Skip to content

Wss4jSecurityInterceptor alters CData in SOAP body #1228

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dreamdevil00 opened this issue Jan 7, 2022 · 1 comment
Open

Wss4jSecurityInterceptor alters CData in SOAP body #1228

dreamdevil00 opened this issue Jan 7, 2022 · 1 comment
Labels
type: bug A general bug
Milestone
4.0.x

Comments

@dreamdevil00
Copy link

Wss4jSecurityInterceptor escapses CDATA which is not supposed.

A minimal reproducible demo

Step to reproduce:
execute test in com.example.demo.WebServiceTest
and trace logs shows

2022-01-07 17:57:21.469 TRACE 17976 --- [           main] o.s.ws.client.MessageTracing.sent        : Sent request [<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1"><wsse:UsernameToken wsu:Id="UsernameToken-9768067b-0d6c-4b73-8cec-7a7dcc13acb1"><wsse:Username>Bob</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body><echo>&lt;req&gt;Hello World!&lt;/req&gt;</echo></SOAP-ENV:Body></SOAP-ENV:Envelope>]

If WebServiceTemplate execute the test without Wss4jSecurityInterceptor
then trace log shows

2022-01-07 17:58:53.354 TRACE 16852 --- [           main] o.s.ws.client.MessageTracing.sent        : Sent request [<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/><SOAP-ENV:Body><echo><![CDATA[<req>Hello World!</req>]]></echo></SOAP-ENV:Body></SOAP-ENV:Envelope>]

The later result is expected.
@snicoll snicoll added the status: waiting-for-triage An issue we've not yet triaged label Feb 19, 2025
@snicoll
Copy link
Member

snicoll commented Apr 4, 2025

Thanks for the report and the sample, I can reproduce with the latest version.

@snicoll snicoll added type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 4, 2025
@snicoll snicoll added this to the 4.0.x milestone Apr 4, 2025
@snicoll snicoll changed the title Wss4jSecurityInterceptor escapsed CDATA Wss4jSecurityInterceptor alters CData in SOAP body Apr 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug A general bug
Projects
None yet
Milestone
4.0.x
Development

No branches or pull requests
2 participants
@snicoll @dreamdevil00