Florian Müller commented on CMIS-1001:

That is impossible for some operations. For example, setContentStream hands 
over the stream to the server implementation without reading it first. 
Therefore, the framework cannot compute the MD5 hash and throw an exception.
The server implementation, on the other hand, can do it because it knows how to 
rollback any changes if it encounters a hash mismatch at the end of the stream. 

> Parse Content-MD5 Mime Header and use it for validation if present
> ------------------------------------------------------------------
>                 Key: CMIS-1001
>                 URL: https://issues.apache.org/jira/browse/CMIS-1001
>             Project: Chemistry
>          Issue Type: Improvement
>          Components: opencmis-server
>    Affects Versions: OpenCMIS 1.0.0
>            Reporter: Ron Gavlin
>            Priority: Minor
> Sometimes content streams get corrupted over the wire. Content stream hashes 
> are often used to protect against these corruptions.
> Apache Chemistry OpenCMIS should validate contentStream input to AtomPub and 
> Browser Binding CMIS operations, including setContentStream, 
> appendContentStream, checkIn, and createDocument, by comparing the content 
> stream MD5 hash against a Content-MD5 MIME header if present. A CMIS 
> invalidArgument exception should be thrown if the hashes are not equal.

This message was sent by Atlassian JIRA

Reply via email to