Again, you are using the createElementNS(...) method incorrectly.
> Ok, so now we have the same "bug" (using setAttribute to declare
> namespaces) repeated in two major products. What do we do about it?
> Ignore it ? I'd rather not. I quite actually need this fixed as I can't
> very well go and change the XSS code.
Have you read the documentation for that XMLSerializer class you're using?
I've never even seen it before, but after you reported that it does not
correctly output namespace declarations, I went and looked at the JavaDocs.
In the JavaDocs for the startElement(...), there is a full page of comments
relating to what you are trying to do (getting the output to include
namespace declarations). I haven't read them in detail, and I don't intend
to, since I'm not using that class.
Before you decide that DOM2Writer, XSS, and Xerces all have bugs, you should
ensure you are creating your DOM documents correctly. If for whatever
reason, you can't correctly create the documents programmatically, you can
always create your Document by parsing a file. That way, you won't have to
read the documentation to figure out how to use the DOM APIs.
Incidentally,
> e.setAttribute("xmlns:s", "testing");
does not create a namespace declaration. It creates some attribute with the
name "xmlns:s", and the value "testing". Which is very different from a
qualified attribute with the namespace URI "http://www.w3.org/2000/xmlns/";,
the prefix "xmlns", and the value "testing".
Thanks,
-Matt
> -----Original Message-----
> From: James M Snell [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 28, 2001 3:24 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Bug with DOM2Writer
>
>
> Well, the problem is that I don't have control over the code
> using the DOM
> API to create the element. The problem is in the XML Security Suite
> code. It creates the DOM element for the digital signature, "declaring"
> the namespace by setting the attribute.
>
> I'll submit the issue to the XSS team, but since the suite is
> already out
> on alphaWorks (and already in some products... e.g. WebSphere 4.0), and
> since many many people use this way of declaring namespaces we
> may want to
> consider providing a work around in our code.
>
> Also, this is not entirely without precedent. The XML serializer that
> ships with Xerces does not output xmlns declarations unless they are set
> as attributes. For example, using the following code:
>
> <snip>
> DocumentBuilderFactory dbf =
> DocumentBuilderFactory.newInstance();
> dbf.setNamespaceAware(true);
> dbf.setValidating(false);
> DocumentBuilder db = dbf.newDocumentBuilder();
> Document d = db.newDocument();
>
> Element e = d.createElementNS("testing", "test");
> e.setPrefix("s");
>
> StringWriter sw = new StringWriter();
> OutputFormat of = new OutputFormat();
> of.setIndenting(true);
> XMLSerializer x = new XMLSerializer(sw,of);
> x.serialize(e);
>
> System.out.println(sw.toString());
> </snip>
>
> yields the improper result:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <s:test />
>
> while adding the line:
>
> e.setAttribute("xmlns:s", "testing");
>
> produces the proper, expected result:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <s:test xmlns:s="testing" />
>
> Ok, so now we have the same "bug" (using setAttribute to declare
> namespaces) repeated in two major products. What do we do about it?
> Ignore it ? I'd rather not. I quite actually need this fixed as I can't
> very well go and change the XSS code.
>
> If the change is not made, we run the risk of having code that currently
> works outside of Apache SOAP not work within Apache SOAP, which
> would be a
> very bad thing. What's the easiest thing to do? I'm sure providing a
> simple workaround like what I've done here is much better than telling
> users to bugger off and write "proper" code; especially when doing so
> would have an impact on products already on the market.
>
> But, if you still disagree, I recommend that we put it to a vote.
>
> - James Snell
> Software Engineer, Internet Emerging Technologies, IBM
> James M Snell/Fresno/IBM - [EMAIL PROTECTED]
> These things I have spoken to you, so that in Me you may have peace.
> In the world you have tribulation, but take courage; I have overcome the
> world.
> - John 16:33
>
> Please respond to [EMAIL PROTECTED]
> To: <[EMAIL PROTECTED]>, Matthew Duftler/Watson/IBM@IBMUS, Sam
> Ruby/Raleigh/IBM@IBMUS
> cc:
> Subject: Re: Bug with DOM2Writer
>
>
>
> This is not a bug. So please do not commit this change!
>
> The problem is that you're using the DOM APIs incorrectly.
> If you start creating attributes that look like qualified names,
> then you'll confuse the writer (and lots of other things). If you
> want to create a namespaced attribute, then there's a right way
> to do it - you are doing it the wrong way. The key point is
> that xmlns:s is *not* an attribute of the {testing}test element.
>
> Sanjiva.
>
> ----- Original Message -----
> From: "James M Snell" <[EMAIL PROTECTED]>
> To: "Matthew Duftler" <[EMAIL PROTECTED]>; "Sam Ruby" <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>
> Sent: Friday, September 28, 2001 2:53 AM
> Subject: Bug with DOM2Writer
>
>
> > Package: org.apache.soap.util.xml.DOM2Writer
> >
> > Problem: In some cases, the DOM2Writer will output duplicate XML
> namespace
> > declarations on a single element, thereby making the XML output invalid.
> >
> > Example, let's say I want to create the following XML output:
> >
> > <s:test xmlns:s="testing>
> > <hello />
> > </s:test>
> >
> > To do so, I use the following code.
> >
> > Document doc = ... create document
> > Element test = doc.createElementNS("testing", "test");
> > test.setPrefix("s");
> > test.setAttribute("xmlns:s", "testing");
> > Element hello = doc.createElementNS("testing", "hello");
> > test.appendChild(hello);
> > doc.appendChild(test);
> >
> > Run this through the DOM2Writer, and the output is:
> >
> > <s:test xmlns:s="testing" xmlns:s="testing">
> > <hello />
> > </s:test>
> >
> > Notice the duplicate xmlns:s declarations.
> >
> > This is caused by the fact that the xmlns:s declaration is set as an
> > attribute on the element. DOM2Writer checks to see if the element
> > namespace and prefix have been declared before serializing all of the
> > attributes. In this case, if the "s" prefix for the "testing" namespace
> > has not been declared, the xmlns:s="testing" is added to the XML output.
> > Then, however, the attributes are looped through and
> serialized, causing
> a
> > duplicate declaration to be printed.
> >
> > Why am I adding the test.setAttribute("xmlns:s", "testing")? Because
> > that's about the only ways to declare namespaces in the DOM API. I
> could
> > get around this problem by simply removing the
> > test.setAttribute("xmlns:s", "testing") line, but unfortunately, I don't
> > have access to the code that creates the real DOM document I'm trying to
> > work with (the above is just an example). So the setAttribute line
> > remains and we have to work around the problem within the DOM2Writer.
> >
> > Proposed Solution:
> >
> > When looping through the attributes, check to see if the attribute is an
> > XML namespace declaration, and if so, whether or not the namespace has
> > already been declared. If so, skip it and move on.
> >
> > The proposed modified DOM2Writer is attached. Can somebody please
> review
> > to make sure that my head is screwed on straight and I didn't overlook
> > something before I commit it.
> >
> >
> >
> > - James Snell
> > Software Engineer, Internet Emerging Technologies, IBM
> > James M Snell/Fresno/IBM - [EMAIL PROTECTED]
> > These things I have spoken to you, so that in Me you may have peace.
> > In the world you have tribulation, but take courage; I have overcome the
> > world.
> > - John 16:33
>
>
>
