cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marc Giger (JIRA)" <j...@apache.org>
Subject [jira] Created: (CXF-1491) ReadHeadersInterceptor reads to much after parsing soap-header and breaks wss signature
Date Tue, 25 Mar 2008 21:59:24 GMT
ReadHeadersInterceptor reads to much after parsing soap-header and breaks wss signature
---------------------------------------------------------------------------------------

                 Key: CXF-1491
                 URL: https://issues.apache.org/jira/browse/CXF-1491
             Project: CXF
          Issue Type: Bug
    Affects Versions: 2.0.4
            Reporter: Marc Giger
            Priority: Critical


On line 176 in ReadHeadersInterceptor there is the following code:

/// advance just past body.
//xmlReader.nextTag();
if (message.getVersion().getFault().equals(xmlReader.getName())) {
    Endpoint ep = message.getExchange().get(Endpoint.class);
    if (!isDecoupled(message)) {
        message.getInterceptorChain().abort();
        if (ep.getInFaultObserver() != null) {
            ep.getInFaultObserver().onMessage(message);
        }
    } else {
        message.getExchange().put("deferred.fault.observer.notification", Boolean.TRUE);
    }
} 

xmlReader.nextTag(); reads to much. After the body-element it is possible to have a text-node
which is part of signature-digest when the whole
body is signed. With this statement we skip this text-node and as result the signature is
invalid.
xmlReader.next() solves that problem but the code that follows it stops working...of course.

Btw: If I understand the code correctly, if the incoming mesage is a soap-fault the InFaultChain
is called. Is ReadHeadersInterceptor the right place to check for a InFault? What happens
when the incoming fault is encrypted? Shouldn't that be moved to a separate interceptor after
a possible WSS4JInterceptor is called?

Thanks

Marc

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message