Hi Marc, Could you raise this in CXF?
Colm. On Sat, Dec 8, 2012 at 7:56 PM, <[email protected]> wrote: > Author: giger > Date: Sat Dec 8 19:56:10 2012 > New Revision: 1418741 > > URL: http://svn.apache.org/viewvc?rev=1418741&view=rev > Log: > Workaround: CXF seems not to call xmlstreamReader.close() which is > essential to complete security processing. > > Modified: > > webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java > > Modified: > webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java > URL: > http://svn.apache.org/viewvc/webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java?rev=1418741&r1=1418740&r2=1418741&view=diff > > ============================================================================== > --- > webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java > (original) > +++ > webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java > Sat Dec 8 19:56:10 2012 > @@ -22,8 +22,10 @@ import org.apache.cxf.binding.soap.SoapF > import org.apache.cxf.binding.soap.SoapMessage; > import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; > import org.apache.cxf.interceptor.Fault; > +import org.apache.cxf.interceptor.ServiceInvokerInterceptor; > import org.apache.cxf.interceptor.StaxInInterceptor; > > +import org.apache.cxf.phase.Phase; > import org.apache.ws.security.common.ext.WSSecurityException; > import org.apache.ws.security.stax.WSSec; > import org.apache.ws.security.stax.ext.InboundWSSec; > @@ -84,6 +86,23 @@ public class SecurityInInterceptor exten > newXmlStreamReader = > inboundWSSec.processInMessage(originalXmlStreamReader, > requestSecurityEvents, securityEventListener); > soapMessage.setContent(XMLStreamReader.class, > newXmlStreamReader); > > + //workaround: CXF seems not to call xmlstreamReader.close() > which is essential to complete > + //security processing. So we add another interceptor which > does it. > + AbstractSoapInterceptor abstractSoapInterceptor = new > AbstractSoapInterceptor(Phase.PRE_INVOKE) { > + > + @Override > + public void handleMessage(SoapMessage message) throws > Fault { > + XMLStreamReader xmlStreamReader = > message.getContent(XMLStreamReader.class); > + try { > + xmlStreamReader.close(); > + } catch (XMLStreamException e) { > + throw new SoapFault("unexpected service error", > SoapFault.FAULT_CODE_SERVER); > + } > + } > + }; > + > abstractSoapInterceptor.addBefore(ServiceInvokerInterceptor.class.getName()); > + > soapMessage.getInterceptorChain().add(abstractSoapInterceptor); > + > //Warning: The exceptions which can occur here are not > security relevant exceptions but configuration-errors. > //To catch security relevant exceptions you have to catch > them e.g.in the FaultOutInterceptor. > //Why? Because we do streaming security. This interceptor > doesn't handle the ws-security stuff but just > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
