You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ay...@apache.org on 2014/06/16 10:23:48 UTC
git commit: [CXF-5805] Invalid SOAP Envelope names are accepted
Repository: cxf
Updated Branches:
refs/heads/master 657ab96e8 -> 8d001611e
[CXF-5805] Invalid SOAP Envelope names are accepted
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8d001611
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8d001611
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8d001611
Branch: refs/heads/master
Commit: 8d001611e0ccbbd5d7f54c2d747538a41809c2b1
Parents: 657ab96
Author: Akitoshi Yoshida <ay...@apache.org>
Authored: Mon Jun 16 10:23:02 2014 +0200
Committer: Akitoshi Yoshida <ay...@apache.org>
Committed: Mon Jun 16 10:23:30 2014 +0200
----------------------------------------------------------------------
.../soap/interceptor/Messages.properties | 1 +
.../interceptor/ReadHeadersInterceptor.java | 14 +++++--
.../binding/soap/ReadHeaderInterceptorTest.java | 18 ++++++++
.../cxf/binding/soap/test-bad-envname.xml | 43 ++++++++++++++++++++
4 files changed, 72 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d001611/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/Messages.properties
----------------------------------------------------------------------
diff --git a/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/Messages.properties b/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/Messages.properties
index b00bdd5..9b1a7c2 100644
--- a/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/Messages.properties
+++ b/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/Messages.properties
@@ -28,6 +28,7 @@ NO_OPERATION=No such operation: {0}
ATTACHMENT_IO=Attachment IO Exception: {0}
INVALID_VERSION="{0}", the namespace on the "{1}" element, is not a valid SOAP version.
INVALID_11_VERSION=A SOAP 1.2 message is not valid when sent to a SOAP 1.1 only endpoint.
+INVALID_ENVELOPE=Invalid SOAP Envelope name
INVALID_FAULT=Invalid SOAP fault content
NO_NAMESPACE=No namespace on "{0}" element. You must send a SOAP request.
BP_2211_RPCLIT_CANNOT_BE_NULL=Cannot write part {0}. RPC/Literal parts cannot be null. (WS-I BP R2211)
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d001611/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ReadHeadersInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ReadHeadersInterceptor.java b/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ReadHeadersInterceptor.java
index 6926990..478e2b0 100644
--- a/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ReadHeadersInterceptor.java
+++ b/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/ReadHeadersInterceptor.java
@@ -107,15 +107,21 @@ public class ReadHeadersInterceptor extends AbstractSoapInterceptor {
public static SoapVersion readVersion(XMLStreamReader xmlReader, SoapMessage message) {
String ns = xmlReader.getNamespaceURI();
+ String lcname = xmlReader.getLocalName();
if (ns == null || "".equals(ns)) {
- throw new SoapFault(new Message("NO_NAMESPACE", LOG, xmlReader.getLocalName()),
+ throw new SoapFault(new Message("NO_NAMESPACE", LOG, lcname),
Soap11.getInstance().getVersionMismatch());
}
-
+
SoapVersion soapVersion = SoapVersionFactory.getInstance().getSoapVersion(ns);
if (soapVersion == null) {
- throw new SoapFault(new Message("INVALID_VERSION", LOG, ns, xmlReader.getLocalName()),
- Soap11.getInstance().getVersionMismatch());
+ throw new SoapFault(new Message("INVALID_VERSION", LOG, ns, lcname),
+ Soap11.getInstance().getVersionMismatch());
+ }
+
+ if (!"Envelope".equals(lcname)) {
+ throw new SoapFault(new Message("INVALID_ENVELOPE", LOG, lcname),
+ soapVersion.getSender());
}
message.setVersion(soapVersion);
return soapVersion;
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d001611/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/ReadHeaderInterceptorTest.java
----------------------------------------------------------------------
diff --git a/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/ReadHeaderInterceptorTest.java b/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/ReadHeaderInterceptorTest.java
index 15ce682..db03adf 100644
--- a/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/ReadHeaderInterceptorTest.java
+++ b/rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/ReadHeaderInterceptorTest.java
@@ -96,6 +96,24 @@ public class ReadHeaderInterceptorTest extends TestBase {
}
}
+
+ @Test
+ public void testBadSOAPEnvelopeName() throws Exception {
+ soapMessage = TestUtil.createEmptySoapMessage(Soap12.getInstance(), chain);
+ InputStream in = getClass().getResourceAsStream("test-bad-envname.xml");
+ assertNotNull(in);
+ ByteArrayDataSource bads = new ByteArrayDataSource(in, "test/xml");
+ soapMessage.setContent(InputStream.class, bads.getInputStream());
+
+ ReadHeadersInterceptor r = new ReadHeadersInterceptor(BusFactory.getDefaultBus());
+ try {
+ r.handleMessage(soapMessage);
+ fail("Did not throw exception");
+ } catch (SoapFault f) {
+ assertEquals(Soap11.getInstance().getSender(), f.getFaultCode());
+ }
+ }
+
@Test
public void testNoClosingEnvTage() throws Exception {
assertTrue(testNoClosingEnvTag(Boolean.TRUE));
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d001611/rt/bindings/soap/src/test/resources/org/apache/cxf/binding/soap/test-bad-envname.xml
----------------------------------------------------------------------
diff --git a/rt/bindings/soap/src/test/resources/org/apache/cxf/binding/soap/test-bad-envname.xml b/rt/bindings/soap/src/test/resources/org/apache/cxf/binding/soap/test-bad-envname.xml
new file mode 100644
index 0000000..da84745
--- /dev/null
+++ b/rt/bindings/soap/src/test/resources/org/apache/cxf/binding/soap/test-bad-envname.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<env:ENVELOPE xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
+ <env:Body>
+ <!-- boyd test for processing comment here -->
+ <p:itinerary xmlns:p="http://travelcompany.example.org/reservation/travel">
+ <p:departure>
+ <p:departing>New York</p:departing>
+ <p:arriving>Los Angeles</p:arriving>
+ <p:departureDate>2001-12-14</p:departureDate>
+ <p:departureTime>late afternoon</p:departureTime>
+ <p:seatPreference>aisle</p:seatPreference>
+ </p:departure>
+ <p:return>
+ <p:departing>Los Angeles</p:departing>
+ <p:arriving>New York</p:arriving>
+ <p:departureDate>2001-12-20</p:departureDate>
+ <p:departureTime>mid-morning</p:departureTime>
+ <p:seatPreference/>
+ </p:return>
+ </p:itinerary>
+ <q:lodging xmlns:q="http://travelcompany.example.org/reservation/hotels">
+ <q:preference>none</q:preference>
+ </q:lodging>
+ </env:Body>
+</env:ENVELOPE>