You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Modestas Vainius (JIRA)" <ji...@apache.org> on 2014/05/02 00:13:17 UTC
[jira] [Created] (CXF-5724) Extra text and comments after
are treated as part of SOAP body by CXF
Modestas Vainius created CXF-5724:
-------------------------------------
Summary: Extra text and comments after </soapenv:Body> are treated as part of SOAP body by CXF
Key: CXF-5724
URL: https://issues.apache.org/jira/browse/CXF-5724
Project: CXF
Issue Type: Bug
Components: Soap Binding
Affects Versions: 2.7.11, 2.7.10, 2.7.9
Reporter: Modestas Vainius
Hello,
it appears that since https://github.com/apache/cxf/commit/eb70d1008b8ffd32c90c990122b08d10ffcda933 extra characters and comments after </soapenv:Body> get "leaked" into CXF view of SOAP body. This is not a big problem unless SOAP body is signed with WSS Security. Obviously, then any characters (in particular new lines or whitespaces) after </soapenv:Body> will cause signature validation to fail due to checksum mismatch.
This is due to switch from StaxUtils.readDocElements() to StaxUtils.copy(). Now I'm not sure if StaxUtils.copy() is either buggy or misused there. If called with *fragment*=false, it would probably extract body as expected but then again I'm not sure what's the point of *fragment* flag. So, I attach the patch which fixes the "leak" problem in StaxUtils.copy() when *fragment*=true.
--
This message was sent by Atlassian JIRA
(v6.2#6252)