Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

saaj-impl 1.5.3 regression with WS-Security and Apache Santuario #183

Closed
sephiroth-j opened this issue Jun 17, 2021 · 2 comments · Fixed by #211
Closed

saaj-impl 1.5.3 regression with WS-Security and Apache Santuario #183

sephiroth-j opened this issue Jun 17, 2021 · 2 comments · Fixed by #211

Comments

@sephiroth-j
Copy link
Contributor

After updating to jaxws-rt 2.3.4 with saaj-impl 1.5.3 an exception occurs when validating incoming SOAP messages secured with ws-security using wssx-impl 2.4.5.

This as been also reported as SANTUARIO-570 and it might be related to #171.

How to reproduce

Please see the attached sample project. It contains a README how to reproduce the error.
metro-jax-ws-issue-226.zip

Exception

com.sun.xml.wss.XWSSecurityException: org.w3c.dom.DOMException: NOT_FOUND_ERR: An attempt is made to reference a node in a context where it does not exist.
        at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:128)
        at de.sephiroth_j.demo.echo.WsSecurityHandler.verifyMessage(WsSecurityHandler.java:108)
        at de.sephiroth_j.demo.echo.WsSecurityHandler.handleMessage(WsSecurityHandler.java:67)
        at de.sephiroth_j.demo.echo.WsSecurityHandler.handleMessage(WsSecurityHandler.java:22)
        at com.sun.xml.ws.handler.HandlerProcessor.callHandleMessage(HandlerProcessor.java:259)
        at com.sun.xml.ws.handler.HandlerProcessor.callHandlersRequest(HandlerProcessor.java:110)
        at com.sun.xml.ws.handler.ServerSOAPHandlerTube.callHandlersOnRequest(ServerSOAPHandlerTube.java:108)
        at com.sun.xml.ws.handler.HandlerTube.processRequest(HandlerTube.java:97)
        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
        at com.sun.xml.ws.api.pipe.Fiber.run(Fiber.java:783)
        at com.sun.xml.ws.api.pipe.Fiber.start(Fiber.java:390)
        at com.sun.xml.ws.server.WSEndpointImpl.processAsync(WSEndpointImpl.java:348)
        at com.sun.xml.ws.server.WSEndpointImpl.process(WSEndpointImpl.java:378)
        at com.sun.xml.ws.transport.http.HttpAdapter.invokeAsync(HttpAdapter.java:704)
        at com.sun.xml.ws.transport.http.servlet.ServletAdapter.invokeAsync(ServletAdapter.java:182)
        at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doGet(WSServletDelegate.java:131)
        at com.sun.xml.ws.transport.http.servlet.WSServletDelegate.doPost(WSServletDelegate.java:167)
        at com.sun.xml.ws.transport.http.servlet.WSServlet.doPost(WSServlet.java:51)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:652)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1707)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.base/java.lang.Thread.run(Thread.java:831)
Caused by: com.sun.xml.wss.XWSSecurityException: org.w3c.dom.DOMException: NOT_FOUND_ERR: An attempt is made to reference a node in a context where it does not exist.
        at com.sun.xml.wss.impl.dsig.SignatureProcessor.verify(SignatureProcessor.java:892)
        at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:608)
        at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:69)
        at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:248)
        at com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:840)
        at com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:792)
        at com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:231)
        at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:126)
        ... 43 common frames omitted
Caused by: org.w3c.dom.DOMException: NOT_FOUND_ERR: An attempt is made to reference a node in a context where it does not exist.
        at java.xml/com.sun.org.apache.xerces.internal.dom.ElementImpl.setIdAttributeNode(ElementImpl.java:931)
        at com.sun.xml.messaging.saaj.soap.impl.ElementImpl.setIdAttributeNode(ElementImpl.java:1695)
        at org.apache.jcp.xml.dsig.internal.dom.DOMKeyInfo.<init>(DOMKeyInfo.java:107)
        at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.<init>(DOMXMLSignature.java:152)
        at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshal(DOMXMLSignatureFactory.java:191)
        at org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshalXMLSignature(DOMXMLSignatureFactory.java:147)
        at com.sun.xml.wss.impl.dsig.SignatureProcessor.verify(SignatureProcessor.java:750)
        ... 50 common frames omitted
@sephiroth-j
Copy link
Contributor Author

@lukasj, would be great if you could have look at this issue. In June we talked about it in eclipse-ee4j/metro-jax-ws#226

@sephiroth-j sephiroth-j mentioned this issue Apr 17, 2023
Open
@sephiroth-j
Copy link
Contributor Author

sephiroth-j commented Apr 18, 2023
edited
Loading

While testing with the changes of #173 I found the reason for this error and the fix is quite easy.

Similar to removeAttributeNode(Attr) in ElementImpl, setIdAttributeNode(Attr, boolean) must be invoked with the actual delegate attribute instance and not with the instance of com.sun.xml.messaging.saaj.soap.impl.AttrImpl. Because element is of type com.sun.org.apache.xerces.internal.dom.ElementNSImpl and the owner element of the given attribute is of type com.sun.xml.messaging.saaj.soap.impl.ElementImpl calling element.setIdAttributeNode with the SAAJ attribute does not work.

removeAttributeNode

metro-saaj/saaj-ri/src/main/java/com/sun/xml/messaging/saaj/soap/impl/ElementImpl.java

Lines 109 to 115 in f4dc3e3

@Override
public Attr removeAttributeNode(Attr oldAttr) throws DOMException {
if (oldAttr instanceof AttrImpl) {
oldAttr = ((AttrImpl)oldAttr).delegate;
}
return element.removeAttributeNode(oldAttr);
}

So, this will fix the error.

metro-saaj/saaj-ri/src/main/java/com/sun/xml/messaging/saaj/soap/impl/ElementImpl.java

Lines 1676 to 1679 in f4dc3e3

@Override
public void setIdAttributeNode(Attr idAttr, boolean isId) throws DOMException {
element.setIdAttributeNode(idAttr, isId);
} 

     @Override
     public void setIdAttributeNode(Attr idAttr, boolean isId) throws DOMException {
-        element.setIdAttributeNode(idAttr, isId);
+        if (idAttr instanceof AttrImpl) {
+            element.setIdAttributeNode(((AttrImpl)idAttr).delegate, isId);
+        } else {
+            element.setIdAttributeNode(idAttr, isId);
+        }
     }

sephiroth-j added a commit to sephiroth-j/metro-saaj that referenced this issue Apr 18, 2023
@sephiroth-j
fix inconsistent owner element for setIdAttributeNode
3ccb078 
This change fixes the delegation of setting the ID attribute node.

fixes eclipse-ee4j#183

Signed-off-by: Ronny Perinke <23166289+sephiroth-j@users.noreply.github.com>
@sephiroth-j sephiroth-j mentioned this issue Apr 18, 2023
Merged
lukasj pushed a commit that referenced this issue Apr 29, 2023
@sephiroth-j
#183: fix inconsistent owner element for setIdAttributeNode (#211)
0b8cd17 
Signed-off-by: Ronny Perinke <23166289+sephiroth-j@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#183: fix inconsistent owner element for setIdAttributeNode sephiroth-j/metro-saaj
1 participant
@sephiroth-j