Author: dkulp Date: Wed Feb 13 17:08:55 2013 New Revision: 1445743 URL: http://svn.apache.org/r1445743 Log: Merged revisions 1445709 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes
........ r1445709 | dkulp | 2013-02-13 11:26:23 -0500 (Wed, 13 Feb 2013) | 18 lines Merged revisions 1445373 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/branches/2.7.x-fixes ........ r1445373 | dkulp | 2013-02-12 16:15:47 -0500 (Tue, 12 Feb 2013) | 10 lines Merged revisions 1443973 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/trunk ........ r1443973 | bimargulies | 2013-02-08 07:10:36 -0500 (Fri, 08 Feb 2013) | 2 lines CXF-4805: insist on GET or POST in soap messages. ........ ........ ........ Modified: cxf/branches/2.5.x-fixes/.gitignore cxf/branches/2.5.x-fixes/api/src/main/java/org/apache/cxf/phase/AbstractPhaseInterceptor.java cxf/branches/2.5.x-fixes/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ReadHeadersInterceptor.java cxf/branches/2.5.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/ReadHeaderInterceptorTest.java cxf/branches/2.5.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/TestUtil.java cxf/branches/2.5.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/interceptor/SoapFaultSerializerTest.java Modified: cxf/branches/2.5.x-fixes/.gitignore URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/.gitignore?rev=1445743&r1=1445742&r2=1445743&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/.gitignore (original) +++ cxf/branches/2.5.x-fixes/.gitignore Wed Feb 13 17:08:55 2013 @@ -1,3 +1,4 @@ +.idea/ *.iml *.ipr *.iws Modified: cxf/branches/2.5.x-fixes/api/src/main/java/org/apache/cxf/phase/AbstractPhaseInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/api/src/main/java/org/apache/cxf/phase/AbstractPhaseInterceptor.java?rev=1445743&r1=1445742&r2=1445743&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/api/src/main/java/org/apache/cxf/phase/AbstractPhaseInterceptor.java (original) +++ cxf/branches/2.5.x-fixes/api/src/main/java/org/apache/cxf/phase/AbstractPhaseInterceptor.java Wed Feb 13 17:08:55 2013 @@ -33,7 +33,7 @@ import org.apache.cxf.message.MessageUti * participate in phased message processing. Developers should extend from * this class when implementing custom interceptors. * Developers need to provide an implementation for handleMessage() and - * can overide the handleFault() implementation. They should not overide + * can override the handleFault() implementation. They should not override * the other methods. */ public abstract class AbstractPhaseInterceptor<T extends Message> implements PhaseInterceptor<T> { Modified: cxf/branches/2.5.x-fixes/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ReadHeadersInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ReadHeadersInterceptor.java?rev=1445743&r1=1445742&r2=1445743&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ReadHeadersInterceptor.java (original) +++ cxf/branches/2.5.x-fixes/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ReadHeadersInterceptor.java Wed Feb 13 17:08:55 2013 @@ -124,6 +124,16 @@ public class ReadHeadersInterceptor exte LOG.fine("ReadHeadersInterceptor skipped in HTTP GET method"); return; } + + /* + * Reject OPTIONS, and any other noise that is not allowed in SOAP. + */ + if (!"POST".equals((String)message.get(org.apache.cxf.message.Message.HTTP_REQUEST_METHOD))) { + Fault formula405 = new Fault("HTTP verb was not GET or POST", LOG); + formula405.setStatusCode(405); + throw formula405; + } + XMLStreamReader xmlReader = message.getContent(XMLStreamReader.class); boolean closeNeeded = false; if (xmlReader == null) { Modified: cxf/branches/2.5.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/ReadHeaderInterceptorTest.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/ReadHeaderInterceptorTest.java?rev=1445743&r1=1445742&r2=1445743&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/ReadHeaderInterceptorTest.java (original) +++ cxf/branches/2.5.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/ReadHeaderInterceptorTest.java Wed Feb 13 17:08:55 2013 @@ -29,6 +29,7 @@ import javax.activation.DataHandler; import javax.mail.util.ByteArrayDataSource; import javax.xml.stream.XMLStreamReader; +import org.apache.cxf.interceptor.Fault; import org.w3c.dom.Element; import org.apache.cxf.BusFactory; @@ -65,6 +66,19 @@ public class ReadHeaderInterceptorTest e } @Test + public void testBadHttpVerb() throws Exception { + prepareSoapMessage("test-soap-header.xml"); + soapMessage.put(Message.HTTP_REQUEST_METHOD, "OPTIONS"); + ReadHeadersInterceptor r = new ReadHeadersInterceptor(BusFactory.getDefaultBus()); + try { + r.handleMessage(soapMessage); + fail("Did not throw exception"); + } catch (Fault f) { + assertEquals(405, f.getStatusCode()); + } + } + + @Test public void testBadSOAPEnvelopeNamespace() throws Exception { soapMessage = TestUtil.createEmptySoapMessage(Soap12.getInstance(), chain); InputStream in = getClass().getResourceAsStream("test-bad-env.xml"); Modified: cxf/branches/2.5.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/TestUtil.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/TestUtil.java?rev=1445743&r1=1445742&r2=1445743&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/TestUtil.java (original) +++ cxf/branches/2.5.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/TestUtil.java Wed Feb 13 17:08:55 2013 @@ -31,10 +31,7 @@ import javax.mail.util.ByteArrayDataSour import org.apache.cxf.attachment.AttachmentImpl; import org.apache.cxf.attachment.AttachmentUtil; import org.apache.cxf.interceptor.InterceptorChain; -import org.apache.cxf.message.Attachment; -import org.apache.cxf.message.Exchange; -import org.apache.cxf.message.ExchangeImpl; -import org.apache.cxf.message.MessageImpl; +import org.apache.cxf.message.*; public final class TestUtil { @@ -90,6 +87,7 @@ public final class TestUtil { messageImpl.setExchange(exchange); SoapMessage soapMessage = new SoapMessage(messageImpl); soapMessage.setVersion(soapVersion); - return soapMessage; + soapMessage.put(Message.HTTP_REQUEST_METHOD, "POST"); + return soapMessage; } } Modified: cxf/branches/2.5.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/interceptor/SoapFaultSerializerTest.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/interceptor/SoapFaultSerializerTest.java?rev=1445743&r1=1445742&r2=1445743&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/interceptor/SoapFaultSerializerTest.java (original) +++ cxf/branches/2.5.x-fixes/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/interceptor/SoapFaultSerializerTest.java Wed Feb 13 17:08:55 2013 @@ -28,6 +28,7 @@ import javax.xml.soap.SOAPPart; import javax.xml.stream.XMLStreamReader; import javax.xml.stream.XMLStreamWriter; +import org.apache.cxf.message.Message; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -193,6 +194,7 @@ public class SoapFaultSerializerTest ext public void testCXF4181() throws Exception { //Try WITH SAAJ SoapMessage m = new SoapMessage(new MessageImpl()); + m.put(Message.HTTP_REQUEST_METHOD, "POST"); m.setVersion(Soap12.getInstance()); XMLStreamReader reader = StaxUtils.createXMLStreamReader(this.getClass() .getResourceAsStream("cxf4181.xml")); @@ -242,6 +244,7 @@ public class SoapFaultSerializerTest ext .getResourceAsStream("cxf4181.xml")); m.setContent(XMLStreamReader.class, reader); + m.put(Message.HTTP_REQUEST_METHOD, "POST"); new ReadHeadersInterceptor(null).handleMessage(m); new StartBodyInterceptor().handleMessage(m);
