[jira] [Resolved] (CXF-7691) Can't add multiple instances of the same security interceptor to the same interceptor chain

Tue, 27 Mar 2018 06:24:38 -0700 

     [ 
https://issues.apache.org/jira/browse/CXF-7691?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colm O hEigeartaigh resolved CXF-7691.
--------------------------------------
    Resolution: Fixed

I fixed this for the WSS4JOutInterceptor only here:

[https://github.com/apache/cxf/commit/c02442840de4e8820c4df14a8cead58d5b86d5ec]

The trick is to specify an "Id" for the second WSS4JOutInterceptor instance so 
that it gets added to the outbound interceptor chain. The streaming out 
interceptor is not really designed to work in this way so I'm not planning to 
fix it.

> Can't add multiple instances of the same security interceptor to the same 
> interceptor chain
> -------------------------------------------------------------------------------------------
>
>                 Key: CXF-7691
>                 URL: https://issues.apache.org/jira/browse/CXF-7691
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 3.2.4
>            Reporter: Ibrahim M. Ghazal
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>             Fix For: 3.1.16, 3.2.5
>
>
> We consume a webservice that requires setting multiple {{<wss:Security>}} 
> headers with different actors. I tried to add two {{WSS4JOutInterceptor}} 
> instances, but only one of them actually added the header. I also tried to 
> add two {{WSS4JStaxOutInterceptor}} instances, but that threw an exception:
> {code}
> java.lang.IllegalArgumentException: null is not supported as output
>       at 
> org.apache.wss4j.stax.setup.OutboundWSSec.processOutMessage(OutboundWSSec.java:218)
>       at 
> org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor.handleMessage(WSS4JStaxOutInterceptor.java:169)
>       at 
> org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor.handleMessage(WSS4JStaxOutInterceptor.java:61)
>       at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
>       at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:533)
>       at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:442)
>       at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:343)
>       at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:296)
>       at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>       at 
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
>       at com.sun.proxy.$Proxy79.doubleIt(Unknown Source)
>       at 
> org.apache.cxf.systest.ws.action.ActionTest.testMultipleActorsStAX(ActionTest.java:710)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>       at java.lang.reflect.Method.invoke(Method.java:498)
>       at 
> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
>       at 
> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
>       at 
> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
>       at 
> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
>       at 
> org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
>       at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
>       at 
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
>       at 
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
>       at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
>       at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
>       at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
>       at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
>       at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
>       at 
> org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
>       at 
> org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
>       at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
>       at 
> org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
>       at 
> org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
>       at 
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:538)
>       at 
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:760)
>       at 
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:460)
>       at 
> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:206)
> {code}
> The only thing that worked was adding one {{WSS4JOutInterceptor}} and one 
> {{WSS4JStaxOutInterceptor}}, but that feels like a hack.
> I wrote three tests 
> [here|https://github.com/imgx64/cxf/commit/8fe975c05089e1289eb56d700cfb47ce0df17202],
>  one passing ({{testMultipleActorsMixed}}) and two failing 
> ({{testMultipleActors}}, {{testMultipleActorsStAX}}) to show the issue. 
> Unfortunately, I'm not familiar enough with the innards of CXF to fix the 
> issue.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to