cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dallas Vaughan (JIRA)" <>
Subject [jira] [Commented] (CXF-6409) CXF web service cannot process MTOM/XOP-optimized content within a CipherValue element
Date Wed, 27 May 2015 18:31:19 GMT


Dallas Vaughan commented on CXF-6409:

Hi Colm,
I checked out the 3.0.x-fixes branch and installed locally, and, while it looks like it's
using the new BinarySecurity class, it is failing in the setToken method. It's throwing a
NullPointerException on {{node.setData(...)}} (line 214) because of the following (in comments):

    public void setToken(byte[] data) {
        if(data == null) {
            throw new IllegalArgumentException("data == null");
        } else {
            Text node = this.getFirstNode(); //returns null
            node.setData(Base64.encode(data)); //throws NPE

    protected Text getFirstNode() {
        Node node = this.element.getFirstChild(); //node = <xop:Include>
        return node != null && 3 == node.getNodeType()?(Text)node:null; //node.getNodeType()
= 1, so this returns null

> CXF web service cannot process MTOM/XOP-optimized content within a CipherValue element
> --------------------------------------------------------------------------------------
>                 Key: CXF-6409
>                 URL:
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 3.0.4
>            Reporter: Dallas Vaughan
>            Assignee: Colm O hEigeartaigh
> When a CXF (WS-Security streaming-enabled) web service endpoint is configured to use
WS-Security and MTOM, CXF cannot handle requests from .NET and Metro clients because it cannot
process {{xop:Include}} elements that are children of {{enc:CipherValue}} elements, as both
of these clients will optimize any large encrypted (base64-encoded binary) content by serializing
it as a MIME part.
> For example, when a Metro MTOM-optimized WS-Security-based request is sent to a CXF endpoint,
the following exception is thrown within {{$}}:
> {code} Unexpected StAX-Event:
> This makes it impossible for .NET and Metro clients to communicate with CXF endpoints
which have the MTOM and encryption policies specified.

This message was sent by Atlassian JIRA

View raw message