cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Shakirin <>
Subject RE: WSS4J Timestamp expiring before large file transfer finishes
Date Thu, 25 Oct 2012 09:10:23 GMT
Actually WSS4J works only with DOM based SOAPMessages. Therefore CXF WSS security interceptors
always invoke SAAJ interceptors before process the message. That means the interceptors break

AFAIK guys already started work on stream based WSS4J. Colm knows more about it.

I am not sure if any essential optimization is possible with current WSS4J.


-----Original Message-----
From: kongar [] 
Sent: Donnerstag, 25. Oktober 2012 02:48
Subject: Re: WSS4J Timestamp expiring before large file transfer finishes

Ok, sorry for spamming this list as I keep replying to myself, but removing the LoggingInInterceptor
didn't help as I had thought.  This looks like it may be an actual problem in the CXF implementation
of WSS4JInterceptor.  On the handleMessage() method, this line:

SOAPMessage doc = getSOAPMessage(msg);

Downloads the entire attachments to disk.  And only afterwards are the security headers processed
with these lines:

Element elem = WSSecurityUtil.getSecurityHeader(doc.getSOAPPart(), actor); List<WSSecurityEngineResult>
wsResult = engine.processSecurityHeader(elem,

Ideally, shouldn't the headers be validated before the attachment is downloaded?

View this message in context:
Sent from the cxf-user mailing list archive at

View raw message