Affects Version/s: 2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8
Fix Version/s: None
Any Java environment running JAX-WS 2.2 (e.g. JDK 7)
I get an exception using JAX-WS 2.2 to access a service that contains XML special characters in a WS-Policy element.
<wsp:MessagePredicate>string-length(wsp:body()//tns:root) <= 4</wsp:MessagePredicate>
'wsp:MessagePredicate' may contain any XPath 1.0 expression, so this should be legal. Unfortunately, accessing such a service leads to a
javax.xml.stream.XMLStreamException: ParseError at [row,col]:[16,221]
Message: The content of elements must consist of well-formed character data or markup.
The problem seems to be that the policy is parsed twice. I found that in method com.sun.xml.ws.policy.jaxws.SafePolicyReader.readPolicyElement(XMLStreamReader, String) there's a StringBuffer containing the policy element. The less character ('<') is already decoded, so I assume the WSDL war parsed into this String. In line 284 (JAX-WS RT 2.2.8), it is unmarshalled once more, leading to the Exception.