Return-Path: 
 <issues-return-29939-apmail-cxf-issues-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-issues-archive@www.apache.org
Delivered-To: apmail-cxf-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 779DF11580
	for <apmail-cxf-issues-archive@www.apache.org>;
 Thu,  1 May 2014 23:20:26 +0000 (UTC)
Received: (qmail 80572 invoked by uid 500); 1 May 2014 23:20:16 -0000
Delivered-To: apmail-cxf-issues-archive@cxf.apache.org
Received: (qmail 80542 invoked by uid 500); 1 May 2014 23:20:15 -0000
Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@cxf.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@cxf.apache.org>
List-Post: <mailto:issues@cxf.apache.org>
List-Id: <issues.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list issues@cxf.apache.org
Received: (qmail 80529 invoked by uid 99); 1 May 2014 23:20:15 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 May 2014 23:20:15 +0000
Date: Thu, 1 May 2014 23:20:15 +0000 (UTC)
From: "Daniel Kulp (JIRA)" <jira@apache.org>
To: issues@cxf.apache.org
Message-ID: <JIRA.12711818.1398982330996.216595.1398986415295@arcas>
In-Reply-To: <JIRA.12711818.1398982330996@arcas>
References: <JIRA.12711818.1398982330996@arcas>
Subject: [jira] [Assigned] (CXF-5724) Extra text and comments after
 </soapenv:Body> are treated as part of SOAP body by CXF
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/CXF-5724?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Kulp reassigned CXF-5724:
--------------------------------

    Assignee: Daniel Kulp

> Extra text and comments after </soapenv:Body> are treated as part of SOAP body by CXF
> -------------------------------------------------------------------------------------
>
>                 Key: CXF-5724
>                 URL: https://issues.apache.org/jira/browse/CXF-5724
>             Project: CXF
>          Issue Type: Bug
>          Components: Soap Binding
>    Affects Versions: 2.7.9, 2.7.10, 2.7.11
>            Reporter: Modestas Vainius
>            Assignee: Daniel Kulp
>         Attachments: 0001-Do-not-leak-characters-and-comments-past-the-end-of-.patch
>
>
> Hello,
> it appears that since https://github.com/apache/cxf/commit/eb70d1008b8ffd32c90c990122b08d10ffcda933 extra characters and comments after </soapenv:Body> get "leaked" into CXF view of SOAP body. This is not a big problem unless SOAP body is signed with WSS Security. Obviously, then any characters  (in particular new lines or whitespaces) after </soapenv:Body> will cause signature validation to fail due to checksum mismatch.
> This is due to switch from StaxUtils.readDocElements() to StaxUtils.copy(). Now I'm not sure if StaxUtils.copy() is either buggy or misused there. If called with *fragment*=false, it would probably extract body as expected but then again I'm not sure what's the point of *fragment* flag. So, I attach the patch which fixes the "leak" problem in StaxUtils.copy() when *fragment*=true.



--
This message was sent by Atlassian JIRA
(v6.2#6252)