You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2008/04/01 04:50:24 UTC

[jira] Resolved: (CXF-1491) ReadHeadersInterceptor reads to much after parsing soap-header and breaks wss signature

     [ https://issues.apache.org/jira/browse/CXF-1491?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Kulp resolved CXF-1491.
------------------------------

       Resolution: Fixed
    Fix Version/s: 2.0.6

> ReadHeadersInterceptor reads to much after parsing soap-header and breaks wss signature
> ---------------------------------------------------------------------------------------
>
>                 Key: CXF-1491
>                 URL: https://issues.apache.org/jira/browse/CXF-1491
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 2.0.4
>            Reporter: Marc Giger
>            Assignee: Daniel Kulp
>            Priority: Critical
>             Fix For: 2.0.6
>
>
> On line 176 in ReadHeadersInterceptor there is the following code:
> /// advance just past body.
> //xmlReader.nextTag();
> if (message.getVersion().getFault().equals(xmlReader.getName())) {
>     Endpoint ep = message.getExchange().get(Endpoint.class);
>     if (!isDecoupled(message)) {
>         message.getInterceptorChain().abort();
>         if (ep.getInFaultObserver() != null) {
>             ep.getInFaultObserver().onMessage(message);
>         }
>     } else {
>         message.getExchange().put("deferred.fault.observer.notification", Boolean.TRUE);
>     }
> } 
> xmlReader.nextTag(); reads to much. After the body-element it is possible to have a text-node which is part of signature-digest when the whole
> body is signed. With this statement we skip this text-node and as result the signature is invalid.
> xmlReader.next() solves that problem but the code that follows it stops working...of course.
> Btw: If I understand the code correctly, if the incoming mesage is a soap-fault the InFaultChain is called. Is ReadHeadersInterceptor the right place to check for a InFault? What happens when the incoming fault is encrypted? Shouldn't that be moved to a separate interceptor after a possible WSS4JInterceptor is called?
> Thanks
> Marc

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.