cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glen Mazza (Commented) (JIRA)" <>
Subject [jira] [Commented] (CXF-4108) Dispatch provider accepts any request
Date Tue, 14 Feb 2012 14:50:02 GMT


Glen Mazza commented on CXF-4108:

quote: "Expected behaviour: the service returns a fault with code = client stating an unknown
operation was invoked."

But there's no such thing as an unknown operation when you're using Provider, by definition
any SOAP message is acceptable.
See:  This is not a CXF bug, but perhaps an enhancement request
on this particular sample to filter unexpected incoming messages.

While in production you would all but certainly wish to include business logic somewhere downstream
to reject invalid SOAP requests (either invalid operations or parameters to same), arguably
adding in XML parsing to this sample (especially when done rigorously) would bloat up/distract
this sample from what it's trying to show, namely just how to use the Dispatch and Provider

After all, when you want strict enforcement immediately at SOAP request time and *not* further
downstream ("only these types of operations and these types of input parameters to those operations"),
that's when you'll normally run the wsdl-to-java process and work with an SEI implementation
with methods enforcing those rules.

> Dispatch provider accepts any request
> -------------------------------------
>                 Key: CXF-4108
>                 URL:
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-WS Runtime
>    Affects Versions: 2.5.2
>            Reporter: Zsolt Beothy-Elo
>         Attachments: request.txt, response.txt
> Start the server of the jaxws_dispatch_provider sample. Send a totally unrelated request
to the endpoint of the sample server. For the request actually sent see attachment request.txt
> Expected behaviour: the service returns a fault with code = client  stating an unknown
operation was invoked.
> Actual behaviour: One of the service operations is called and normal response is returned,
see attachment response.txt
> Also replacing the empty soapAction values in the sample WSDL with distinct values yields
the same result. 
> Note: This behaviour can also be observed with other provider based services. Of course
here the business code might return a fault because the structure of the request is not the
expected one. Still already CXF should not accept the requests.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message