users@glassfish.java.net

Problem: encrypted message containing whitespaces between body and payload

From: <glassfish_at_javadesktop.org>
Date: Wed, 07 May 2008 04:12:28 PDT

Hello,

we use Glassfish (Sun Java System Application Server 9.1_02 (build b04-fcs)) and secure our WebServices using different WSIT- profiles.
A problem occurs when the the client sends a pretty-print-formated request. Then the first character after <soap:Body> is a "\n" and we got a fault when using encryption for Body content. The server side XML handling use the text node "\n" as a element node and get an error by getLocalName().
I believe it is a bug on the server side, because there is not a requirement to skip whitespace between <soap:Body> and payload element.

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
   <S:Body>
      <S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope">
         <faultcode>S:Server</faultcode>
         <faultstring>Cannot validate request</faultstring>
         <detail>
            <ns2:exception class="javax.xml.ws.WebServiceException" note="To disable this feature, set com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace system property to false" xmlns:ns2="http://jax-ws.dev.java.net/">
               <message>Cannot validate request</message>
               <ns2:stackTrace>
                  <ns2:frame class="com.sun.enterprise.webservice.CommonServerSecurityPipe" file="CommonServerSecurityPipe.java" line="175" method="processRequest"/>
                  <ns2:frame class="com.sun.enterprise.webservice.CommonServerSecurityPipe" file="CommonServerSecurityPipe.java" line="129" method="process"/>
                  <ns2:frame class="com.sun.xml.ws.api.pipe.helper.PipeAdapter" file="PipeAdapter.java" line="115" method="processRequest"/>
                  <ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="595" method="__doRun"/>
                  <ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="554" method="_doRun"/>
                  <ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="539" method="doRun"/>
                  <ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="436" method="runSync"/>
                  <ns2:frame class="com.sun.xml.ws.server.WSEndpointImpl$2" file="WSEndpointImpl.java" line="243" method="process"/>
                  <ns2:frame class="com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit" file="HttpAdapter.java" line="444" method="handle"/>
                  <ns2:frame class="com.sun.xml.ws.transport.http.HttpAdapter" file="HttpAdapter.java" line="244" method="handle"/>
                  <ns2:frame class="com.sun.xml.ws.transport.http.servlet.ServletAdapter" file="ServletAdapter.java" line="135" method="handle"/>
                  <ns2:frame class="com.sun.enterprise.webservice.JAXWSServlet" file="JAXWSServlet.java" line="176" method="doPost"/>
                  <ns2:frame class="javax.servlet.http.HttpServlet" file="HttpServlet.java" line="738" method="service"/>
                  <ns2:frame class="javax.servlet.http.HttpServlet" file="HttpServlet.java" line="831" method="service"/>
                  <ns2:frame class="org.apache.catalina.core.ApplicationFilterChain" file="ApplicationFilterChain.java" line="411" method="servletService"/>
                  <ns2:frame class="org.apache.catalina.core.ApplicationFilterChain" file="ApplicationFilterChain.java" line="317" method="internalDoFilter"/>
                  <ns2:frame class="org.apache.catalina.core.ApplicationFilterChain" file="ApplicationFilterChain.java" line="198" method="doFilter"/>
                  <ns2:frame class="org.netbeans.modules.web.monitor.server.MonitorFilter" file="MonitorFilter.java" line="390" method="doFilter"/>
                  <ns2:frame class="org.apache.catalina.core.ApplicationFilterChain" file="ApplicationFilterChain.java" line="230" method="internalDoFilter"/>
                  <ns2:frame class="org.apache.catalina.core.ApplicationFilterChain" file="ApplicationFilterChain.java" line="198" method="doFilter"/>
                  <ns2:frame class="org.apache.catalina.core.StandardWrapperValve" file="StandardWrapperValve.java" line="288" method="invoke"/>
                  <ns2:frame class="org.apache.catalina.core.StandardContextValve" file="StandardContextValve.java" line="271" method="invokeInternal"/>
                  <ns2:frame class="org.apache.catalina.core.StandardContextValve" file="StandardContextValve.java" line="202" method="invoke"/>
                  <ns2:frame class="org.apache.catalina.core.StandardPipeline" file="StandardPipeline.java" line="632" method="doInvoke"/>
                  <ns2:frame class="org.apache.catalina.core.StandardPipeline" file="StandardPipeline.java" line="577" method="doInvoke"/>
                  <ns2:frame class="com.sun.enterprise.web.WebPipeline" file="WebPipeline.java" line="94" method="invoke"/>
                  <ns2:frame class="org.apache.catalina.core.StandardHostValve" file="StandardHostValve.java" line="206" method="invoke"/>
                  <ns2:frame class="org.apache.catalina.core.StandardPipeline" file="StandardPipeline.java" line="632" method="doInvoke"/>
                  <ns2:frame class="org.apache.catalina.core.StandardPipeline" file="StandardPipeline.java" line="577" method="doInvoke"/>
                  <ns2:frame class="org.apache.catalina.core.StandardPipeline" file="StandardPipeline.java" line="571" method="invoke"/>
                  <ns2:frame class="org.apache.catalina.core.ContainerBase" file="ContainerBase.java" line="1080" method="invoke"/>
                  <ns2:frame class="org.apache.catalina.core.StandardEngineValve" file="StandardEngineValve.java" line="150" method="invoke"/>
                  <ns2:frame class="org.apache.catalina.core.StandardPipeline" file="StandardPipeline.java" line="632" method="doInvoke"/>
                  <ns2:frame class="org.apache.catalina.core.StandardPipeline" file="StandardPipeline.java" line="577" method="doInvoke"/>
                  <ns2:frame class="org.apache.catalina.core.StandardPipeline" file="StandardPipeline.java" line="571" method="invoke"/>
                  <ns2:frame class="org.apache.catalina.core.ContainerBase" file="ContainerBase.java" line="1080" method="invoke"/>
                  <ns2:frame class="org.apache.coyote.tomcat5.CoyoteAdapter" file="CoyoteAdapter.java" line="272" method="service"/>
                  <ns2:frame class="com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask" file="DefaultProcessorTask.java" line="637" method="invokeAdapter"/>
                  <ns2:frame class="com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask" file="DefaultProcessorTask.java" line="568" method="doProcess"/>
                  <ns2:frame class="com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask" file="DefaultProcessorTask.java" line="813" method="process"/>
                  <ns2:frame class="com.sun.enterprise.web.connector.grizzly.DefaultReadTask" file="DefaultReadTask.java" line="341" method="executeProcessorTask"/>
                  <ns2:frame class="com.sun.enterprise.web.connector.grizzly.DefaultReadTask" file="DefaultReadTask.java" line="263" method="doTask"/>
                  <ns2:frame class="com.sun.enterprise.web.connector.grizzly.DefaultReadTask" file="DefaultReadTask.java" line="214" method="doTask"/>
                  <ns2:frame class="com.sun.enterprise.web.portunif.PortUnificationPipeline$PUTask" file="PortUnificationPipeline.java" line="380" method="doTask"/>
                  <ns2:frame class="com.sun.enterprise.web.connector.grizzly.TaskBase" file="TaskBase.java" line="265" method="run"/>
                  <ns2:frame class="com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread" file="SSLWorkerThread.java" line="106" method="run"/>
               </ns2:stackTrace>
               <ns2:cause class="java.lang.IllegalStateException" note="To disable this feature, set com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace system property to false">
                  <message>Method getLocalName() cannot be called for CHARACTERS event.</message>
                  <ns2:stackTrace>
                     <ns2:frame class="com.sun.xml.stream.XMLReaderImpl" file="XMLReaderImpl.java" line="356" method="getLocalName"/>
                     <ns2:frame class="com.sun.xml.ws.security.opt.impl.util.FilteredXMLStreamReader" file="FilteredXMLStreamReader.java" line="163" method="getLocalName"/>
                     <ns2:frame class="com.sun.xml.stream.XMLStreamFilterImpl" file="XMLStreamFilterImpl.java" line="299" method="getLocalName"/>
                     <ns2:frame class="com.sun.xml.ws.security.opt.impl.util.VerifiedMessageXMLStreamReader" file="VerifiedMessageXMLStreamReader.java" line="140" method="getLocalName"/>
                     <ns2:frame class="com.sun.xml.ws.security.opt.impl.incoming.VerifiedStreamMessage" file="VerifiedStreamMessage.java" line="151" method="&lt;init>"/>
                     <ns2:frame class="com.sun.xml.ws.security.opt.impl.incoming.VerifiedStreamMessage" file="VerifiedStreamMessage.java" line="182" method="&lt;init>"/>
                     <ns2:frame class="com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient" file="SecurityRecipient.java" line="703" method="createMessage"/>
                     <ns2:frame class="com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient" file="SecurityRecipient.java" line="205" method="validateMessage"/>
                     <ns2:frame class="com.sun.xml.wss.provider.wsit.WSITServerAuthContext" file="WSITServerAuthContext.java" line="452" method="verifyInboundMessage"/>
                     <ns2:frame class="com.sun.xml.wss.provider.wsit.WSITServerAuthContext" file="WSITServerAuthContext.java" line="269" method="validateRequest"/>
                     <ns2:frame class="com.sun.xml.wss.provider.wsit.WSITServerAuthContext" file="WSITServerAuthContext.java" line="179" method="validateRequest"/>
                     <ns2:frame class="com.sun.enterprise.webservice.CommonServerSecurityPipe" file="CommonServerSecurityPipe.java" line="168" method="processRequest"/>
                     <ns2:frame class="com.sun.enterprise.webservice.CommonServerSecurityPipe" file="CommonServerSecurityPipe.java" line="129" method="process"/>
                     <ns2:frame class="com.sun.xml.ws.api.pipe.helper.PipeAdapter" file="PipeAdapter.java" line="115" method="processRequest"/>
                     <ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="595" method="__doRun"/>
                     <ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="554" method="_doRun"/>
                     <ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="539" method="doRun"/>
                     <ns2:frame class="com.sun.xml.ws.api.pipe.Fiber" file="Fiber.java" line="436" method="runSync"/>
                     <ns2:frame class="com.sun.xml.ws.server.WSEndpointImpl$2" file="WSEndpointImpl.java" line="243" method="process"/>
                     <ns2:frame class="com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit" file="HttpAdapter.java" line="444" method="handle"/>
                     <ns2:frame class="com.sun.xml.ws.transport.http.HttpAdapter" file="HttpAdapter.java" line="244" method="handle"/>
                     <ns2:frame class="com.sun.xml.ws.transport.http.servlet.ServletAdapter" file="ServletAdapter.java" line="135" method="handle"/>
                     <ns2:frame class="com.sun.enterprise.webservice.JAXWSServlet" file="JAXWSServlet.java" line="176" method="doPost"/>
                     <ns2:frame class="javax.servlet.http.HttpServlet" file="HttpServlet.java" line="738" method="service"/>
                     <ns2:frame class="javax.servlet.http.HttpServlet" file="HttpServlet.java" line="831" method="service"/>
                     <ns2:frame class="org.apache.catalina.core.ApplicationFilterChain" file="ApplicationFilterChain.java" line="411" method="servletService"/>
                     <ns2:frame class="org.apache.catalina.core.ApplicationFilterChain" file="ApplicationFilterChain.java" line="317" method="internalDoFilter"/>
                     <ns2:frame class="org.apache.catalina.core.ApplicationFilterChain" file="ApplicationFilterChain.java" line="198" method="doFilter"/>
                     <ns2:frame class="org.netbeans.modules.web.monitor.server.MonitorFilter" file="MonitorFilter.java" line="390" method="doFilter"/>
                     <ns2:frame class="org.apache.catalina.core.ApplicationFilterChain" file="ApplicationFilterChain.java" line="230" method="internalDoFilter"/>
                     <ns2:frame class="org.apache.catalina.core.ApplicationFilterChain" file="ApplicationFilterChain.java" line="198" method="doFilter"/>
                     <ns2:frame class="org.apache.catalina.core.StandardWrapperValve" file="StandardWrapperValve.java" line="288" method="invoke"/>
                     <ns2:frame class="org.apache.catalina.core.StandardContextValve" file="StandardContextValve.java" line="271" method="invokeInternal"/>
                     <ns2:frame class="org.apache.catalina.core.StandardContextValve" file="StandardContextValve.java" line="202" method="invoke"/>
                     <ns2:frame class="org.apache.catalina.core.StandardPipeline" file="StandardPipeline.java" line="632" method="doInvoke"/>
                     <ns2:frame class="org.apache.catalina.core.StandardPipeline" file="StandardPipeline.java" line="577" method="doInvoke"/>
                     <ns2:frame class="com.sun.enterprise.web.WebPipeline" file="WebPipeline.java" line="94" method="invoke"/>
                     <ns2:frame class="org.apache.catalina.core.StandardHostValve" file="StandardHostValve.java" line="206" method="invoke"/>
                     <ns2:frame class="org.apache.catalina.core.StandardPipeline" file="StandardPipeline.java" line="632" method="doInvoke"/>
                     <ns2:frame class="org.apache.catalina.core.StandardPipeline" file="StandardPipeline.java" line="577" method="doInvoke"/>
                     <ns2:frame class="org.apache.catalina.core.StandardPipeline" file="StandardPipeline.java" line="571" method="invoke"/>
                     <ns2:frame class="org.apache.catalina.core.ContainerBase" file="ContainerBase.java" line="1080" method="invoke"/>
                     <ns2:frame class="org.apache.catalina.core.StandardEngineValve" file="StandardEngineValve.java" line="150" method="invoke"/>
                     <ns2:frame class="org.apache.catalina.core.StandardPipeline" file="StandardPipeline.java" line="632" method="doInvoke"/>
                     <ns2:frame class="org.apache.catalina.core.StandardPipeline" file="StandardPipeline.java" line="577" method="doInvoke"/>
                     <ns2:frame class="org.apache.catalina.core.StandardPipeline" file="StandardPipeline.java" line="571" method="invoke"/>
                     <ns2:frame class="org.apache.catalina.core.ContainerBase" file="ContainerBase.java" line="1080" method="invoke"/>
                     <ns2:frame class="org.apache.coyote.tomcat5.CoyoteAdapter" file="CoyoteAdapter.java" line="272" method="service"/>
                     <ns2:frame class="com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask" file="DefaultProcessorTask.java" line="637" method="invokeAdapter"/>
                     <ns2:frame class="com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask" file="DefaultProcessorTask.java" line="568" method="doProcess"/>
                     <ns2:frame class="com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask" file="DefaultProcessorTask.java" line="813" method="process"/>
                     <ns2:frame class="com.sun.enterprise.web.connector.grizzly.DefaultReadTask" file="DefaultReadTask.java" line="341" method="executeProcessorTask"/>
                     <ns2:frame class="com.sun.enterprise.web.connector.grizzly.DefaultReadTask" file="DefaultReadTask.java" line="263" method="doTask"/>
                     <ns2:frame class="com.sun.enterprise.web.connector.grizzly.DefaultReadTask" file="DefaultReadTask.java" line="214" method="doTask"/>
                     <ns2:frame class="com.sun.enterprise.web.portunif.PortUnificationPipeline$PUTask" file="PortUnificationPipeline.java" line="380" method="doTask"/>
                     <ns2:frame class="com.sun.enterprise.web.connector.grizzly.TaskBase" file="TaskBase.java" line="265" method="run"/>
                     <ns2:frame class="com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread" file="SSLWorkerThread.java" line="106" method="run"/>
                  </ns2:stackTrace>
               </ns2:cause>
            </ns2:exception>
         </detail>
      </S:Fault>
   </S:Body>
</S:Envelope>
[Message sent by forum member 'rasc_d' (rasc_d)]

http://forums.java.net/jive/thread.jspa?messageID=273113
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.