You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2019/04/03 13:27:01 UTC

[jira] [Created] (CXF-8010) Avoid applying the SAAJInInterceptor to unsecured messages when using WS-SecurityPolicy

Colm O hEigeartaigh created CXF-8010:
----------------------------------------

             Summary: Avoid applying the SAAJInInterceptor to unsecured messages when using WS-SecurityPolicy
                 Key: CXF-8010
                 URL: https://issues.apache.org/jira/browse/CXF-8010
             Project: CXF
          Issue Type: Improvement
            Reporter: Colm O hEigeartaigh
            Assignee: Colm O hEigeartaigh
             Fix For: 3.3.2


It's possible to have a scenario where certain operations are secured using a WS-SecurityPolicy, and some are not secured at all. Up til now, the WSS4JInInterceptor will convert all messages to DOM form for WS-Security processing, using the SAAJInInterceptor.

With this fix, if a message does not contain a security header, it will not be converted using the SAAJInIntereptor. Instead the policies are evaluated against an empty set. This should result in a performance boost for the insecured message case. Note that this only applies when using WS-SecurityPolicy, and not using the plain WSS4JInInterceptor with "action" configuration.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)