Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-1081

XwsSecurityInterceptor not accepting the SAML token in proper xml format

    XMLWordPrintable

    Details

      Description

      https://mvnrepository.com/artifact/com.sun.xml.xws/xws-security/3.0

      We encountered below mentioned ClassCastException while processing SAML token from SOAP WSSE header. Its happening when given SAML token is in proper XML format (means with new lines, spaces and indentation). The same works fine when token given in same line (without spaces).

      Exception:

      org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor.handleValidationException Could not validate request: java.lang.ClassCastException: com.sun.xml.messaging.saaj.soap.impl.SOAPTextImpl cannot be cast to org.w3c.dom.Element; nested exception is com.sun.xml.wss.XWSSecurityException: java.lang.ClassCastException: com.sun.xml.messaging.saaj.soap.impl.SOAPTextImpl cannot be cast to org.w3c.dom.Element
       
      

      We've verified the code and found where is it happening.

       jar:        xws-security-3.0.jar

      Package: com.sun.xml.wss.impl.filter;

      Class:  ImportSamlAssertionFilter

      Method:  process(FilterProcessingContext context)

      Element elem = null;
      
      for(Iterator iter = wsseSecurity.getChildElements(); iter.hasNext();){
          elem = (Element)iter.next();
      

      Fix would be something similar to this https://github.com/mulderbaba/webservices-osgi/blob/master/com/sun/xml/wss/impl/filter/ImportSamlAssertionFilter.java

       Element elem = null;Element elem = null;    
       for (Iterator iter = wsseSecurity.getChildElements(); iter.hasNext();) {
          Object obj = iter.next(); 
       
          if(obj instanceof Text) { continue; } 
          if (obj instanceof Element) { elem = (Element) obj;
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            muralidev81 muralidev81
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: