You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Bhun Kho <Bh...@ictu.nl.INVALID> on 2020/09/12 14:28:48 UTC

CXF/MessageFactory accepts malformed XML due to MessageFactory

Hi dev@cxf.apache.org,

Is there anyway I can get the MessageFactory used by CXF to behave properly and reject
malformed XML?

I have a SOAP-service implemented as a @WebServiceProvider JAX-WS Provider (see [1] for the 'skeleton'),
somehow the webservice accepts malformed XML, when it's missing 'uninteresting' end-tags,
such as </Envelope> [2].

This seems to be caused by the usage of MessageFactory somewhere in the ws-stack.

I gutted one of the unittests from the cxf that shows the same behavior:
- https://github.com/kimholan/cxf/commit/10783ad7a54245d97264144816124090f6cb124c [ see testSOAPMessage-method]
- malformed xml in the test due to removal of the last 'Envelope'-closing tag
  - path: systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/resources/GreetMeDocLiteralReq.xml
  - expected outcome for the test is that fails earlier (instead of the fail()-I added)


Thanks in advance for any help,
Bhun.

--

[1] skeleton implementation:

@Stateless
@WebServiceProvider
@ServiceMode(MESSAGE)
public class MySoapService implements javax.xml.ws.Provider<Source> {

    @Override
    public Source invoke(javax.xml.transform.Source source) {

    }

}

[2] basically this is the bug 'somewhere in the stack':

import org.junit.Assert;
import org.junit.Test;

import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPException;
import java.io.ByteArrayInputStream;
import java.io.IOException;

public class MessageTest {

    @Test
    public void malformedXml() throws SOAPException, IOException {
        var  messageFactory = MessageFactory.newInstance();
        System.err.println(messageFactory.getClass().getName());
        var message = messageFactory.createMessage(null, new ByteArrayInputStream((
                "<?xml version=\"1.0\" encoding=\"UTF-8\"?><z:Envelope xmlns:z=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:x=\"urn:nl-gdi-eid:1.0:webservices\">\n" +
                        "<z:Header>\n" +
                        "</z:Header>\n" +
                        "<z:Body>\n"+
                        "</z:Body></z:Body></z:Body>"

        ).getBytes()));
        Assert.fail(); //<--- should not be reaching this??
    }

}
---