cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Kulp (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (CXF-2854) Carriage return (\r) in String argument to service method causes "SoapFault: The signature or decryption was invalid"
Date Tue, 05 Oct 2010 18:07:37 GMT

     [ https://issues.apache.org/jira/browse/CXF-2854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Daniel Kulp resolved CXF-2854.
------------------------------

       Resolution: Not A Problem
    Fix Version/s: Invalid
         Assignee: Daniel Kulp



This isn't really a "bug" in CXF.  It's a bug in the Stax parser built into the JDK.  If you
add the wstx jar that we ship with CXF to the libs, the testcase works fine.  



> Carriage return (\r) in String argument to service method causes "SoapFault: The signature
or decryption was invalid"
> ---------------------------------------------------------------------------------------------------------------------
>
>                 Key: CXF-2854
>                 URL: https://issues.apache.org/jira/browse/CXF-2854
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.1.4
>         Environment: Windows XP Professional SP3
> JDK 1.6.0_13
>            Reporter: Web Development Guys
>            Assignee: Daniel Kulp
>             Fix For: Invalid
>
>         Attachments: CXF-Carriage-Return-Issue-Demo-2.zip, CXF-Carriage-Return-Issue-Demo.zip
>
>
> When using a WSS4JOutInterceptor on the proxy client and WSS4JInInterceptor on the service
with the action WSHandlerConstants.SIGNATURE, the call to the service terminates in a SoapFault
for an invalid signature if a String containing a carriage return (\r) is passed as an argument
to the service. Strings not containing a carriage return result in a successful response.
> A short (fewer than 100 total lines) demonstration of the bug can be provided; a stack
trace is at the end of this description.
> Thank you.
> Stack Trace:
> org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
> 	at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:438)
> 	at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85)
> 	at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
> 	at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
> 	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:160)
> 	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:67)
> 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
> 	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:89)
> 	at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:295)
> 	at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:258)
> 	at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70)
> 	at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)
> 	at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:206)
> 	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
> 	at org.mortbay.jetty.Server.handle(Server.java:324)
> 	at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
> 	at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:842)
> 	at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:648)
> 	at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205)
> 	at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
> 	at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
> 	at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:450)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message