[text/xml; charset=UTF-8], connection=[keep-alive],
> transfer-encoding=[chunked], Host=[localhost:8070],
> SOAPAction=["test.oneStringArgWssAll"], User-Agent=[Apache CXF 2.2.5],
> Content-Type=[text/xml; charset=UTF-8], Accept=[*/*], Pragma=[no-cache],
> Cache-Control=[no-cache]}
> Payload: <soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><soap:Header><wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> soap:mustUnderstand="1"><wsu:Timestamp
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>
> wsu:Id="Timestamp-5"><wsu:Created>2009-11-20T19:31:18.544Z</wsu:Created><wsu:Expires>2009-11-20T19:31:28.544Z</wsu:Expires></wsu:Timestamp><xenc:EncryptedKey
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
> Id="EncKeyId-07EB048258FAA1C61812587454784635"><xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /><ds:KeyInfo
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <wsse:SecurityTokenReference
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><ds:X509Data>
> <ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=serverKeys</ds:X509IssuerName>
> <ds:X509SerialNumber>1205178067</ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data></wsse:SecurityTokenReference>
> </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>RL7Dc35cwFOyIjqrPbFrbTuQUjRrn4l4Xr5KGBhZlbyFCAnI/CO6oNdgk10kKajImSpFa+zw0LmrCZYhYE2k0VYs3fexwdmM6UpeIWqdEOVmpMiruqgY+39pd8AKJOqT9IQCnG9zQ3IP4TJKrdugBcYgLhsSnUvmh//mXEV96mE=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference
> URI="#EncDataId-4" /></xenc:ReferenceList></xenc:EncryptedKey><ds:Signature
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-2">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
> <ds:Reference URI="#id-3">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
> <ds:DigestValue>yVtODoPiC9+aUxFYj19IRxHI5fo=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> RDIY/X+KWeofWR0aN5ErYSxs0AOJF9DE+8K+xFZb8VPMSRFO6UBZW/x59KtzvBeUR7nlLk+QGI3G
> 6O/tz7AAKG9m7Jwkxr/dWZBWXuZNaxid9+Lh7Vx+BOes/KziskHZQyXl60zPouUpyqf1u3EMB3iC
> B76Wdy4CfppmhZFyAnA=
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-07EB048258FAA1C61812587454772262">
> <wsse:SecurityTokenReference
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="STRId-07EB048258FAA1C61812587454772283"><ds:X509Data>
> <ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=clientKeys</ds:X509IssuerName>
> <ds:X509SerialNumber>1205178070</ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature><wsse:UsernameToken
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>
> wsu:Id="UsernameToken-1"><wsse:Username>clientKeys</wsse:Username><wsse:Password
>
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>clientKeysPassword</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-3"><xenc:EncryptedData
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="EncDataId-4"
> Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; /><ds:KeyInfo
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <wsse:SecurityTokenReference
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><wsse:Reference
>
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> URI="#EncKeyId-07EB048258FAA1C61812587454784635"
> /></wsse:SecurityTokenReference>
> </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>ds6OLheJbTyDK/oxqto7mEzxdb44E3OD+HKxxI2Z44bSNccEZ02Uuw9q2SipHb313BiTXp4V6Dr9
> WAvRjMFLaqDLfvGIV7fEH9Fyx59A1qI0p/ByNX3q8KtHgxXhQBCTICk56Ja+TVO1jScEFjSm32FZ
> tNWoT1jz3qfpDnz+hs2EciXsOVA/I6/cSCpkcy0K4BU/wFKVFH486JtJq9dMQHSy6TJHYbGpVaaB
> 04mff4YlauNg2q9HXA9Cwk2iOOJMvGoA43higsinfeM/9cGZaBV+tDXikBNehKaShggsTAN/TH5N
> z9uoZq2B1J8c+aitj0TX5Y68SdZnGyIz5uIMhWSKdd7Y7yLzheU1L/ZMyMiQ4l2JQkFRUnfEFWY0
> HHy9hxEvNz61+9fzzsQLEYcZxTSZoKJ1Q1Nvzwn4R+roDRwKMPLcsWEO1EVOmDhWzHzDsP+KbmcG
> DyCxurs4xdLik0Uklo6P313g9KXeYrkR47hPGvuxnIhucLfu5oNgAX3z</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
> --------------------------------------
> Nov 20, 2009 11:31:18 AM org.apache.cxf.phase.PhaseInterceptorChain
> doIntercept
> WARNING: Interceptor has thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: Error reading XMLStreamReader.
> at
> org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:230)
> at
> org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:60)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:236)
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:109)
> at
> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:98)
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:394)
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:170)
> at
> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:142)
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179)
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159)
> at
> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
> at
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:390)
> at
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> at
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
> at
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
> at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
> at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
> at org.mortbay.jetty.Server.handle(Server.java:326)
> at
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
> at
> org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:938)
> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:842)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
> at
> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
> at
> org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)
> Caused by: com.ctc.wstx.exc.WstxParsingException: Duplicate declaration for
> namespace prefix 'wsu'.
> at [row,col {unknown-source}]: [26,230]
> at
> com.ctc.wstx.sr.StreamScanner.constructWfcException(StreamScanner.java:605)
> at com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:461)
> at
> com.ctc.wstx.sr.BasicStreamReader.handleNsAttrs(BasicStreamReader.java:3020)
> at
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2934)
> at
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2846)
> at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1019)
> at
> org.apache.cxf.staxutils.DepthXMLStreamReader.next(DepthXMLStreamReader.java:220)
> at
> org.apache.cxf.staxutils.PartialXMLStreamReader.next(PartialXMLStreamReader.java:41)
> at
> org.apache.cxf.staxutils.StaxUtils.readDocElements(StaxUtils.java:908)
> at org.apache.cxf.staxutils.StaxUtils.startElement(StaxUtils.java:826)
> at
> org.apache.cxf.staxutils.StaxUtils.readDocElements(StaxUtils.java:868)
> at org.apache.cxf.staxutils.StaxUtils.startElement(StaxUtils.java:826)
> at
> org.apache.cxf.staxutils.StaxUtils.readDocElements(StaxUtils.java:868)
> at org.apache.cxf.staxutils.StaxUtils.startElement(StaxUtils.java:826)
> at
> org.apache.cxf.staxutils.StaxUtils.readDocElements(StaxUtils.java:868)
> at org.apache.cxf.staxutils.StaxUtils.startElement(StaxUtils.java:826)
> at
> org.apache.cxf.staxutils.StaxUtils.readDocElements(StaxUtils.java:868)
> at org.apache.cxf.staxutils.StaxUtils.startElement(StaxUtils.java:826)
> at
> org.apache.cxf.staxutils.StaxUtils.readDocElements(StaxUtils.java:868)
> at org.apache.cxf.staxutils.StaxUtils.read(StaxUtils.java:755)
> at org.apache.cxf.staxutils.StaxUtils.read(StaxUtils.java:744)
> at
> org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:144)
> ... 26 more
> Nov 20, 2009 11:31:18 AM
> org.apache.cxf.interceptor.LoggingOutInterceptor$LoggingCallback onClose
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
