Repository: cxf Updated Branches: refs/heads/master 2ea81b5f7 -> be2bf8d64
Making sure XmlSec/Sig/Enc in interceptors do not run on the client side unless the response code is 200 Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/be2bf8d6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/be2bf8d6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/be2bf8d6 Branch: refs/heads/master Commit: be2bf8d644887fc1853210b9b82db897c4d73dd0 Parents: 2ea81b5 Author: Sergey Beryozkin <sberyoz...@gmail.com> Authored: Wed Mar 29 11:52:01 2017 +0100 Committer: Sergey Beryozkin <sberyoz...@gmail.com> Committed: Wed Mar 29 11:52:01 2017 +0100 ---------------------------------------------------------------------- .../rs/security/xml/AbstractXmlSecInHandler.java | 17 +++++++++++++---- .../cxf/rs/security/xml/XmlSecInInterceptor.java | 18 +++++++++++++++--- 2 files changed, 28 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/be2bf8d6/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java index 24bac79..3ae5e02 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java @@ -34,6 +34,7 @@ import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.jaxrs.utils.ExceptionUtils; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.message.Message; +import org.apache.cxf.message.MessageUtils; import org.apache.cxf.staxutils.StaxUtils; import org.apache.cxf.staxutils.W3CDOMStreamReader; import org.apache.wss4j.common.crypto.WSProviderConfig; @@ -70,11 +71,14 @@ public abstract class AbstractXmlSecInHandler { } protected Document getDocument(Message message) { - String method = (String)message.get(Message.HTTP_REQUEST_METHOD); - if ("GET".equals(method)) { + if (isServerGet(message)) { return null; + } else { + Integer responseCode = (Integer)message.get(Message.RESPONSE_CODE); + if (responseCode != null && responseCode != 200) { + return null; + } } - Document doc = null; InputStream is = message.getContent(InputStream.class); if (is != null) { @@ -94,6 +98,11 @@ public abstract class AbstractXmlSecInHandler { } return doc; } + + protected boolean isServerGet(Message message) { + String method = (String)message.get(Message.HTTP_REQUEST_METHOD); + return "GET".equals(method) && !MessageUtils.isRequestor(message); + } protected void throwFault(String error, Exception ex) { StringBuilder log = new StringBuilder(error); @@ -101,7 +110,7 @@ public abstract class AbstractXmlSecInHandler { log = log.append(" - ").append(ex.getMessage()); } LOG.warning(log.toString()); - Response response = JAXRSUtils.toResponseBuilder(400).entity(error).build(); + Response response = JAXRSUtils.toResponseBuilder(400).entity(error).type("text/plain").build(); throw ExceptionUtils.toBadRequestException(null, response); } http://git-wip-us.apache.org/repos/asf/cxf/blob/be2bf8d6/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java index 5730381..e5e45be 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java @@ -101,7 +101,7 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> imple } public void handleMessage(Message message) throws Fault { - if (isServerGet(message)) { + if (!canDocumentBeRead(message)) { return; } prepareMessage(message); @@ -144,6 +144,18 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> imple } } + private boolean canDocumentBeRead(Message message) { + if (isServerGet(message)) { + return false; + } else { + Integer responseCode = (Integer)message.get(Message.RESPONSE_CODE); + if (responseCode != null && responseCode != 200) { + return false; + } + } + return true; + } + private boolean isServerGet(Message message) { String method = (String)message.get(Message.HTTP_REQUEST_METHOD); return "GET".equals(method) && !MessageUtils.isRequestor(message); @@ -360,7 +372,7 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> imple protected void throwFault(String error, Exception ex) { LOG.warning(error); - Response response = JAXRSUtils.toResponseBuilder(400).entity(error).build(); + Response response = JAXRSUtils.toResponseBuilder(400).entity(error).type("text/plain").build(); throw ExceptionUtils.toBadRequestException(null, response); } @@ -446,7 +458,7 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> imple public Object aroundReadFrom(ReaderInterceptorContext ctx) throws IOException, WebApplicationException { Message message = ((ReaderInterceptorContextImpl)ctx).getMessage(); - if (isServerGet(message)) { + if (!canDocumentBeRead(message)) { return ctx.proceed(); } else { prepareMessage(message);