[prev in list] [next in list] [prev in thread] [next in thread]
List: woden-dev
Subject: [jira] [Updated] (WSS-486) Streaming code does not process a (non-secured) SOAP Fault correctly
From: "Colm O hEigeartaigh (JIRA)" <jira () apache ! org>
Date: 2013-12-12 13:04:07
Message-ID: JIRA.12684207.1386847691461.23689.1386853447314 () arcas
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/WSS-486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
Colm O hEigeartaigh updated WSS-486:
------------------------------------
Description:
The streaming code does not process a non-secured SOAP Fault correctly. I've merged \
some code to the PolicyEnforcer to not throw a PolicyValidationException when we are \
an initiator + there is no security header + there is no SOAP Fault. This allows a \
client to see what the actual error message is, rather than complain about an \
insecured response.
However, there is a bug in the SecurityHeaderInputProcessor, it throws the following \
exception:
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Request is not a valid \
SOAP Message
at org.apache.wss4j.stax.impl.processor.input.SecurityHeaderInputProcessor.processNextEvent(SecurityHeaderInputProcessor.java:95)
I can only reproduce in conjunction with CXF. See the following test \
("testSOAPFaultError"):
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/PartsTest.java?view=markup
was:
The streaming code does not process a non-secured SOAP Fault correctly. I've merged \
some code to the PolicyEnforcer to not throw a PolicyValidationException when we are \
an initiator + there is no security header + there is no SOAP Fault. This allows a \
client to see what the actual error message is, rather than complain about an \
insecured response.
However, there is a bug in the SecurityHeaderInputProcessor, it throws the following \
exception:
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Request is not a valid \
SOAP Message
at org.apache.wss4j.stax.impl.processor.input.SecurityHeaderInputProcessor.processNextEvent(SecurityHeaderInputProcessor.java:95)
I can only reproduce in conjunction with CXF. See the following test:
> Streaming code does not process a (non-secured) SOAP Fault correctly
> --------------------------------------------------------------------
>
> Key: WSS-486
> URL: https://issues.apache.org/jira/browse/WSS-486
> Project: WSS4J
> Issue Type: Bug
> Reporter: Colm O hEigeartaigh
> Assignee: Marc Giger
> Fix For: 2.0
>
>
> The streaming code does not process a non-secured SOAP Fault correctly. I've merged \
> some code to the PolicyEnforcer to not throw a PolicyValidationException when we \
> are an initiator + there is no security header + there is no SOAP Fault. This \
> allows a client to see what the actual error message is, rather than complain about \
> an insecured response. However, there is a bug in the SecurityHeaderInputProcessor, \
> it throws the following exception: Caused by: \
> org.apache.wss4j.common.ext.WSSecurityException: Request is not a valid SOAP \
> Message at org.apache.wss4j.stax.impl.processor.input.SecurityHeaderInputProcessor.processNextEvent(SecurityHeaderInputProcessor.java:95)
> I can only reproduce in conjunction with CXF. See the following test \
> ("testSOAPFaultError"): \
> http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/PartsTest.java?view=markup
>
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic