cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: 2 possible validators/interceptors
Date Mon, 22 Jul 2013 15:54:05 GMT

I think you are hitting the XML size limits now.  See:

http://cxf.apache.org/docs/security.html#Security-XML


Dan



On Jul 22, 2013, at 10:59 AM, unicyco <husby024@umn.edu> wrote:

> I have a situation where I need to be able to take a SOAPMessage and validate
> it using *either* username/password or a certificate.  However, I have
> having trouble stepping my code up to CXF 2.7.5 running in Karaf after
> previously running a pretty old version of Servicemix.
> 
> What I did to make this work before was to create my own interceptor that
> extends WSS4JInInterceptor and passed into my interceptor an
> ACTION=UsernameToken and ACTION=Signature interceptor.  Then, in my
> handleMessage() I start by passing the SoapMessage to the UsernameToken
> interceptor.  If it throws an exception, I pass the SoapMessage to the
> Signature interceptor.  I remember having trouble getting this working
> originally, and to fix it I did a shallow soapMessage.clone().  However,
> this is no longer working with CXF 2.7.5.... If I first pass the SoapMessage
> to the UsernameToken interceptor, and then pass it to the Signature
> interceptor, I get an exception:
> 
>     org.apache.cxf.staxutils.DepthExceededStaxException: reach the
> innerElementCountThreshold:50000
> 
> I'm pretty sure the correct way to do this is NOT to pass the same
> SoapMessage to multiple interceptors (since they modify the message),
> however I don't know how to accomplish this otherwise.  I understand WSS4J
> 1.6 now has the concept of Validators, which I'm using for my UsernameToken
> validation (against an LDAP directory), but I don't know how to accomplish a
> 2-way "choice" validation of my security header.  Can anyone point me in the
> right direction?  If it would help I can post some code samples.
> 
> Thank you!!
> 
> Joseph
> 
> 
> 
> --
> View this message in context: http://cxf.547215.n5.nabble.com/2-possible-validators-interceptors-tp5731252.html
> Sent from the cxf-user mailing list archive at Nabble.com.

-- 
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com


Mime
View raw message