[
https://issues.apache.org/jira/browse/WSS-547?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14650671#comment-14650671
]
Marc Giger commented on WSS-547:
--------------------------------
In this sense the streams are always leaked and not only when an exception
occurs.
It is done intentionally this way for the following reasons:
- The code doesn't open the stream but uses a stream that was passed in via the
attachment callback handler. Therefore I see the responsibility to close the
stream by the caller of wss4j.
- The most important point may be that we don't know in wss4j what for a stream
it exactly is, resp. it's origin. In context with WebService stacks it may be
that the stream is comming directly from the network socket and therefore it
would be uncool to close it here for various reasons.
@[~coheigea]: What do you think?
> unreleased resource
> -------------------
>
> Key: WSS-547
> URL: https://issues.apache.org/jira/browse/WSS-547
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 2.0.3
> Reporter: Jens Kordowski
> Assignee: Marc Giger
> Fix For: 2.0.6, 2.1.3
>
>
> Hi,
> found 2 resource leaks:
> org.apache.wss4j.stax.impl.processor.output.WSSSignatureOutputProcessor.digestExternalReference()
> opens an InputStream:
> InputStream inputStream = attachment.getSourceStream();
> In case the later buildTransformerChain() throws an XMLSecurityException,
> this resource is leaked.
> org.apache.wss4j.stax.impl.processor.input.WSSSignatureReferenceVerifyInputProcessor.verifyExternalReference()
> does the same thing:
> InputStream attachmentInputStream = attachment.getSourceStream();
> In case the later reateMessageDigestOutputStream() throws an
> XMLSecurityException, the resource is leaked.
> Best regards
> Jens
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
