[
https://issues.apache.org/jira/browse/WSS-459?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13706841#comment-13706841
]
Marc Giger commented on WSS-459:
--------------------------------
Yes, it's a mandatory necessity that close() is called on the StAX reader
_before_ the service is invoked to
get the wss4j stax impl. a chance to finish it's work. If we don't do it
security processing will be in an
undefined state. It does not only affect the policy processing but also for
example the signature processing.
One special case should not be forgotten: Message Mode, if CXF does really
allow to stream without any caching
directly up to the service implementation it should be documented somewhere
that the user is responsible to leach
the stream to the end and call close() on it.
Marc
> RequiredParts + EncryptedParts policy validation not working
> ------------------------------------------------------------
>
> Key: WSS-459
> URL: https://issues.apache.org/jira/browse/WSS-459
> Project: WSS4J
> Issue Type: Bug
> Reporter: Colm O hEigeartaigh
> Assignee: Marc Giger
> Fix For: 2.0
>
>
> RequiredParts policy validation is not working. A CXF negative test-case
> (StaxPartsTest) has a policy which "requires" a header of name "ToTo",
> however the (streaming) service throws no error.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
