cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Shakirin <ashaki...@talend.com>
Subject Checking of SOAP action in SoapActionInInterceptor: regression in proxy services
Date Wed, 13 Nov 2013 15:33:39 GMT
Hi,

I have a bit regression under 2.7.7 because of changes in SoapActionInInterceptor (https://fisheye6.atlassian.com/changelog/cxf?cs=1368559
)

SoapActionInInterceptor requires that the SOAPAction exactly matches to the service operation.
The problem is that there are some scenarios where the proxies using Provider<> API
process requests from different clients with any SOAPAction.

If you don't see security issue in that, I would ignore the check if SoapOperationInfo action
has default SOAP action (configured as empty in SoapBindingConfiguration):

Instead:
SoapOperationInfo soi = boi.getExtensor(SoapOperationInfo.class);
            if (soi == null || action.equals(soi.getAction())) {
                return;
            }

Will be:

SoapOperationInfo soi = boi.getExtensor(SoapOperationInfo.class);
            if ((soi == null) || StringUtils.isEmpty(soi.getAction()) || action.equals(soi.getAction()))
{
                return;
            }

WDYT?

Regards,
Andrei.


Mime
View raw message