Security with List data type dropping xs namespace declaration

[glassfishrobot]

This one is a duplicate of : https://wsit.dev.java.net/issues/show_bug.cgi?id=868

A workaround has been checked in for 868. This one has been filed to track a proper fix for the issue in 1.4

Environment

Operating System: All Platform: All

Affected Versions

[current]

[glassfishrobot]

Reported by kumarjayanti@java.net

[glassfishrobot]

kumarjayanti@java.net said: Marking it for 1.4

[glassfishrobot]

ashutoshshahi@java.net said:

• • • Issue 1013 has been marked as a duplicate of this issue. ***

[glassfishrobot]

ashutoshshahi@java.net said: This issue is now fixed for Sign, and Sign + Encrypt scenario. We had to do some changes in streambuffer for it. The issue still exists for plain Encryption scenario. We might need some assistance from JAXB to make it work for plain Encryption cases.

For now, the workaround should be to use Sign+Encrypt if encryption is required, or use non-optimized security.

Ashutosh

[glassfishrobot]

jdg6688@java.net said: Set the target to 1.5 and downgrade since the important cases of sign, sign/encrypt are fixed.

[glassfishrobot]

jdg6688@java.net said: Keep it as P2.

[glassfishrobot]

m_potociar@java.net said: Reassigning to component owner & updating target milestone to 2.0

[glassfishrobot]

kumarjayanti@java.net said: As discussed in Tango-Tech on 26th Oct this issue needs some concentrated effort to address the last piece. We may require help from JAXB in getting to know prefixes that were not visibly utilized (specifically those used inside an attribute value). This can then be used during canonicalization.

[glassfishrobot]

@vbkumarjayanti said: The last part of the fix is still pending however the issue with all the partial fixes and workaround that exists has not been encountered by users in the last 1 year.

[glassfishrobot]

This issue was imported from java.net JIRA WSIT-971