On Fri May 8 2009 2:31:56 am marcob wrote: > I've tested the latest SNAPSHOT (May 7th). > The result now is that the string "lucy&mary" is read as "lucymary"... > not completely correct but much better than before! > If the issue might be solved by modifying something in my classpath, please > let me know.
OK. I see what I did. The second text node is getting lost. Basically, the STAX parser built into Java 6 is splitting that into three text nodes: lucy & mary Yesterdays version only grabbed the first. Today's grabs all but the second. Tomorrows should grab all three. :-) The other option for you: add a woodstox jar to your classpath: http://repo1.maven.org/maven2/org/codehaus/woodstox/wstx-asl/3.2.9/ The woodstox parser puts that all in a single text node. Thus, that should work for you. Dan > > Thanks agian! > Marco > > marcob wrote: > > Hi Dan, > > > > thank you for your detailed reply. > > According to your first question, please find below my project classpath: > > > > activation-1.1.jar > > ant-1.6.5.jar > > antlr-2.7.6.jar > > aopalliance-1.0.jar > > apache-pdfbox-0.8.0-incubator-dev.jar > > arq.jar > > arq-extra.jar > > asm.jar > > asm-attrs.jar > > aspectjrt-1.5.4.jar > > backport-util-concurrent.jar > > barbecue-1.5-beta1.jar > > bcprov-jdk15-140.jar > > c3p0-0.9.1.jar > > castor-0.9.6.jar > > cglib-2.1.3.jar > > clibwrapper_jiio.jar > > commons-beanutils.jar > > commons-chain-1.1.jar > > commons-codec-1.3.jar > > commons-collections-2.1.1.jar > > commons-digester.jar > > commons-discovery.jar > > commons-el.jar > > commons-fileupload.jar > > commons-validator-1.3.1.jar > > core-3.1.1.jar > > cxf-2.2.jar > > dom4j-1.6.1.jar > > ehcache-1.4.1.jar > > ejb3-persistence.jar > > el-ri.jar > > FastInfoset-1.2.2.jar > > filetimes.jar > > FontBox-0.2.0-dev.jar > > geronimo-activation_1.1_spec-1.0.2.jar > > geronimo-annotation_1.0_spec-1.1.1.jar > > geronimo-servlet_2.5_spec-1.2.jar > > geronimo-stax-api_1.0_spec-1.0.1.jar > > hibernate3.jar > > hibernate-annotations.jar > > hibernate-commons-annotations.jar > > icefaces.jar > > icefaces-comps.jar > > icefaces-facelets.jar > > icu4j_3_4.jar > > iri.jar > > iText-2.1.3.jar > > jai_codec.jar > > jai_core.jar > > jai_imageio.jar > > jawin.jar > > jawin-stubs.jar > > jaxb-impl-2.1.7.jar > > jaxb-xjc-2.1.7.jar > > jaxen-1.1.jar > > jcifs-1.2.24.jar > > jcl-over-slf4j-1.5.6.jar > > jdom-1.0.jar > > jena.jar > > jenatest.jar > > jettison-1.0.jar > > jetty-6.1.15.jar > > jetty-util-6.1.15.jar > > jsf-api-1.2.jar > > jsf-impl-1.2.jar > > json.jar > > jsp-2.1-glassfish-9.1.1.B51.25.p1.jar > > jsp-2.1-jetty-6.1.15.jar > > jsp-api-2.1-glassfish-9.1.1.B51.25.p1.jar > > jsr107cache-1.0.jar > > jstl.jar > > jta.jar > > krysalis-jCharts-1.0.0-alpha-1.jar > > license-1.0.0.0.jar > > license-internal-1.0.0.0.jar > > log4j-1.2.15.jar > > lucene-core-2.2.0.jar > > mail-1.4.jar > > mysql-connector-java-3.1.14-bin.jar > > neethi-2.0.4.jar > > opensaml-1.1.jar > > PDFRenderer.jar > > poi-3.2-FINAL-20081019.jar > > poi-contrib-3.2-FINAL-20081019.jar > > poi-scratchpad-3.2-FINAL-20081019.jar > > postgresql-8.2-508.jdbc3.jar > > satanet-app.jar > > serializer-2.7.1.jar > > servlet-api-2.5-20081211.jar > > slf4j-api-1.5.6.jar > > slf4j-log4j12-1.5.6.jar > > spring.jar > > spring-security-acl-2.0.4.jar > > spring-security-cas-client-2.0.4.jar > > spring-security-catalina-2.0.4.jar > > spring-security-core-2.0.4.jar > > spring-security-core-tiger-2.0.4.jar > > spring-security-jboss-2.0.4.jar > > spring-security-jetty-2.0.4.jar > > spring-security-ntlm-2.0.4.jar > > spring-security-openid-2.0.4.jar > > spring-security-portlet-2.0.4.jar > > spring-security-resin-2.0.4.jar > > spring-security-taglibs-2.0.4.jar > > standard-1.1.2.jar > > stax-api-1.0.jar > > stax-utils-20060502.jar > > wsdl4j-1.6.2.jar > > wss4j-1.5.7.jar > > xalan-2.7.1.jar > > xercesImpl.jar > > xml-apis.jar > > xml-resolver-1.2.jar > > XmlSchema-1.4.2.jar > > xmlsec-1.4.0.jar > > xpp3_min-1.1.4c.jar > > xstream-1.2.1.jar > > > > I've just checked the available snapshots for CXF 2.2 but it seems that > > the latest was built on Tuesday 5th, so I guess it isn't the one you > > worked on. > > Today I'll be out of office but tomorrow (Friday 8th) I'll test your > > changes and let you know. > > > > Marco > > > > dkulp wrote: > >> Well, I'm not able to reproduce the issue. I've pretty much created a > >> testcase in our aegis tests that enable wss4j with username/password > >> combos > >> just like you have and send "jack&jill" and it works. > >> > >> HOWEVER, if I send " jack&jill ", the string ended up trimmed. > >> Digging > >> into that more, I did discover a bug that COULD cause what you are > >> seeing. > >> The DOM reader (when using WSS4J, the message ends up as DOM) we have > >> had two > >> issues: > >> 1) It only checked the first TEXT node. I THINK this is what you are > >> seeing. > >> Whatever parser you are using was splitting the text into multiple text > >> nodes. > >> Are you using something other than woodstox? > >> > >> 2) It was also calling trim on the resulting string. > >> > >> > >> I've gone ahead and fixed those issues and am running the tests now. > >> I'll > >> get that committed shortly (providing the tests pass). New snapshots > >> should > >> be up tomorrow (or you could checkout from SVN and build). It would be > >> great > >> if you could test those to see if your issue is fixed as well. > >> > >> Dan > >> > >> On Wed May 6 2009 10:16:56 am marcob wrote: > >>> Hi, > >>> > >>> I tested that the problem occurs if I enable WS-Security. Below the > >>> test case. > >>> > >>> Service Interface: > >>> @WebService(name = "BatchManagerService", targetNamespace = > >>> "http://www.satanet.it/kfi";) > >>> public interface IBatchManagerService { > >>> @WebResult(targetNamespace = "http://www.satanet.it/kfi";) > >>> public String echo(@WebParam(name="text") String txt); > >>> } > >>> > >>> Service implementation: > >>> @WebService(endpointInterface = > >>> "it.satanet.karthaForInvoice.commonInterfaces.batchManager.IBatchManage > >>>rSer vice", serviceName = "BatchManagerService", targetNamespace = > >>> "http://www.satanet.it/kfi";) > >>> public class BatchManagerServiceImpl implements IBatchManagerService { > >>> > >>> @Override > >>> public String echo(String txt) { > >>> System.out.println(txt); > >>> return txt; > >>> } > >>> > >>> } > >>> > >>> Service Spring cfg: > >>> <bean id="aegisDatabinding" > >>> class="org.apache.cxf.aegis.databinding.AegisDatabinding" > >>> scope="prototype" > >>> /> > >>> > >>> <bean id="myPasswordCallback" > >>> class="it.satanet.karthaForInvoice.commonInterfaces.ws_util.ServerPassw > >>>ordC allback"/> > >>> > >>> <!-- WS --> > >>> > >>> <bean id="wsService" > >>> class="it.satanet.karthaForInvoice.batchManager.service.BatchManagerSer > >>>vice Impl" /> > >>> <bean id="serviceFactory" > >>> class="org.apache.cxf.jaxws.support.JaxWsServiceFactoryBean" > >>> scope="prototype"> > >>> <property name="dataBinding" ref="aegisDatabinding" /> > >>> </bean> > >>> <jaxws:server id="wsServiceEndpoint" serviceBean="#wsService" > >>> serviceClass="it.satanet.karthaForInvoice.batchManager.service.BatchMan > >>>ager ServiceImpl" address="/ws"> > >>> <jaxws:serviceFactory> > >>> <ref bean="serviceFactory" /> > >>> </jaxws:serviceFactory> > >>> > >>> <jaxws:inInterceptors> > >>> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > >>> <constructor-arg> > >>> <map> > >>> <entry key="action" value="UsernameToken"/> > >>> <entry key="passwordType" value="PasswordText"/> > >>> <entry key="passwordCallbackRef"> > >>> <ref bean="myPasswordCallback"/> > >>> </entry> > >>> </map> > >>> </constructor-arg> > >>> </bean> > >>> </jaxws:inInterceptors> > >>> > >>> <jaxws:properties> > >>> <entry key="mtom-enabled" value="true" /> > >>> </jaxws:properties> > >>> > >>> </jaxws:server> > >>> > >>> > >>> Client (generic, but you can replace T with the service interface): > >>> @SuppressWarnings("unchecked") > >>> public T getClientProxy(Class<T> c) { > >>> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean(); > >>> > >>> // logging > >>> // factory.getInInterceptors().add(new LoggingInInterceptor()); > >>> // factory.getOutInterceptors().add(new LoggingOutInterceptor()); > >>> > >>> Map<String, Object> outProps = new HashMap<String, Object>(); > >>> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); > >>> factory.getOutInterceptors().add(wssOut); > >>> outProps.put(WSHandlerConstants.ACTION, > >>> WSHandlerConstants.USERNAME_TOKEN); > >>> // Specify our username > >>> outProps.put(WSHandlerConstants.USER, > >>> ServerPasswordCallback.WS_SECURITY_USER); > >>> // Password type : plain text > >>> outProps.put(WSHandlerConstants.PASSWORD_TYPE, > >>> WSConstants.PW_TEXT); // for hashed password use: > >>> // properties.put(WSHandlerConstants.PASSWORD_TYPE, > >>> WSConstants.PW_DIGEST); > >>> outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, > >>> ClientPasswordHandler.class.getName()); > >>> > >>> // invocation > >>> factory.setServiceClass(c); > >>> AegisDatabinding dataBinding = new AegisDatabinding(); > >>> dataBinding.setMtomEnabled(MTOM_ENABLED); > >>> dataBinding.setMtomUseXmime(MTOM_ENABLED); > >>> factory.setDataBinding(dataBinding); > >>> factory.setAddress(wsUrl); > >>> Map<String, Object> properties = factory.getProperties(); > >>> if (properties == null) { > >>> properties = new HashMap<String, Object>(); > >>> factory.setProperties(properties); > >>> } > >>> properties.put("mtom-enabled", MTOM_ENABLED); > >>> > >>> return (T) factory.create(); > >>> } > >>> > >>> By disabling WSS4J support, everything works fine. > >>> Right now, I think I can do without WSS4J but I'd like to know what > >>> goes wrong. > >>> Marco > >>> > >>> dkulp wrote: > >>> > A simple testcase for this would be great if at all possible. > >>> > > >>> > I just tested this by adding the string "john&marry" to the > >>> > testString stuff > >>> > in our type tests and it passed fine. The full string was properly > >>> > echoed > >>> > back. Thus, I'm not sure what would be going on. A test case > >>> > >>> would > >>> > >>> > definitely be useful. > >>> > > >>> > > >>> > Dan > >>> > > >>> > On Fri May 1 2009 3:38:44 am marcob wrote: > >>> >> That was my first reaction as well! > >>> >> Yes, I have CXF at both ends. I don't know if it might help, but in > >>> > >>> the > >>> > >>> >> previous post I forgot to say that my WS stack also includes a WS > >>> >> Security > >>> >> Interceptor. When I come back to the office (Monday), I'll test the > >>> > >>> same > >>> > >>> >> code without WS-Security and check whether exists a more updated > >>> > >>> version > >>> > >>> >> of > >>> >> woodstox library. > >>> >> In the meanwhile, any further suggestion is very welcome! > >>> >> Marco > >>> >> > >>> >> bimargulies wrote: > >>> >> > My first reaction is that I don't believe it. It is the woodstox > >>> > >>> code > >>> > >>> >> > that handles all of this, not us. Is the CXF on both ends? > >>> >> > > >>> >> > On Thu, Apr 30, 2009 at 12:21 PM, marcob <[email protected]> > >>> > >>> wrote: > >>> >> >> Hi, > >>> >> >> > >>> >> >> I've found this unexpected behaviour while using cxf 2.2.x + > >>> >> >> JaxWS > >>> > >>> + > >>> > >>> >> >> Aegis. > >>> >> >> If I define a method that accepts string parameters, e.g. > >>> >> >> > >>> >> >> public void echo(String text) { > >>> >> >> System.out.println(text); > >>> >> >> } > >>> >> >> > >>> >> >> and I pass a string containing the ampersand character (&), e.g. > >>> >> >> "john&lucy", the echo method only prints "john". I investigated > >>> > >>> the > >>> > >>> >> >> problem > >>> >> >> with an HTTP Monitor and it seems that at client side the string > >>> > >>> is > >>> > >>> >> >> correctly escaped (the SOAP request contains the > >>> > >>> "john&amp;lucy" > >>> > >>> >> >> text) > >>> >> >> but, at server side, the string is truncated at the & character > >>> >> >> position. > >>> >> >> > >>> >> >> From my point of view, it seems to be a bug. > >>> >> >> Any solution? > >>> >> >> Thanks > >>> >> >> Marco > >>> >> >> -- > >>> >> >> View this message in context: > >>> > >>> http://www.nabble.com/CXF-2.2.x-ampersand-issue-tp23319655p23319655.htm > >>>l > >>> > >>> >> >> Sent from the cxf-user mailing list archive at Nabble.com. > >>> > > >>> > -- > >>> > Daniel Kulp > >>> > [email protected] > >>> > http://www.dankulp.com/blog > >> > >> -- > >> Daniel Kulp > >> [email protected] > >> http://www.dankulp.com/blog -- Daniel Kulp [email protected] http://www.dankulp.com/blog
