wsit
  1. wsit
  2. WSIT-1540

Metadata/MetadataSection/Location element not properly handled

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 2.1
    • Fix Version/s: None
    • Component/s: mex
    • Labels:
      None

      Description

      From WS-MetdataExchange Version 1.1:

      /mex:Metadata/mex:MetadataSection/mex:Location
      This contains a URL to metadata, and the metadata MUST be retrievable from that URL using the primary access mechanism for the scheme of the URL. For example, for an HTTP URL, the metadata MUST be retrievable by sending an HTTP GET request to the URL. When this element is present, it MUST have no element siblings.

      Metro does a WS-Transfer Get operation instead of an HTTP GET.

      In the case of a .NET WIF STS with staticly hosted WSDL, the mex call returns:

      <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope">
      <s:Header>
      <a:Action s:mustUnderstand="1" xmlns:a="http://www.w3.org/2005/08/addressing">http://schemas.xmlsoap.org/ws/2004/09/transfer/GetResponse</a:Action>
      <a:RelatesTo xmlns:a="http://www.w3.org/2005/08/addressing">uuid:778b135f-3fdf-44b2-b53e-ebaab7441e40</a:RelatesTo>
      </s:Header>
      <s:Body>
      <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
      <wsx:MetadataSection Dialect="http://schemas.xmlsoap.org/wsdl/" xmlns="">
      <wsx:Location>https://thirdparty.authentication.business.gov.au/R3.0/vanguard/S007v1.1/Service.svc?wsdl</wsx:Location>
      </wsx:MetadataSection>
      </Metadata>
      </s:Body>
      </s:Envelope>

      In com.sun.xml.ws.mex.client.MetadataClient.java, getServiceInformation uses retrieveMetadata to retrieve the metadata at the Location which fails as it is performing WS-Transfer Get operation instead of an HTTP GET.

        Activity

        Hide
        ritzmann added a comment -

        Jiandong, could you please evaluate this issue?

        Show
        ritzmann added a comment - Jiandong, could you please evaluate this issue?
        Hide
        symonchang added a comment -

        This is not a WSIT security problem, and should be fixed by WS-MetdataExchange side.

        Show
        symonchang added a comment - This is not a WSIT security problem, and should be fixed by WS-MetdataExchange side.

          People

          • Assignee:
            symonchang
            Reporter:
            iotto
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: