Hi Colm, Done: https://issues.apache.org/jira/browse/CXF-4688
Marc On Mon, 10 Dec 2012 09:45:31 +0000 Colm O hEigeartaigh <[email protected]> wrote: > Hi Marc, > > Could you raise this in CXF? > > Colm. > > On Sat, Dec 8, 2012 at 7:56 PM, <[email protected]> wrote: > > > Author: giger > > Date: Sat Dec 8 19:56:10 2012 > > New Revision: 1418741 > > > > URL: http://svn.apache.org/viewvc?rev=1418741&view=rev > > Log: > > Workaround: CXF seems not to call xmlstreamReader.close() which is > > essential to complete security processing. > > > > Modified: > > > > webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java > > > > Modified: > > webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java > > URL: > > http://svn.apache.org/viewvc/webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java?rev=1418741&r1=1418740&r2=1418741&view=diff > > > > ============================================================================== > > --- > > webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java > > (original) > > +++ > > webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java > > Sat Dec 8 19:56:10 2012 > > @@ -22,8 +22,10 @@ import org.apache.cxf.binding.soap.SoapF > > import org.apache.cxf.binding.soap.SoapMessage; > > import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; > > import org.apache.cxf.interceptor.Fault; > > +import org.apache.cxf.interceptor.ServiceInvokerInterceptor; > > import org.apache.cxf.interceptor.StaxInInterceptor; > > > > +import org.apache.cxf.phase.Phase; > > import org.apache.ws.security.common.ext.WSSecurityException; > > import org.apache.ws.security.stax.WSSec; > > import org.apache.ws.security.stax.ext.InboundWSSec; > > @@ -84,6 +86,23 @@ public class SecurityInInterceptor exten > > newXmlStreamReader = > > inboundWSSec.processInMessage(originalXmlStreamReader, > > requestSecurityEvents, securityEventListener); > > soapMessage.setContent(XMLStreamReader.class, > > newXmlStreamReader); > > > > + //workaround: CXF seems not to call xmlstreamReader.close() > > which is essential to complete > > + //security processing. So we add another interceptor which > > does it. > > + AbstractSoapInterceptor abstractSoapInterceptor = new > > AbstractSoapInterceptor(Phase.PRE_INVOKE) { > > + > > + @Override > > + public void handleMessage(SoapMessage message) throws > > Fault { > > + XMLStreamReader xmlStreamReader = > > message.getContent(XMLStreamReader.class); > > + try { > > + xmlStreamReader.close(); > > + } catch (XMLStreamException e) { > > + throw new SoapFault("unexpected service error", > > SoapFault.FAULT_CODE_SERVER); > > + } > > + } > > + }; > > + > > > > abstractSoapInterceptor.addBefore(ServiceInvokerInterceptor.class.getName()); > > + > > soapMessage.getInterceptorChain().add(abstractSoapInterceptor); > > + > > //Warning: The exceptions which can occur here are not > > security relevant exceptions but configuration-errors. > > //To catch security relevant exceptions you have to catch > > them e.g.in the FaultOutInterceptor. > > //Why? Because we do streaming security. This interceptor > > doesn't handle the ws-security stuff but just > > > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
