Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2EBA4EC2F for ; Tue, 12 Feb 2013 21:16:08 +0000 (UTC) Received: (qmail 65045 invoked by uid 500); 12 Feb 2013 21:16:08 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 64985 invoked by uid 500); 12 Feb 2013 21:16:08 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 64977 invoked by uid 99); 12 Feb 2013 21:16:08 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Feb 2013 21:16:08 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Feb 2013 21:16:06 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id A6ABF2388B3A; Tue, 12 Feb 2013 21:15:47 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1445373 - in /cxf/branches/2.7.x-fixes: ./ api/src/main/java/org/apache/cxf/phase/ rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/ rt/bindings/soap/src/tes... Date: Tue, 12 Feb 2013 21:15:47 -0000 To: commits@cxf.apache.org From: dkulp@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130212211547.A6ABF2388B3A@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: dkulp Date: Tue Feb 12 21:15:47 2013 New Revision: 1445373 URL: http://svn.apache.org/r1445373 Log: Merged revisions 1443973 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/trunk ........ r1443973 | bimargulies | 2013-02-08 07:10:36 -0500 (Fri, 08 Feb 2013) | 2 lines CXF-4805: insist on GET or POST in soap messages. ........ Modified: cxf/branches/2.7.x-fixes/.gitignore cxf/branches/2.7.x-fixes/api/src/main/java/org/apache/cxf/phase/AbstractPhaseInterceptor.java cxf/branches/2.7.x-fixes/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ReadHeadersInterceptor.java cxf/branches/2.7.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/ReadHeaderInterceptorTest.java cxf/branches/2.7.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/TestUtil.java cxf/branches/2.7.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/interceptor/SoapFaultSerializerTest.java Modified: cxf/branches/2.7.x-fixes/.gitignore URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/.gitignore?rev=1445373&r1=1445372&r2=1445373&view=diff ============================================================================== --- cxf/branches/2.7.x-fixes/.gitignore (original) +++ cxf/branches/2.7.x-fixes/.gitignore Tue Feb 12 21:15:47 2013 @@ -1,3 +1,4 @@ +.idea/ *.iml *.ipr *.iws Modified: cxf/branches/2.7.x-fixes/api/src/main/java/org/apache/cxf/phase/AbstractPhaseInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/api/src/main/java/org/apache/cxf/phase/AbstractPhaseInterceptor.java?rev=1445373&r1=1445372&r2=1445373&view=diff ============================================================================== --- cxf/branches/2.7.x-fixes/api/src/main/java/org/apache/cxf/phase/AbstractPhaseInterceptor.java (original) +++ cxf/branches/2.7.x-fixes/api/src/main/java/org/apache/cxf/phase/AbstractPhaseInterceptor.java Tue Feb 12 21:15:47 2013 @@ -33,7 +33,7 @@ import org.apache.cxf.message.MessageUti * participate in phased message processing. Developers should extend from * this class when implementing custom interceptors. * Developers need to provide an implementation for handleMessage() and - * can overide the handleFault() implementation. They should not overide + * can override the handleFault() implementation. They should not override * the other methods. */ public abstract class AbstractPhaseInterceptor implements PhaseInterceptor { Modified: cxf/branches/2.7.x-fixes/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ReadHeadersInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ReadHeadersInterceptor.java?rev=1445373&r1=1445372&r2=1445373&view=diff ============================================================================== --- cxf/branches/2.7.x-fixes/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ReadHeadersInterceptor.java (original) +++ cxf/branches/2.7.x-fixes/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ReadHeadersInterceptor.java Tue Feb 12 21:15:47 2013 @@ -126,6 +126,16 @@ public class ReadHeadersInterceptor exte LOG.fine("ReadHeadersInterceptor skipped in HTTP GET method"); return; } + + /* + * Reject OPTIONS, and any other noise that is not allowed in SOAP. + */ + if (!"POST".equals((String)message.get(org.apache.cxf.message.Message.HTTP_REQUEST_METHOD))) { + Fault formula405 = new Fault("HTTP verb was not GET or POST", LOG); + formula405.setStatusCode(405); + throw formula405; + } + XMLStreamReader xmlReader = message.getContent(XMLStreamReader.class); boolean closeNeeded = false; if (xmlReader == null) { Modified: cxf/branches/2.7.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/ReadHeaderInterceptorTest.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/ReadHeaderInterceptorTest.java?rev=1445373&r1=1445372&r2=1445373&view=diff ============================================================================== --- cxf/branches/2.7.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/ReadHeaderInterceptorTest.java (original) +++ cxf/branches/2.7.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/ReadHeaderInterceptorTest.java Tue Feb 12 21:15:47 2013 @@ -29,6 +29,7 @@ import javax.activation.DataHandler; import javax.mail.util.ByteArrayDataSource; import javax.xml.stream.XMLStreamReader; +import org.apache.cxf.interceptor.Fault; import org.w3c.dom.Element; import org.apache.cxf.BusFactory; @@ -66,6 +67,19 @@ public class ReadHeaderInterceptorTest e } @Test + public void testBadHttpVerb() throws Exception { + prepareSoapMessage("test-soap-header.xml"); + soapMessage.put(Message.HTTP_REQUEST_METHOD, "OPTIONS"); + ReadHeadersInterceptor r = new ReadHeadersInterceptor(BusFactory.getDefaultBus()); + try { + r.handleMessage(soapMessage); + fail("Did not throw exception"); + } catch (Fault f) { + assertEquals(405, f.getStatusCode()); + } + } + + @Test public void testBadSOAPEnvelopeNamespace() throws Exception { soapMessage = TestUtil.createEmptySoapMessage(Soap12.getInstance(), chain); InputStream in = getClass().getResourceAsStream("test-bad-env.xml"); Modified: cxf/branches/2.7.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/TestUtil.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/TestUtil.java?rev=1445373&r1=1445372&r2=1445373&view=diff ============================================================================== --- cxf/branches/2.7.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/TestUtil.java (original) +++ cxf/branches/2.7.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/TestUtil.java Tue Feb 12 21:15:47 2013 @@ -31,10 +31,7 @@ import javax.mail.util.ByteArrayDataSour import org.apache.cxf.attachment.AttachmentImpl; import org.apache.cxf.attachment.AttachmentUtil; import org.apache.cxf.interceptor.InterceptorChain; -import org.apache.cxf.message.Attachment; -import org.apache.cxf.message.Exchange; -import org.apache.cxf.message.ExchangeImpl; -import org.apache.cxf.message.MessageImpl; +import org.apache.cxf.message.*; public final class TestUtil { @@ -90,6 +87,7 @@ public final class TestUtil { messageImpl.setExchange(exchange); SoapMessage soapMessage = new SoapMessage(messageImpl); soapMessage.setVersion(soapVersion); - return soapMessage; + soapMessage.put(Message.HTTP_REQUEST_METHOD, "POST"); + return soapMessage; } } Modified: cxf/branches/2.7.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/interceptor/SoapFaultSerializerTest.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/interceptor/SoapFaultSerializerTest.java?rev=1445373&r1=1445372&r2=1445373&view=diff ============================================================================== --- cxf/branches/2.7.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/interceptor/SoapFaultSerializerTest.java (original) +++ cxf/branches/2.7.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/interceptor/SoapFaultSerializerTest.java Tue Feb 12 21:15:47 2013 @@ -28,6 +28,7 @@ import javax.xml.soap.SOAPPart; import javax.xml.stream.XMLStreamReader; import javax.xml.stream.XMLStreamWriter; +import org.apache.cxf.message.Message; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -193,6 +194,7 @@ public class SoapFaultSerializerTest ext public void testCXF4181() throws Exception { //Try WITH SAAJ SoapMessage m = new SoapMessage(new MessageImpl()); + m.put(Message.HTTP_REQUEST_METHOD, "POST"); m.setVersion(Soap12.getInstance()); XMLStreamReader reader = StaxUtils.createXMLStreamReader(this.getClass() .getResourceAsStream("cxf4181.xml")); @@ -242,6 +244,7 @@ public class SoapFaultSerializerTest ext .getResourceAsStream("cxf4181.xml")); m.setContent(XMLStreamReader.class, reader); + m.put(Message.HTTP_REQUEST_METHOD, "POST"); new ReadHeadersInterceptor(null).handleMessage(m); new StartBodyInterceptor().handleMessage(m);