Uploaded image for project: 'ZZZ-WSO2 ESB'
  1. ZZZ-WSO2 ESB
  2. ESBJAVA-1053

[Clone Mediator] - Attributes of <soapenv:Body> element dropped after processed by Clone mediator making security scenarios fail

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Highest
    • Resolution: Fixed
    • Affects Version/s: 4.5.0
    • Fix Version/s: 4.5.0
    • Component/s: Mediators
    • Labels:
      None
    • Environment:
    • Severity:
      Blocker
    • Estimated Complexity:
      Moderate
    • Test cases added:
      Yes

      Description

      Steps to reproduce

      1. Used the following configuration

      <?xml version="1.0" encoding="UTF-8"?><definitions xmlns="http://ws.apache.org/ns/synapse">
      <registry provider="org.wso2.carbon.mediation.registry.WSO2Registry">
      <parameter name="cachableDuration">15000</parameter>
      </registry>
      <proxy name="cloneProxy" transports="https http" startOnLoad="true" trace="disable">
      <description/>
      <target>
      <inSequence>
      <log level="full"/>
      <clone>
      <target endpoint="wsas_epr"/>
      </clone>
      </inSequence>
      <outSequence>
      <log level="full"/>
      <aggregate>
      <completeCondition>
      <messageCount min="-1" max="-1"/>
      </completeCondition>
      <onComplete xmlns:ns="http://org.apache.synapse/xsd" xmlns:ns3="http://org.apache.synapse/xsd" xmlns:m0="http://services.samples" expression="//m0:getQuoteResponse">
      <send/>
      </onComplete>
      </aggregate>
      </outSequence>
      </target>
      <publishWSDL uri="http://10.200.3.75:9770/services/SimpleStockQuoteService?wsdl"/>
      </proxy>
      <endpoint name="epr">
      <address uri="http://localhost:9001/services/SimpleStockQuoteService"/>
      </endpoint>
      <sequence name="fault">
      <log level="full">
      <property name="MESSAGE" value="Executing default 'fault' sequence"/>
      <property name="ERROR_CODE" expression="get-property('ERROR_CODE')"/>
      <property name="ERROR_MESSAGE" expression="get-property('ERROR_MESSAGE')"/>
      </log>
      <drop/>
      </sequence>
      <sequence name="main">
      <log/>
      <drop/>
      </sequence>
      </definitions>

      2. Sent the following request

      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.samples" xmlns:xsd="http://services.samples/xsd">
      <soapenv:Header/>
      <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-971258737">
      <ser:getQuote txt="thika">
      <ser:request>
      <xsd:symbol text="evanthika">IBM</xsd:symbol>
      </ser:request>
      </ser:getQuote>
      </soapenv:Body>
      </soapenv:Envelope>

      3. When monitored through TCPMon, noticed that the attributes of the <soapenv:Body> element were dropped as shown below (in the message sent from ESB to backend server after going through the Clone mediator)

      <?xml version='1.0' encoding='UTF-8'?>
      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
      <soapenv:Body>
      <ser:getQuote xmlns:ser="http://services.samples" txt="thika">
      <ser:request>
      <xsd:symbol xmlns:xsd="http://services.samples/xsd" text="evanthika">IBM</xsd:symbol>
      </ser:request>
      </ser:getQuote>
      </soapenv:Body>
      </soapenv:Envelope>

      Due to this reason, security scenarios fail since the client send a message where it has security attributes in it's <soapenv:Body>.

        Attachments

          Activity

            People

            • Assignee:
              ishan@wso2.com Ishan Jayawardena
              Reporter:
              evanthika@wso2.com Evanthika Amarasiri
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: