Well, I'm not able to reproduce the issue. I've pretty much created a testcase in our aegis tests that enable wss4j with username/password combos just like you have and send "jack&jill" and it works.
HOWEVER, if I send " jack&jill ", the string ended up trimmed. Digging into that more, I did discover a bug that COULD cause what you are seeing. The DOM reader (when using WSS4J, the message ends up as DOM) we have had two issues: 1) It only checked the first TEXT node. I THINK this is what you are seeing. Whatever parser you are using was splitting the text into multiple text nodes. Are you using something other than woodstox? 2) It was also calling trim on the resulting string. I've gone ahead and fixed those issues and am running the tests now. I'll get that committed shortly (providing the tests pass). New snapshots should be up tomorrow (or you could checkout from SVN and build). It would be great if you could test those to see if your issue is fixed as well. Dan On Wed May 6 2009 10:16:56 am marcob wrote: > Hi, > > I tested that the problem occurs if I enable WS-Security. Below the test > case. > > Service Interface: > @WebService(name = "BatchManagerService", targetNamespace = > "http://www.satanet.it/kfi";) > public interface IBatchManagerService { > @WebResult(targetNamespace = "http://www.satanet.it/kfi";) > public String echo(@WebParam(name="text") String txt); > } > > Service implementation: > @WebService(endpointInterface = > "it.satanet.karthaForInvoice.commonInterfaces.batchManager.IBatchManagerSer >vice", serviceName = "BatchManagerService", targetNamespace = > "http://www.satanet.it/kfi";) > public class BatchManagerServiceImpl implements IBatchManagerService { > > @Override > public String echo(String txt) { > System.out.println(txt); > return txt; > } > > } > > Service Spring cfg: > <bean id="aegisDatabinding" > class="org.apache.cxf.aegis.databinding.AegisDatabinding" scope="prototype" > /> > > <bean id="myPasswordCallback" > class="it.satanet.karthaForInvoice.commonInterfaces.ws_util.ServerPasswordC >allback"/> > > <!-- WS --> > > <bean id="wsService" > class="it.satanet.karthaForInvoice.batchManager.service.BatchManagerService >Impl" /> > <bean id="serviceFactory" > class="org.apache.cxf.jaxws.support.JaxWsServiceFactoryBean" > scope="prototype"> > <property name="dataBinding" ref="aegisDatabinding" /> > </bean> > <jaxws:server id="wsServiceEndpoint" serviceBean="#wsService" > serviceClass="it.satanet.karthaForInvoice.batchManager.service.BatchManager >ServiceImpl" address="/ws"> > <jaxws:serviceFactory> > <ref bean="serviceFactory" /> > </jaxws:serviceFactory> > > <jaxws:inInterceptors> > <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="UsernameToken"/> > <entry key="passwordType" value="PasswordText"/> > <entry key="passwordCallbackRef"> > <ref bean="myPasswordCallback"/> > </entry> > </map> > </constructor-arg> > </bean> > </jaxws:inInterceptors> > > <jaxws:properties> > <entry key="mtom-enabled" value="true" /> > </jaxws:properties> > > </jaxws:server> > > > Client (generic, but you can replace T with the service interface): > @SuppressWarnings("unchecked") > public T getClientProxy(Class<T> c) { > JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean(); > > // logging > // factory.getInInterceptors().add(new LoggingInInterceptor()); > // factory.getOutInterceptors().add(new LoggingOutInterceptor()); > > Map<String, Object> outProps = new HashMap<String, Object>(); > WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); > factory.getOutInterceptors().add(wssOut); > outProps.put(WSHandlerConstants.ACTION, > WSHandlerConstants.USERNAME_TOKEN); > // Specify our username > outProps.put(WSHandlerConstants.USER, > ServerPasswordCallback.WS_SECURITY_USER); > // Password type : plain text > outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); > // for hashed password use: > // properties.put(WSHandlerConstants.PASSWORD_TYPE, > WSConstants.PW_DIGEST); > outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, > ClientPasswordHandler.class.getName()); > > // invocation > factory.setServiceClass(c); > AegisDatabinding dataBinding = new AegisDatabinding(); > dataBinding.setMtomEnabled(MTOM_ENABLED); > dataBinding.setMtomUseXmime(MTOM_ENABLED); > factory.setDataBinding(dataBinding); > factory.setAddress(wsUrl); > Map<String, Object> properties = factory.getProperties(); > if (properties == null) { > properties = new HashMap<String, Object>(); > factory.setProperties(properties); > } > properties.put("mtom-enabled", MTOM_ENABLED); > > return (T) factory.create(); > } > > By disabling WSS4J support, everything works fine. > Right now, I think I can do without WSS4J but I'd like to know what goes > wrong. > Marco > > dkulp wrote: > > A simple testcase for this would be great if at all possible. > > > > I just tested this by adding the string "john&marry" to the testString > > stuff > > in our type tests and it passed fine. The full string was properly > > echoed > > back. Thus, I'm not sure what would be going on. A test case would > > definitely be useful. > > > > > > Dan > > > > On Fri May 1 2009 3:38:44 am marcob wrote: > >> That was my first reaction as well! > >> Yes, I have CXF at both ends. I don't know if it might help, but in the > >> previous post I forgot to say that my WS stack also includes a WS > >> Security > >> Interceptor. When I come back to the office (Monday), I'll test the same > >> code without WS-Security and check whether exists a more updated version > >> of > >> woodstox library. > >> In the meanwhile, any further suggestion is very welcome! > >> Marco > >> > >> bimargulies wrote: > >> > My first reaction is that I don't believe it. It is the woodstox code > >> > that handles all of this, not us. Is the CXF on both ends? > >> > > >> > On Thu, Apr 30, 2009 at 12:21 PM, marcob <[email protected]> wrote: > >> >> Hi, > >> >> > >> >> I've found this unexpected behaviour while using cxf 2.2.x + JaxWS + > >> >> Aegis. > >> >> If I define a method that accepts string parameters, e.g. > >> >> > >> >> public void echo(String text) { > >> >> System.out.println(text); > >> >> } > >> >> > >> >> and I pass a string containing the ampersand character (&), e.g. > >> >> "john&lucy", the echo method only prints "john". I investigated the > >> >> problem > >> >> with an HTTP Monitor and it seems that at client side the string is > >> >> correctly escaped (the SOAP request contains the "john&amp;lucy" > >> >> text) > >> >> but, at server side, the string is truncated at the & character > >> >> position. > >> >> > >> >> From my point of view, it seems to be a bug. > >> >> Any solution? > >> >> Thanks > >> >> Marco > >> >> -- > >> >> View this message in context: > >> > >> http://www.nabble.com/CXF-2.2.x-ampersand-issue-tp23319655p23319655.html > >> > >> >> Sent from the cxf-user mailing list archive at Nabble.com. > > > > -- > > Daniel Kulp > > [email protected] > > http://www.dankulp.com/blog -- Daniel Kulp [email protected] http://www.dankulp.com/blog
