cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <>
Subject Re: WSS4JInInterceptor more lax in enforcing actions when encountering message containing a SOAP Fault
Date Thu, 29 Jul 2010 21:22:41 GMT
On Wednesday 28 July 2010 5:09:26 pm David Valeri wrote:
> Lines 220-231 deal with the scenario where no security header is present at
> all.  It would seem that the first if condition and the final else can be
> handled by checkActions (while taking into account the ignoreActions flag).
> The middle condition looks to be a potential security flaw in that we let
> unsecured faults through without honoring the user's actions configuration.
> If the user desires different actions in the fault scenario, they would
> configure different instances of this interceptor in the fault chains. 
> What reason exists for this laxness with respect to action enforcement in
> the fault case?

Well, the main reason is that .net and MOST soap stacks (including CXF 
normally) send faults for security related things back unsecured no matter 
what policies are set on the binding/port/service level.   It's a straight 
soap fault.   Thus, if actions were enforced, the "real" fault that is sent 
back on the wire would be lost due to the fault  of enforcing the actions on 
the fault that would not be there.

Daniel Kulp

View raw message