This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch 1_5_x
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit cb786b055433f3dbdce1066753d28b51b299be83
Author: Andreas Veithen <veit...@apache.org>
AuthorDate: Tue Jan 24 07:16:43 2012 +0000
Merged r1090540 and r1235059 to the 1.5 branch.
---
.../java/org/apache/rampart/util/Axis2Util.java | 31 +++++++++++++++++++++-
1 file changed, 30 insertions(+), 1 deletion(-)
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
b/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
index 4d719e1..8eb0b55 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
@@ -35,6 +35,7 @@ import org.apache.axiom.soap.impl.dom.factory.DOMSOAPFactory;
import org.apache.rampart.handler.WSSHandlerConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.DOMConfiguration;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -89,7 +90,35 @@ public class Axis2Util {
throws WSSecurityException {
try {
if(env instanceof Element) {
- return ((Element)env).getOwnerDocument();
+ Element element = (Element)env;
+ Document document = element.getOwnerDocument();
+ // For outgoing messages, Axis2 only creates the SOAPEnvelope,
but no document. If
+ // the Axiom implementation also supports DOM, then the
envelope (seen as a DOM
+ // element) will have an owner document, but the document and
the envelope have no
+ // parent-child relationship. On the other hand, the input
expected by WSS4J is
+ // a document with the envelope as document element. Therefore
we need to set the
+ // envelope as document element on the owner document.
+ if (element.getParentNode() != document) {
+ document.appendChild(element);
+ }
+ // If the Axiom implementation supports DOM, then it is
possible/likely that the
+ // DOM API was used to create the object model (or parts of
it). In this case, the
+ // object model is not necessarily well formed with respect to
namespaces because
+ // DOM doesn't generate namespace declarations automatically.
This is an issue
+ // because WSS4J/Santuario expects that all namespace
declarations are present.
+ // If this is not the case, then signature values or
encryptions will be incorrect.
+ // To avoid this, we normalize the document. Note that if we
disable the other
+ // normalizations supported by DOM, this is generally not a
heavy operation.
+ // In particular, the Axiom implementation is not required to
expand the object
+ // model (including OMSourcedElements) because the Axiom
builder is required to
+ // perform namespace repairing, so that no modifications to
unexpanded parts of
+ // the message are required.
+ DOMConfiguration domConfig = document.getDomConfig();
+ domConfig.setParameter("split-cdata-sections", Boolean.FALSE);
+ domConfig.setParameter("well-formed", Boolean.FALSE);
+ domConfig.setParameter("namespaces", Boolean.TRUE);
+ document.normalizeDocument();
+ return document;
}
if (useDoom) {
