search

OfficeDev / ews-java-api

A java client library to access Exchange web services. The API works against Office 365 Exchange Online as well as on premises Exchange.
MIT License
867 stars 557 forks source link

Fix #746 #768

Open iaavo opened 1 year ago

iaavo commented 1 year ago

Fixes #746

Root cause is the line 85 of WSSecurityBasedCredentials.java:

  protected static final String wsAddressingHeadersFormat =
      "<wsa:Action soap:mustUnderstand='1'>http://schemas.microsoft.com/exchange/services/2006/messages/%s</wsa:Action>"
          +
          "<wsa:ReplyTo><wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>" +
          "</wsa:ReplyTo>" +
          "<wsa:To soap:mustUnderstand='1'>%s</wsa:To>";

This string is passed on to the xmlWriter in line 201:

    // Format the WS-Addressing headers.
    String wsAddressingHeaders = String.format(
        WSSecurityBasedCredentials.wsAddressingHeadersFormat,
        webMethodName, this.ewsUrl);

    // And write them out...
    xmlWriter.writeCharacters(wsAddressingHeaders);

The xmlWriter however, will escape the characters < and > to its corresponding html escape values &lt; and &gt; and then send a malformed xml body to the exchangeService. The backend can't parse the xml body and fails with an internal server error.

This fix simply uses the default xml writer implementation and instructs it to not escape characters.