[
https://issues.apache.org/jira/browse/CXF-8010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved CXF-8010.
--------------------------------------
Resolution: Fixed
> Avoid applying the SAAJInInterceptor to unsecured messages when using
> WS-SecurityPolicy
> ---------------------------------------------------------------------------------------
>
> Key: CXF-8010
> URL: https://issues.apache.org/jira/browse/CXF-8010
> Project: CXF
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Fix For: 3.3.2
>
>
> It's possible to have a scenario where certain operations are secured using a
> WS-SecurityPolicy, and some are not secured at all. Up til now, the
> WSS4JInInterceptor will convert all messages to DOM form for WS-Security
> processing, using the SAAJInInterceptor.
> With this fix, if a message does not contain a security header, it will not
> be converted using the SAAJInIntereptor. Instead the policies are evaluated
> against an empty set. This should result in a performance boost for the
> insecured message case. Note that this only applies when using
> WS-SecurityPolicy, and not using the plain WSS4JInInterceptor with "action"
> configuration.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
