You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Bhun Kho <Bh...@ictu.nl.INVALID> on 2020/09/12 14:28:48 UTC
CXF/MessageFactory accepts malformed XML due to MessageFactory
Hi dev@cxf.apache.org,
Is there anyway I can get the MessageFactory used by CXF to behave properly and reject
malformed XML?
I have a SOAP-service implemented as a @WebServiceProvider JAX-WS Provider (see [1] for the 'skeleton'),
somehow the webservice accepts malformed XML, when it's missing 'uninteresting' end-tags,
such as </Envelope> [2].
This seems to be caused by the usage of MessageFactory somewhere in the ws-stack.
I gutted one of the unittests from the cxf that shows the same behavior:
- https://github.com/kimholan/cxf/commit/10783ad7a54245d97264144816124090f6cb124c [ see testSOAPMessage-method]
- malformed xml in the test due to removal of the last 'Envelope'-closing tag
- path: systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/resources/GreetMeDocLiteralReq.xml
- expected outcome for the test is that fails earlier (instead of the fail()-I added)
Thanks in advance for any help,
Bhun.
--
[1] skeleton implementation:
@Stateless
@WebServiceProvider
@ServiceMode(MESSAGE)
public class MySoapService implements javax.xml.ws.Provider<Source> {
@Override
public Source invoke(javax.xml.transform.Source source) {
}
}
[2] basically this is the bug 'somewhere in the stack':
import org.junit.Assert;
import org.junit.Test;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
public class MessageTest {
@Test
public void malformedXml() throws SOAPException, IOException {
var messageFactory = MessageFactory.newInstance();
System.err.println(messageFactory.getClass().getName());
var message = messageFactory.createMessage(null, new ByteArrayInputStream((
"<?xml version=\"1.0\" encoding=\"UTF-8\"?><z:Envelope xmlns:z=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:x=\"urn:nl-gdi-eid:1.0:webservices\">\n" +
"<z:Header>\n" +
"</z:Header>\n" +
"<z:Body>\n"+
"</z:Body></z:Body></z:Body>"
).getBytes()));
Assert.fail(); //<--- should not be reaching this??
}
}
---