[
https://issues.apache.org/jira/browse/CAMEL-12104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Adam Campbell updated CAMEL-12104:
----------------------------------
Description:
There is very strange behavior in Camel cxf and cxfrs timeouts which could lead
to sensitive data being released.
Below is a code sample which illustrates the unexpected behavior. I think any
developer would expect the test API to return "Valid Response" or some kind
exception, but in fact it returns "SENSITIVE DATA" due to the default
continuationTimeout of 30 seconds.
This issue seems to have been introduced by
https://issues.apache.org/jira/browse/CAMEL-7401
{code:java}
public void configure() {
from("cxf:///test?dataFormat=MESSAGE")
.setBody(constant("SENSITIVE DATA"))
.to("cxf://http://localhost:8003/slowApi?serviceClass=com.example.ExampleService&dataFormat=MESSAGE";)
.transform(constant("Valid Response"));
from("cxf:///slowApi?dataFormat=MESSAGE")
.process(new Processor(){
@Override
public void process(final Exchange exchange) throws Exception {
Thread.sleep(45000);
}
});
}
{code}
was:
There is very strange behavior in Camel cxf and cxfrs timeouts which could lead
to sensitive data being released.
Below is a code sample which illustrates the unexpected behavior. I think any
developer would expect the test API to return "Valid Response" but in fact it
returns "SENSITIVE DATA" due to the default continuationTimeout of 30 seconds.
This issue seems to have been introduced by
https://issues.apache.org/jira/browse/CAMEL-7401
{code:java}
public void configure() {
from("cxf:///test?dataFormat=MESSAGE")
.setBody(constant("SENSITIVE DATA"))
.to("cxf://http://localhost:8003/slowApi?serviceClass=com.example.ExampleService&dataFormat=MESSAGE";)
.transform(constant("Valid Response"));
from("cxf:///slowApi?dataFormat=MESSAGE")
.process(new Processor(){
@Override
public void process(final Exchange exchange) throws Exception {
Thread.sleep(45000);
}
});
}
{code}
> Unintuitive default cxf timeout behavior
> ----------------------------------------
>
> Key: CAMEL-12104
> URL: https://issues.apache.org/jira/browse/CAMEL-12104
> Project: Camel
> Issue Type: Bug
> Components: camel-cxf, camel-cxfrs
> Reporter: Adam Campbell
>
> There is very strange behavior in Camel cxf and cxfrs timeouts which could
> lead to sensitive data being released.
> Below is a code sample which illustrates the unexpected behavior. I think any
> developer would expect the test API to return "Valid Response" or some kind
> exception, but in fact it returns "SENSITIVE DATA" due to the default
> continuationTimeout of 30 seconds.
> This issue seems to have been introduced by
> https://issues.apache.org/jira/browse/CAMEL-7401
> {code:java}
> public void configure() {
> from("cxf:///test?dataFormat=MESSAGE")
> .setBody(constant("SENSITIVE DATA"))
>
> .to("cxf://http://localhost:8003/slowApi?serviceClass=com.example.ExampleService&dataFormat=MESSAGE";)
> .transform(constant("Valid Response"));
> from("cxf:///slowApi?dataFormat=MESSAGE")
> .process(new Processor(){
> @Override
> public void process(final Exchange exchange) throws Exception
> {
> Thread.sleep(45000);
> }
> });
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
