cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Fixing MTOM warnings with WS-Security
Date Wed, 01 Jul 2015 16:19:33 GMT
Repository: cxf
Updated Branches:
  refs/heads/master e1d0a78fa -> b1c7e0eb4


Fixing MTOM warnings with WS-Security


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b1c7e0eb
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b1c7e0eb
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b1c7e0eb

Branch: refs/heads/master
Commit: b1c7e0eb4e37e8b49cc8fb78b91fd2f193e3adff
Parents: e1d0a78
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Jul 1 15:27:24 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Jul 1 17:19:30 2015 +0100

----------------------------------------------------------------------
 .../ws/security/wss4j/WSS4JOutInterceptor.java  | 38 ++++++++------------
 .../org/apache/cxf/systest/ws/mtom/client.xml   |  4 ---
 2 files changed, 14 insertions(+), 28 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/b1c7e0eb/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
index 37cb572..5e07fdd 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
@@ -30,7 +30,7 @@ import java.util.logging.Logger;
 import javax.xml.soap.SOAPMessage;
 
 import org.w3c.dom.Document;
-
+import org.apache.cxf.attachment.AttachmentUtil;
 import org.apache.cxf.binding.soap.SoapFault;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.SoapVersion;
@@ -80,34 +80,15 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
         setProperties(props);
     }
     
+    @Deprecated
     public boolean isAllowMTOM() {
         return mtomEnabled;
     }
     
-    /**
-     * Enable or disable mtom with WS-Security. MTOM is disabled if we are signing or
-     * encrypting the message Body, as otherwise attachments would not get encrypted
-     * or be part of the signature.
-     * @param mtomEnabled
-     */
+    @Deprecated
     public void setAllowMTOM(boolean allowMTOM) {
         this.mtomEnabled = allowMTOM;
     }
-    
-    protected void handleSecureMTOM(SoapMessage mc, List<HandlerAction> actions) {
-        if (mtomEnabled) {
-            return;
-        }
-        
-        //must turn off mtom when using WS-Sec so binary is inlined so it can
-        //be properly signed/encrypted/etc...
-        String mtomKey = org.apache.cxf.message.Message.MTOM_ENABLED;
-        if (mc.get(mtomKey) == Boolean.TRUE) {
-            LOG.warning("MTOM will be disabled as the WSS4JOutInterceptor.mtomEnabled property"
-                    + " is set to false");
-        }
-        mc.put(mtomKey, Boolean.FALSE);
-    }
 
     @Override
     public Object getProperty(Object msgContext, String key) {
@@ -213,8 +194,12 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
                 reqData.setMsgContext(mc);
                 reqData.setAttachmentCallbackHandler(new AttachmentCallbackHandler(mc));
                 
-                handleSecureMTOM(mc, actions);
-    
+                if (AttachmentUtil.isMtomEnabled(mc) && hasAttachments(mc)) {
+                    LOG.warning("MTOM is enabled with WS-Security. Please note that if an
attachment is"
+                        + "referenced in the SOAP Body, only the reference will be signed
and not the"
+                        + "SOAP Body!");
+                }
+                
                 /*
                  * For every action we need a username, so get this now. The
                  * username defined in the deployment descriptor takes precedence.
@@ -306,6 +291,11 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
             //nothing
         }
         
+        private boolean hasAttachments(SoapMessage mc) {
+            final Collection<org.apache.cxf.message.Attachment> attachments = mc.getAttachments();
+            return attachments != null && attachments.size() > 0;
+        }
+        
         private void configureActions(SoapMessage mc, boolean doDebug,
                 SoapVersion version, WSSConfig config) {
             

http://git-wip-us.apache.org/repos/asf/cxf/blob/b1c7e0eb/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
index be8f8ec..b668025 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
@@ -50,9 +50,6 @@
                 </constructor-arg>
             </bean>
         </jaxws:inInterceptors>
-        <jaxws:properties>
-            <entry key="mtom-enabled" value="true"/>
-        </jaxws:properties>
     </jaxws:client>
     
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSignedMTOMSwAPort"
createdFromAPI="true">
@@ -69,7 +66,6 @@
                         <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
                     </map>
                 </constructor-arg>
-                <property name="allowMTOM" value="true"/>
             </bean>
         </jaxws:outInterceptors>
         <jaxws:inInterceptors>


Mime
View raw message