You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/07/01 18:19:33 UTC
cxf git commit: Fixing MTOM warnings with WS-Security
Repository: cxf
Updated Branches:
refs/heads/master e1d0a78fa -> b1c7e0eb4
Fixing MTOM warnings with WS-Security
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b1c7e0eb
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b1c7e0eb
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b1c7e0eb
Branch: refs/heads/master
Commit: b1c7e0eb4e37e8b49cc8fb78b91fd2f193e3adff
Parents: e1d0a78
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jul 1 15:27:24 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jul 1 17:19:30 2015 +0100
----------------------------------------------------------------------
.../ws/security/wss4j/WSS4JOutInterceptor.java | 38 ++++++++------------
.../org/apache/cxf/systest/ws/mtom/client.xml | 4 ---
2 files changed, 14 insertions(+), 28 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/b1c7e0eb/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
index 37cb572..5e07fdd 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
@@ -30,7 +30,7 @@ import java.util.logging.Logger;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Document;
-
+import org.apache.cxf.attachment.AttachmentUtil;
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.SoapVersion;
@@ -80,34 +80,15 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
setProperties(props);
}
+ @Deprecated
public boolean isAllowMTOM() {
return mtomEnabled;
}
- /**
- * Enable or disable mtom with WS-Security. MTOM is disabled if we are signing or
- * encrypting the message Body, as otherwise attachments would not get encrypted
- * or be part of the signature.
- * @param mtomEnabled
- */
+ @Deprecated
public void setAllowMTOM(boolean allowMTOM) {
this.mtomEnabled = allowMTOM;
}
-
- protected void handleSecureMTOM(SoapMessage mc, List<HandlerAction> actions) {
- if (mtomEnabled) {
- return;
- }
-
- //must turn off mtom when using WS-Sec so binary is inlined so it can
- //be properly signed/encrypted/etc...
- String mtomKey = org.apache.cxf.message.Message.MTOM_ENABLED;
- if (mc.get(mtomKey) == Boolean.TRUE) {
- LOG.warning("MTOM will be disabled as the WSS4JOutInterceptor.mtomEnabled property"
- + " is set to false");
- }
- mc.put(mtomKey, Boolean.FALSE);
- }
@Override
public Object getProperty(Object msgContext, String key) {
@@ -213,8 +194,12 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
reqData.setMsgContext(mc);
reqData.setAttachmentCallbackHandler(new AttachmentCallbackHandler(mc));
- handleSecureMTOM(mc, actions);
-
+ if (AttachmentUtil.isMtomEnabled(mc) && hasAttachments(mc)) {
+ LOG.warning("MTOM is enabled with WS-Security. Please note that if an attachment is"
+ + "referenced in the SOAP Body, only the reference will be signed and not the"
+ + "SOAP Body!");
+ }
+
/*
* For every action we need a username, so get this now. The
* username defined in the deployment descriptor takes precedence.
@@ -306,6 +291,11 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
//nothing
}
+ private boolean hasAttachments(SoapMessage mc) {
+ final Collection<org.apache.cxf.message.Attachment> attachments = mc.getAttachments();
+ return attachments != null && attachments.size() > 0;
+ }
+
private void configureActions(SoapMessage mc, boolean doDebug,
SoapVersion version, WSSConfig config) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/b1c7e0eb/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
index be8f8ec..b668025 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
@@ -50,9 +50,6 @@
</constructor-arg>
</bean>
</jaxws:inInterceptors>
- <jaxws:properties>
- <entry key="mtom-enabled" value="true"/>
- </jaxws:properties>
</jaxws:client>
<jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSignedMTOMSwAPort" createdFromAPI="true">
@@ -69,7 +66,6 @@
<entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
</map>
</constructor-arg>
- <property name="allowMTOM" value="true"/>
</bean>
</jaxws:outInterceptors>
<jaxws:inInterceptors>