ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marc Giger (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WSS-459) RequiredParts + EncryptedParts policy validation not working
Date Fri, 12 Jul 2013 10:33:48 GMT

    [ https://issues.apache.org/jira/browse/WSS-459?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13706841#comment-13706841
] 

Marc Giger commented on WSS-459:
--------------------------------

Yes, it's a mandatory necessity that close() is called on the StAX reader _before_ the service
is invoked to
get the wss4j stax impl. a chance to finish it's work. If we don't do it security processing
will be in an
undefined state. It does not only affect the policy processing but also for example the signature
processing.

One special case should not be forgotten: Message Mode, if CXF does really allow to stream
without any caching
directly up to the service implementation it should be documented somewhere that the user
is responsible to leach
the stream to the end and call close() on it.

Marc

                
> RequiredParts + EncryptedParts policy validation not working
> ------------------------------------------------------------
>
>                 Key: WSS-459
>                 URL: https://issues.apache.org/jira/browse/WSS-459
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: Colm O hEigeartaigh
>            Assignee: Marc Giger
>             Fix For: 2.0
>
>
> RequiredParts policy validation is not working. A CXF negative test-case (StaxPartsTest)
has a policy which "requires" a header of name "ToTo", however the (streaming) service throws
no error.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message