jax-ws
  1. jax-ws
  2. JAX_WS-1136

Accessing a service with a WS-Policy element containing an XPath expression with a comparison ('<') fails with a ParseError

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8
    • Fix Version/s: None
    • Component/s: runtime
    • Labels:
      None
    • Environment:

      Any Java environment running JAX-WS 2.2 (e.g. JDK 7)

      Description

      I get an exception using JAX-WS 2.2 to access a service that contains XML special characters in a WS-Policy element.

      Example:
      <wsp:Policy wsu:Id="DemoPolicy">
      <wsp:MessagePredicate>string-length(wsp:body()//tns:root) <= 4</wsp:MessagePredicate>
      </wsp:Policy>

      'wsp:MessagePredicate' may contain any XPath 1.0 expression, so this should be legal. Unfortunately, accessing such a service leads to a
      javax.xml.stream.XMLStreamException: ParseError at [row,col]:[16,221]
      Message: The content of elements must consist of well-formed character data or markup.

      The problem seems to be that the policy is parsed twice. I found that in method com.sun.xml.ws.policy.jaxws.SafePolicyReader.readPolicyElement(XMLStreamReader, String) there's a StringBuffer containing the policy element. The less character ('<') is already decoded, so I assume the WSDL war parsed into this String. In line 284 (JAX-WS RT 2.2.8), it is unmarshalled once more, leading to the Exception.

        Activity

        Hide
        ck1 added a comment - - edited

        Please note that the less character in the condition is actually escaped: string-length(wsp:body()//tns:root) &lt;= 4

        I'd like to attach a test case on this issue, how can I do that?

        Show
        ck1 added a comment - - edited Please note that the less character in the condition is actually escaped: string-length(wsp:body()//tns:root) &lt;= 4 I'd like to attach a test case on this issue, how can I do that?
        Hide
        ck1 added a comment - - edited

        The problems seems to be line 266 of SafePolicyReader:
        case XMLStreamConstants.CHARACTERS:
        elementCode.append(reader.getText()); // append text data

        The content of reader.getText() should be escaped properly.

        Show
        ck1 added a comment - - edited The problems seems to be line 266 of SafePolicyReader: case XMLStreamConstants.CHARACTERS: elementCode.append(reader.getText()); // append text data The content of reader.getText() should be escaped properly.
        Hide
        Lukas Jungmann added a comment -

        Hi ck1, send the testcase directly to me (jungicz(at)java(dot)net) and I'll attach it.
        Thx,
        --lukas

        Show
        Lukas Jungmann added a comment - Hi ck1, send the testcase directly to me (jungicz(at)java(dot)net) and I'll attach it. Thx, --lukas

          People

          • Assignee:
            Unassigned
            Reporter:
            ck1
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated: