cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Philippe CERY (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-4077) Body tag attributes from inbound message are lost in outbound message
Date Thu, 16 Feb 2012 10:00:59 GMT

    [ https://issues.apache.org/jira/browse/CXF-4077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13209245#comment-13209245
] 

Philippe CERY commented on CXF-4077:
------------------------------------

Suppose a WS client C, a WS proxy PX and a WS provider PV. C sends a SOAP request to PX, then
PX forwards the request to PV. PX uses Camel to route the request from C to PV.
The request's soap:Body tag is digitally signed by C (WSHandlerConstants.SIGNATURE_PARTS,
"{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body") for PV. As a proxy, PX cannot
validate the signature or modify the request. Thus, the WSS4JInInterceptor on the PX inbound
endpoint is configured to ignore the Signature (using wss4j.processor.map with the Signature
header QName as key and null as the value).
When a tag is signed, there is a wsu:Id attribute and the associated wsu namespace declaration
added on this tag.
PX receives from C a message in which the soap:Body tag has these attributes but the soap:Body
tag in the message sent to PV has no attributes thus PV cannot validate the signature (the
part signed by C is modified when received by PV) and the request is rejected.
The issue is when SoapOutInterceptor creates the soap:Body tag at the end of writeSoapEnvelopeStart
method. A new empty Body tag is add to the XMLStreamWriter. And the next interceptors do not
add the missing attributes.
To temporarily solve this, I have added my own interceptor right after the SoapOutInterceptor.
This interceptor gets the inbound message (PhaseInterceptorChain.PREVIOUS_MESSAGE key) from
the outbound message and retrieve the original soap:Body element. If that element has attributes,
I add them to the XMLStreamWriter.
My patch works but it would be more efficient if ReadHeadersInterceptor or StartBodyInterceptor
could get these attributes and store them in the message HashMap as it is done for the SOAP
headers. Then the SoapOutInterceptor would retrieve the stored attributes (if any) and add
them to the outbound message soap:Body element.
                
> Body tag attributes from inbound message are lost in outbound message
> ---------------------------------------------------------------------
>
>                 Key: CXF-4077
>                 URL: https://issues.apache.org/jira/browse/CXF-4077
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-WS Runtime, Soap Binding
>    Affects Versions: 2.4.4, 2.5.1
>         Environment: jdk 1.6.0_30, tomcat 6.0.35, camel 2.9.0, cxf 2.5.1
>            Reporter: Philippe CERY
>             Fix For: NeedMoreInfo
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> Suppose you want to sign the whole soap body of your message. The Body tag will have
2 attributes xmlns:wsu and wsu:Id added.
> I want my server to forward the message to another server without checking signature
and of course without modifying the signed part. 
> But the In interceptors (ReadHeadersInterceptor and StartBodyInterceptor) ignore these
attributes while parsing the inbound message and the SoapOutInterceptor creates a new empty
soap Body element.
> So, the signed part is considered as modified by the second server and the message is
rejected.
> If I want to sign any other part inside the body element, it works.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message