On Oct 25, 2012, at 5:10 AM, Andrei Shakirin <[email protected]> wrote: > Actually WSS4J works only with DOM based SOAPMessages. Therefore CXF WSS > security interceptors always invoke SAAJ interceptors before process the > message. That means the interceptors break streaming.
Yep. Building up the SAAJ model requires all the attachments to be available and cached. Thus, we have to pull them all in. Otherwise the SOAPHandlers and the Provider<SOAPMessage> type models would not work properly per spec. We could likely add a property that the SAAJInInterceptor could check to turn that off. In the case of WSS4J, it ignores all the attachments so we likely could optionally skip that. Even the SOAPHandlers and Providers that don't touch any of the attachments could likely skip it. Dan > > AFAIK guys already started work on stream based WSS4J. Colm knows more about > it. > > I am not sure if any essential optimization is possible with current WSS4J. > > Regards, > Andrei. > > -----Original Message----- > From: kongar [mailto:[email protected]] > Sent: Donnerstag, 25. Oktober 2012 02:48 > To: [email protected] > Subject: Re: WSS4J Timestamp expiring before large file transfer finishes > > Ok, sorry for spamming this list as I keep replying to myself, but removing > the LoggingInInterceptor didn't help as I had thought. This looks like it > may be an actual problem in the CXF implementation of WSS4JInterceptor. On > the handleMessage() method, this line: > > SOAPMessage doc = getSOAPMessage(msg); > > Downloads the entire attachments to disk. And only afterwards are the > security headers processed with these lines: > > Element elem = WSSecurityUtil.getSecurityHeader(doc.getSOAPPart(), actor); > List<WSSecurityEngineResult> wsResult = engine.processSecurityHeader(elem, > reqData); > > Ideally, shouldn't the headers be validated before the attachment is > downloaded? > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/WSS4J-Timestamp-expiring-before-large-file-transfer-finishes-tp5717348p5717373.html > Sent from the cxf-user mailing list archive at Nabble.com. -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
