cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dallas Vaughan (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CXF-6409) CXF web service cannot process MTOM/XOP-optimized content within a CipherValue element
Date Sat, 30 May 2015 16:37:17 GMT

     [ https://issues.apache.org/jira/browse/CXF-6409?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dallas Vaughan updated CXF-6409:
--------------------------------
    Attachment: decrypt-xop.patch

> CXF web service cannot process MTOM/XOP-optimized content within a CipherValue element
> --------------------------------------------------------------------------------------
>
>                 Key: CXF-6409
>                 URL: https://issues.apache.org/jira/browse/CXF-6409
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 3.0.4
>            Reporter: Dallas Vaughan
>            Assignee: Colm O hEigeartaigh
>         Attachments: decrypt-xop.patch
>
>
> When a CXF (WS-Security streaming-enabled) web service endpoint is configured to use
WS-Security and MTOM, CXF cannot handle requests from .NET and Metro clients because it cannot
process {{xop:Include}} elements that are children of {{enc:CipherValue}} elements, as both
of these clients will optimize any large encrypted (base64-encoded binary) content by serializing
it as a MIME part.
> For example, when a Metro MTOM-optimized WS-Security-based request is sent to a CXF endpoint,
the following exception is thrown within {{org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor$DecryptionThread.run()}}:
> {code}org.apache.xml.security.exceptions.XMLSecurityException: Unexpected StAX-Event:
START_ELEMENT{code}
> This makes it impossible for .NET and Metro clients to communicate with CXF endpoints
which have the MTOM and encryption policies specified.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message