cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Modestas Vainius (JIRA)" <>
Subject [jira] [Updated] (CXF-5724) Extra text and comments after </soapenv:Body> are treated as part of SOAP body by CXF
Date Thu, 01 May 2014 22:15:16 GMT


Modestas Vainius updated CXF-5724:

    Attachment: 0001-Do-not-leak-characters-and-comments-past-the-end-of-.patch

Proposed patch + test for StaxUtils.copy() when *fragment*=true

> Extra text and comments after </soapenv:Body> are treated as part of SOAP body
by CXF
> -------------------------------------------------------------------------------------
>                 Key: CXF-5724
>                 URL:
>             Project: CXF
>          Issue Type: Bug
>          Components: Soap Binding
>    Affects Versions: 2.7.9, 2.7.10, 2.7.11
>            Reporter: Modestas Vainius
>         Attachments: 0001-Do-not-leak-characters-and-comments-past-the-end-of-.patch
> Hello,
> it appears that since
extra characters and comments after </soapenv:Body> get "leaked" into CXF view of SOAP
body. This is not a big problem unless SOAP body is signed with WSS Security. Obviously, then
any characters  (in particular new lines or whitespaces) after </soapenv:Body> will
cause signature validation to fail due to checksum mismatch.
> This is due to switch from StaxUtils.readDocElements() to StaxUtils.copy(). Now I'm not
sure if StaxUtils.copy() is either buggy or misused there. If called with *fragment*=false,
it would probably extract body as expected but then again I'm not sure what's the point of
*fragment* flag. So, I attach the patch which fixes the "leak" problem in StaxUtils.copy()
when *fragment*=true.

This message was sent by Atlassian JIRA

View raw message