I think you are hitting the XML size limits now. See: http://cxf.apache.org/docs/security.html#Security-XML
Dan On Jul 22, 2013, at 10:59 AM, unicyco <[email protected]> wrote: > I have a situation where I need to be able to take a SOAPMessage and validate > it using *either* username/password or a certificate. However, I have > having trouble stepping my code up to CXF 2.7.5 running in Karaf after > previously running a pretty old version of Servicemix. > > What I did to make this work before was to create my own interceptor that > extends WSS4JInInterceptor and passed into my interceptor an > ACTION=UsernameToken and ACTION=Signature interceptor. Then, in my > handleMessage() I start by passing the SoapMessage to the UsernameToken > interceptor. If it throws an exception, I pass the SoapMessage to the > Signature interceptor. I remember having trouble getting this working > originally, and to fix it I did a shallow soapMessage.clone(). However, > this is no longer working with CXF 2.7.5.... If I first pass the SoapMessage > to the UsernameToken interceptor, and then pass it to the Signature > interceptor, I get an exception: > > org.apache.cxf.staxutils.DepthExceededStaxException: reach the > innerElementCountThreshold:50000 > > I'm pretty sure the correct way to do this is NOT to pass the same > SoapMessage to multiple interceptors (since they modify the message), > however I don't know how to accomplish this otherwise. I understand WSS4J > 1.6 now has the concept of Validators, which I'm using for my UsernameToken > validation (against an LDAP directory), but I don't know how to accomplish a > 2-way "choice" validation of my security header. Can anyone point me in the > right direction? If it would help I can post some code samples. > > Thank you!! > > Joseph > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/2-possible-validators-interceptors-tp5731252.html > Sent from the cxf-user mailing list archive at Nabble.com. -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
