Colm O hEigeartaigh created WSS-486:
---------------------------------------
Summary: Streaming code does not process a (non-secured) SOAP
Fault correctly
Key: WSS-486
URL: https://issues.apache.org/jira/browse/WSS-486
Project: WSS4J
Issue Type: Bug
Reporter: Colm O hEigeartaigh
Assignee: Marc Giger
Fix For: 2.0
The streaming code does not process a non-secured SOAP Fault correctly. I've
merged some code to the PolicyEnforcer to not throw a PolicyValidationException
when we are an initiator + there is no security header + there is no SOAP
Fault. This allows a client to see what the actual error message is, rather
than complain about an insecured response.
However, there is a bug in the SecurityHeaderInputProcessor, it throws the
following exception:
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Request is not a
valid SOAP Message
at
org.apache.wss4j.stax.impl.processor.input.SecurityHeaderInputProcessor.processNextEvent(SecurityHeaderInputProcessor.java:95)
I can only reproduce in conjunction with CXF. See the following test:
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
