1 Reply Latest reply on Jan 17, 2018 8:17 AM by user10654662

    Get raw soap message from soap context is not valid anymore

    user10654662

      I've been dealing with webservices with XML signature over the last 10 years with no problem at all from both sides (client or server). But now, since java 1.8.141 our applications started to fail due invalid signature error.

       

      We use handlers in order to "capture" de request (or response) and take the soap message in "raw". Signature process takes this raw message in order to calculate the hash. We have noticed that since 1.8.141, the received soap message from the soap context is different from the one that really goes via http.

       

      To check this, we run one of our clients with the following parameters:

       

          -Dcom.sun.xml.ws.transport.http.client.HttpTransportPipe.dump=true
          -Dcom.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.dump=true
          -Dcom.sun.xml.ws.transport.http.HttpAdapter.dump=true
          -Dcom.sun.xml.internal.ws.transport.http.HttpAdapter.dump=true

       

      We use the "classical" code to get the raw soap message:

       

         public String getRawSoap(SOAPMessageContext context) throws IOException {
            ByteArrayOutputStream baos = new ByteArrayOutputStream();
            SOAPMessage message = context.getMessage();
            message.writeTo(baos);
            return baos.toString(StandardCharsets.UTF_8.name());
         }

       

      But we are facing this situation:

       

      Raw response taken from http context (http headers have been removed for clarity, this is the debug output that we get with the previous said parameters)

       

          <?xml version='1.0' encoding='UTF-8'?>
          <SOAP-ENV:Envelope xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope">
          <SOAP-ENV:Body>
            <ResponseMessage xmlns="http://iec.ch/TC57/2011/schema/message">
             <Header>
           . . . (more xml here)

       

      Soap message that we get from SOAP Context:

       

         <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:env="http://www.w3.org/2003/05/soap-envelope">
          <env:Header/>
          <SOAP-ENV:Body xmlns="http://iec.ch/TC57/2011/schema/message">
            <ResponseMessage>
              <Header xmlns="http://iec.ch/TC57/2011/schema/message">
           . . . (more xml here)

       

      Note that the namespace declarations now appears in different tags, so the xml has been modified and the signature (not shown in the example) is invalid.

      We have created a java bug for this (JDK-8186441) but it has been marked as resolved for...version 10!. We need our system to work now, we cannot wait several months to get release 10.

       

      Any help is appreciated.