> On Feb 12, 2015, at 3:03 PM, dudae <dudaer...@gmail.com> wrote: > Do you check the implementation? Could you give me some feedback please? > Thank you.
Just took a quick look at this… I completely forgot about this. There are a couple of obvious things that “jump out” that are very quick/easy to fix. Mostly removing the @author tags (highly discouraged at Apache) and there are a few files that need the Apache header added (the XML files). There are also several warnings when pulled into Eclipse, but those aren’t big deals at all. The other issue would be the use of the System.out for all the messages during the tests causing a lot of output on the console. Again, easy fix and I understand why it’s there during development. The main thing that jumps out at me as being problematic is the use of the JAX-WS handlers (org.apache.cxf.ws.transfer.shared.handlers). Those cause problems as we have to completely break streaming to build the SOAPMessage that is passed into those. I’d very strongly encourage flipping those to normal CXF SOAP interceptors. They seem to only operate on SOAP headers so they can call the getHeaders method on the SOAPMessage passed into the interceptor and pretty much allow the body to remain as is. (likely streaming) That said, I’m not sure those are even needed. CXF’s MAPCodec.java already gathers the headers that have the ReferenceParameter attribute and adds them to the “To” EndpointReference. You may need to experiment a bit more to see if they are really getting through (and if not, figure out why). Likewise, on the client, you could directly add them to the client RequestContext via the normal way of adding headers: http://cxf.apache.org/faq.html#FAQ-HowcanIaddsoapheaderstotherequest/response? and avoid the JAX-WS handler/interceptor entirely. Few more CXF things: In XLSTResourceTransformer and TransferTools and a few other places, you are creating DocumentBuilderFactory/DocumentBuilder and a Transformer and such. You really should use the utility methods we have in StaxUtils, XMLUtils, and XSLTUtils for much of that. We try to make sure all the XML parsing and processing goes through those utilities so that we can control various aspects to prevent various attacks (like entity expansion attacks). Other than that, it looks fairly good. I hope the above gives you some stuff to think about. -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
