eclipse-ee4j/metro-saaj

Inconsistent owner document

Opened this issue · 0 comments

Hi,

I'm facing an issue that looks very similar to the one mentioned here and fixed in version 2.0.0. After migrating an application from Java 8 to Java 11, some tests were failing due to an invalid XML signature; I came across the above issue, so I've tried to update the saaj version to 2.0.0 and this solved some of our use cases except one: when the SOAPMessage is updated using wss4j then the signature is invalid, and it looks like it's happening for the same reason of the other issue: nodes have a different owner document, and this causes CanonicalizerBase#canonicalizeSubTree to include the Signature element when computing the signature. It could be a wss4j bug, but it's not happening in JDK8 or JDK11 with saaj < 1.4; also, from what I understand, wss4j is using standard DOM API to manipulate the message.

I'm attaching a project including all our use cases (load a SoapMessage from a string, build a SOAPMessage using DOM API, update a SOAPMessage using wss4j)

  • JDK8: signature is valid for any use case
  • JDK11, saaj < 1.4: signature is valid for any use case
  • JDK11, saaj >= 1.4 and < 2, signature is invalid for all the use cases (see #165)
  • JDK11, saaj >= 2: signature is valid when the SOAPMessage is loaded from a string or updated using the DOM API; it's not valid when the message is updated using wss4j (also based on DOM API)

Thanks,

lorenzo