You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2012/12/10 10:45:31 UTC
Re: svn commit: r1418741 - /webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java
Hi Marc,
Could you raise this in CXF?
Colm.
On Sat, Dec 8, 2012 at 7:56 PM, <gi...@apache.org> wrote:
> Author: giger
> Date: Sat Dec 8 19:56:10 2012
> New Revision: 1418741
>
> URL: http://svn.apache.org/viewvc?rev=1418741&view=rev
> Log:
> Workaround: CXF seems not to call xmlstreamReader.close() which is
> essential to complete security processing.
>
> Modified:
>
> webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java
>
> Modified:
> webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java
> URL:
> http://svn.apache.org/viewvc/webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java?rev=1418741&r1=1418740&r2=1418741&view=diff
>
> ==============================================================================
> ---
> webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java
> (original)
> +++
> webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java
> Sat Dec 8 19:56:10 2012
> @@ -22,8 +22,10 @@ import org.apache.cxf.binding.soap.SoapF
> import org.apache.cxf.binding.soap.SoapMessage;
> import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
> import org.apache.cxf.interceptor.Fault;
> +import org.apache.cxf.interceptor.ServiceInvokerInterceptor;
> import org.apache.cxf.interceptor.StaxInInterceptor;
>
> +import org.apache.cxf.phase.Phase;
> import org.apache.ws.security.common.ext.WSSecurityException;
> import org.apache.ws.security.stax.WSSec;
> import org.apache.ws.security.stax.ext.InboundWSSec;
> @@ -84,6 +86,23 @@ public class SecurityInInterceptor exten
> newXmlStreamReader =
> inboundWSSec.processInMessage(originalXmlStreamReader,
> requestSecurityEvents, securityEventListener);
> soapMessage.setContent(XMLStreamReader.class,
> newXmlStreamReader);
>
> + //workaround: CXF seems not to call xmlstreamReader.close()
> which is essential to complete
> + //security processing. So we add another interceptor which
> does it.
> + AbstractSoapInterceptor abstractSoapInterceptor = new
> AbstractSoapInterceptor(Phase.PRE_INVOKE) {
> +
> + @Override
> + public void handleMessage(SoapMessage message) throws
> Fault {
> + XMLStreamReader xmlStreamReader =
> message.getContent(XMLStreamReader.class);
> + try {
> + xmlStreamReader.close();
> + } catch (XMLStreamException e) {
> + throw new SoapFault("unexpected service error",
> SoapFault.FAULT_CODE_SERVER);
> + }
> + }
> + };
> +
> abstractSoapInterceptor.addBefore(ServiceInvokerInterceptor.class.getName());
> +
> soapMessage.getInterceptorChain().add(abstractSoapInterceptor);
> +
> //Warning: The exceptions which can occur here are not
> security relevant exceptions but configuration-errors.
> //To catch security relevant exceptions you have to catch
> them e.g.in the FaultOutInterceptor.
> //Why? Because we do streaming security. This interceptor
> doesn't handle the ws-security stuff but just
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: svn commit: r1418741 -
/webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java
Posted by Marc Giger <gi...@apache.org>.
Hi Colm,
Done:
https://issues.apache.org/jira/browse/CXF-4688
Marc
On Mon, 10 Dec 2012 09:45:31 +0000
Colm O hEigeartaigh <co...@apache.org> wrote:
> Hi Marc,
>
> Could you raise this in CXF?
>
> Colm.
>
> On Sat, Dec 8, 2012 at 7:56 PM, <gi...@apache.org> wrote:
>
> > Author: giger
> > Date: Sat Dec 8 19:56:10 2012
> > New Revision: 1418741
> >
> > URL: http://svn.apache.org/viewvc?rev=1418741&view=rev
> > Log:
> > Workaround: CXF seems not to call xmlstreamReader.close() which is
> > essential to complete security processing.
> >
> > Modified:
> >
> > webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java
> >
> > Modified:
> > webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java
> > URL:
> > http://svn.apache.org/viewvc/webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java?rev=1418741&r1=1418740&r2=1418741&view=diff
> >
> > ==============================================================================
> > ---
> > webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java
> > (original)
> > +++
> > webservices/wss4j/trunk/cxf-integration/src/main/java/org/swssf/cxfIntegration/interceptor/SecurityInInterceptor.java
> > Sat Dec 8 19:56:10 2012
> > @@ -22,8 +22,10 @@ import org.apache.cxf.binding.soap.SoapF
> > import org.apache.cxf.binding.soap.SoapMessage;
> > import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
> > import org.apache.cxf.interceptor.Fault;
> > +import org.apache.cxf.interceptor.ServiceInvokerInterceptor;
> > import org.apache.cxf.interceptor.StaxInInterceptor;
> >
> > +import org.apache.cxf.phase.Phase;
> > import org.apache.ws.security.common.ext.WSSecurityException;
> > import org.apache.ws.security.stax.WSSec;
> > import org.apache.ws.security.stax.ext.InboundWSSec;
> > @@ -84,6 +86,23 @@ public class SecurityInInterceptor exten
> > newXmlStreamReader =
> > inboundWSSec.processInMessage(originalXmlStreamReader,
> > requestSecurityEvents, securityEventListener);
> > soapMessage.setContent(XMLStreamReader.class,
> > newXmlStreamReader);
> >
> > + //workaround: CXF seems not to call xmlstreamReader.close()
> > which is essential to complete
> > + //security processing. So we add another interceptor which
> > does it.
> > + AbstractSoapInterceptor abstractSoapInterceptor = new
> > AbstractSoapInterceptor(Phase.PRE_INVOKE) {
> > +
> > + @Override
> > + public void handleMessage(SoapMessage message) throws
> > Fault {
> > + XMLStreamReader xmlStreamReader =
> > message.getContent(XMLStreamReader.class);
> > + try {
> > + xmlStreamReader.close();
> > + } catch (XMLStreamException e) {
> > + throw new SoapFault("unexpected service error",
> > SoapFault.FAULT_CODE_SERVER);
> > + }
> > + }
> > + };
> > +
> > abstractSoapInterceptor.addBefore(ServiceInvokerInterceptor.class.getName());
> > +
> > soapMessage.getInterceptorChain().add(abstractSoapInterceptor);
> > +
> > //Warning: The exceptions which can occur here are not
> > security relevant exceptions but configuration-errors.
> > //To catch security relevant exceptions you have to catch
> > them e.g.in the FaultOutInterceptor.
> > //Why? Because we do streaming security. This interceptor
> > doesn't handle the ws-security stuff but just
> >
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org