Hi Colm,
Done:
https://issues.apache.org/jira/browse/CXF-4688
Marc
On Mon, 10 Dec 2012 09:45:31 +0000
Colm O hEigeartaigh <coheigea@apache.org> wrote:
> Hi Marc,
>
> Could you raise this in CXF?
>
> Colm.
>
> On Sat, Dec 8, 2012 at 7:56 PM, <giger@apache.org> wrote:
>
> > Author: giger
> > Date: Sat Dec 8 19:56:10 2012
> > New Revision: 1418741
> >
> > URL: http://svn.apache.org/viewvc?rev=1418741&view=rev
> > Log:
> > Workaround: CXF seems not to call xmlstreamReader.close() which is
> > essential to complete security processing.
> >
> > Modified:
> >
> > webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java
> >
> > Modified:
> > webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java
> > URL:
> > http://svn.apache.org/viewvc/webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java?rev=1418741&r1=1418740&r2=1418741&view=diff
> >
> > ==============================================================================
> > ---
> > webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java
> > (original)
> > +++
> > webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java
> > Sat Dec 8 19:56:10 2012
> > @@ -22,8 +22,10 @@ import org.apache.cxf.binding.soap.SoapF
> > import org.apache.cxf.binding.soap.SoapMessage;
> > import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
> > import org.apache.cxf.interceptor.Fault;
> > +import org.apache.cxf.interceptor.ServiceInvokerInterceptor;
> > import org.apache.cxf.interceptor.StaxInInterceptor;
> >
> > +import org.apache.cxf.phase.Phase;
> > import org.apache.ws.security.common.ext.WSSecurityException;
> > import org.apache.ws.security.stax.WSSec;
> > import org.apache.ws.security.stax.ext.InboundWSSec;
> > @@ -84,6 +86,23 @@ public class SecurityInInterceptor exten
> > newXmlStreamReader =
> > inboundWSSec.processInMessage(originalXmlStreamReader,
> > requestSecurityEvents, securityEventListener);
> > soapMessage.setContent(XMLStreamReader.class,
> > newXmlStreamReader);
> >
> > + //workaround: CXF seems not to call xmlstreamReader.close()
> > which is essential to complete
> > + //security processing. So we add another interceptor which
> > does it.
> > + AbstractSoapInterceptor abstractSoapInterceptor = new
> > AbstractSoapInterceptor(Phase.PRE_INVOKE) {
> > +
> > + @Override
> > + public void handleMessage(SoapMessage message) throws
> > Fault {
> > + XMLStreamReader xmlStreamReader =
> > message.getContent(XMLStreamReader.class);
> > + try {
> > + xmlStreamReader.close();
> > + } catch (XMLStreamException e) {
> > + throw new SoapFault("unexpected service error",
> > SoapFault.FAULT_CODE_SERVER);
> > + }
> > + }
> > + };
> > +
> > abstractSoapInterceptor.addBefore(ServiceInvokerInterceptor.class.getName());
> > +
> > soapMessage.getInterceptorChain().add(abstractSoapInterceptor);
> > +
> > //Warning: The exceptions which can occur here are not
> > security relevant exceptions but configuration-errors.
> > //To catch security relevant exceptions you have to catch
> > them e.g.in the FaultOutInterceptor.
> > //Why? Because we do streaming security. This interceptor
> > doesn't handle the ws-security stuff but just
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
|