spring-ws icon indicating copy to clipboard operation
spring-ws copied to clipboard
verified publisher icon spring-projects

XwsSecurityInterceptor not accepting the SAML token in proper xml format [SWS-1081]

Open gregturn opened this issue 6 years ago • 0 comments

muralidev81 opened SWS-1081 and commented

https://mvnrepository.com/artifact/com.sun.xml.xws/xws-security/3.0

We encountered below mentioned ClassCastException while processing SAML token from SOAP WSSE header. Its happening when given SAML token is in proper XML format (means with new lines, spaces and indentation). The same works fine when token given in same line (without spaces).

Exception:

org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor.handleValidationException Could not validate request: java.lang.ClassCastException: com.sun.xml.messaging.saaj.soap.impl.SOAPTextImpl cannot be cast to org.w3c.dom.Element; nested exception is com.sun.xml.wss.XWSSecurityException: java.lang.ClassCastException: com.sun.xml.messaging.saaj.soap.impl.SOAPTextImpl cannot be cast to org.w3c.dom.Element
 

We've verified the code and found where is it happening.

 jar:        xws-security-3.0.jar

Package: com.sun.xml.wss.impl.filter;

Class:  ImportSamlAssertionFilter

Method:  process(FilterProcessingContext context)

Element elem = null;

for(Iterator iter = wsseSecurity.getChildElements(); iter.hasNext();){
    elem = (Element)iter.next();

Fix would be something similar to this https://github.com/mulderbaba/webservices-osgi/blob/master/com/sun/xml/wss/impl/filter/ImportSamlAssertionFilter.java

 Element elem = null;Element elem = null;    
 for (Iterator iter = wsseSecurity.getChildElements(); iter.hasNext();) {
    Object obj = iter.next(); 
 
    if(obj instanceof Text) { continue; } 
    if (obj instanceof Element) { elem = (Element) obj;

Affects: 3.0.0.RELEASE

gregturn avatar Dec 17 '19 11:12 gregturn