[
https://issues.apache.org/jira/browse/CXF-1491?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daniel Kulp reassigned CXF-1491:
--------------------------------
Assignee: Daniel Kulp
> ReadHeadersInterceptor reads to much after parsing soap-header and breaks wss
> signature
> ---------------------------------------------------------------------------------------
>
> Key: CXF-1491
> URL: https://issues.apache.org/jira/browse/CXF-1491
> Project: CXF
> Issue Type: Bug
> Affects Versions: 2.0.4
> Reporter: Marc Giger
> Assignee: Daniel Kulp
> Priority: Critical
>
> On line 176 in ReadHeadersInterceptor there is the following code:
> /// advance just past body.
> //xmlReader.nextTag();
> if (message.getVersion().getFault().equals(xmlReader.getName())) {
> Endpoint ep = message.getExchange().get(Endpoint.class);
> if (!isDecoupled(message)) {
> message.getInterceptorChain().abort();
> if (ep.getInFaultObserver() != null) {
> ep.getInFaultObserver().onMessage(message);
> }
> } else {
> message.getExchange().put("deferred.fault.observer.notification",
> Boolean.TRUE);
> }
> }
> xmlReader.nextTag(); reads to much. After the body-element it is possible to
> have a text-node which is part of signature-digest when the whole
> body is signed. With this statement we skip this text-node and as result the
> signature is invalid.
> xmlReader.next() solves that problem but the code that follows it stops
> working...of course.
> Btw: If I understand the code correctly, if the incoming mesage is a
> soap-fault the InFaultChain is called. Is ReadHeadersInterceptor the right
> place to check for a InFault? What happens when the incoming fault is
> encrypted? Shouldn't that be moved to a separate interceptor after a possible
> WSS4JInterceptor is called?
> Thanks
> Marc
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
