You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2014/01/13 17:42:51 UTC
[jira] [Resolved] (WSS-486) Streaming code does not process a
(non-secured) SOAP Fault correctly
[ https://issues.apache.org/jira/browse/WSS-486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved WSS-486.
-------------------------------------
Resolution: Fixed
> Streaming code does not process a (non-secured) SOAP Fault correctly
> --------------------------------------------------------------------
>
> Key: WSS-486
> URL: https://issues.apache.org/jira/browse/WSS-486
> Project: WSS4J
> Issue Type: Bug
> Reporter: Colm O hEigeartaigh
> Assignee: Marc Giger
> Fix For: 2.0.0
>
>
> The streaming code does not process a non-secured SOAP Fault correctly. I've merged some code to the PolicyEnforcer to not throw a PolicyValidationException when we are an initiator + there is no security header + there is no SOAP Fault. This allows a client to see what the actual error message is, rather than complain about an insecured response.
> However, there is a bug in the SecurityHeaderInputProcessor, it throws the following exception:
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: Request is not a valid SOAP Message
> at org.apache.wss4j.stax.impl.processor.input.SecurityHeaderInputProcessor.processNextEvent(SecurityHeaderInputProcessor.java:95)
> I can only reproduce in conjunction with CXF. See the following test ("testSOAPFaultError"):
> http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/PartsTest.java?view=markup
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org