cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Modestas Vainius (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-5724) Extra text and comments after </soapenv:Body> are treated as part of SOAP body by CXF
Date Thu, 01 May 2014 22:13:17 GMT
Modestas Vainius created CXF-5724:
-------------------------------------

             Summary: Extra text and comments after </soapenv:Body> are treated as part
of SOAP body by CXF
                 Key: CXF-5724
                 URL: https://issues.apache.org/jira/browse/CXF-5724
             Project: CXF
          Issue Type: Bug
          Components: Soap Binding
    Affects Versions: 2.7.11, 2.7.10, 2.7.9
            Reporter: Modestas Vainius


Hello,

it appears that since https://github.com/apache/cxf/commit/eb70d1008b8ffd32c90c990122b08d10ffcda933
extra characters and comments after </soapenv:Body> get "leaked" into CXF view of SOAP
body. This is not a big problem unless SOAP body is signed with WSS Security. Obviously, then
any characters  (in particular new lines or whitespaces) after </soapenv:Body> will
cause signature validation to fail due to checksum mismatch.

This is due to switch from StaxUtils.readDocElements() to StaxUtils.copy(). Now I'm not sure
if StaxUtils.copy() is either buggy or misused there. If called with *fragment*=false, it
would probably extract body as expected but then again I'm not sure what's the point of *fragment*
flag. So, I attach the patch which fixes the "leak" problem in StaxUtils.copy() when *fragment*=true.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message