cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Min Yang <mg0432...@gmail.com>
Subject Re: the default AutoRedirect value of http conduit
Date Thu, 31 Jan 2013 11:01:01 GMT
Thanks Freeman and Sergey,

I understand it will impact the performance if open the auto redirect. But
I don't understand why it is a potential secuirty issue open the auto
redirect? Sergey, can you please explain more?

Thanks!

On Thu, Jan 31, 2013 at 6:00 PM, Sergey Beryozkin <sberyozkin@gmail.com>wrote:

> Hi
>
> On 31/01/13 05:33, Freeman Fang wrote:
>
>> Hi,
>>
>> Because if AutoRedirect is true, then we can't use chunking, which means
>> it's harm to the performance, you can get more details from [1].
>>
>
> This is also a potential security issue so defaulting it to true is
> problematic indeed
>
> Cheers, Sergey
>
>
>
>> [1]http://cxf.apache.org/docs/**client-http-transport-**
>> including-ssl-support.html<http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html>
>> -------------
>> Freeman(Yue) Fang
>>
>> Red Hat, Inc.
>> FuseSource is now part of Red Hat
>> Web: http://fusesource.com | http://www.redhat.com/
>> Twitter: freemanfang
>> Blog: http://freemanfang.blogspot.**com <http://freemanfang.blogspot.com>
>> http://blog.sina.com.cn/u/**1473905042<http://blog.sina.com.cn/u/1473905042>
>> weibo: @Freeman小屋
>>
>> On 2013-1-31, at 下午12:59, Min Yang wrote:
>>
>>  Hi All,
>>>
>>> Our application is integrating with cxf to use the webservices, but we
>>> find
>>> that the service client doesn't support to auto redirect the wsdl url in
>>> default when got the 301 or 302 http code. We must have to set the
>>> parameter AutoRedirect as "true" in the http conduit configuration file.
>>>
>>> So I just want to know why cxf doesn't not set this parameter to "true"
>>> in
>>> default, do you have any concern to open this option? And we know the
>>> parameter AutoRedirect will be used when connecting the wsdl, will this
>>> option also be used when receiving the soap message?
>>>
>>> Thanks! Waiting for your response!
>>>
>>> Min
>>>
>>
>>
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message