[
https://issues.apache.org/jira/browse/CXF-6409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14550910#comment-14550910
]
Dallas Vaughan commented on CXF-6409:
-------------------------------------
Okay, instead of stack traces, here are the partial thread-dumps:
{code:title=DOM-based}
at
org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1872)
at
org.apache.xml.security.encryption.XMLCipher.decryptElement(XMLCipher.java:1743)
at
org.apache.xml.security.encryption.XMLCipher.decryptElementContent(XMLCipher.java:1781)
at
org.apache.xml.security.encryption.XMLCipher.doFinal(XMLCipher.java:1031)
at
org.apache.wss4j.dom.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:437)
at
org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRef(EncryptedKeyProcessor.java:545)
at
org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRefs(EncryptedKeyProcessor.java:480)
at
org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:230)
at
org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:69)
at
org.apache.wss4j.dom.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:427)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:278)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:190)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:133)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:116)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
- locked <0x5231> (a org.apache.cxf.phase.PhaseInterceptorChain)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
{code}
{code:title=StAX-based (decryption-thread)}
at
org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor$DecryptionThread.run(AbstractDecryptInputProcessor.java:814)
at java.lang.Thread.run(Thread.java:745)
{code}
{code:title=StAX-based (calling thread - waiting on decryption thread, I
suppose)}
at java.lang.Object.wait(Object.java:-1)
at java.io.PipedInputStream.read(PipedInputStream.java:327)
at java.io.PipedInputStream.read(PipedInputStream.java:378)
at
org.apache.xml.security.stax.impl.util.MultiInputStream.read(MultiInputStream.java:59)
at com.ctc.wstx.io.BaseReader.readBytes(BaseReader.java:155)
at com.ctc.wstx.io.UTF8Reader.loadMore(UTF8Reader.java:369)
at com.ctc.wstx.io.UTF8Reader.read(UTF8Reader.java:112)
at com.ctc.wstx.io.MergedReader.read(MergedReader.java:104)
at com.ctc.wstx.io.ReaderSource.readInto(ReaderSource.java:89)
at
com.ctc.wstx.io.BranchingReaderSource.readInto(BranchingReaderSource.java:57)
at com.ctc.wstx.sr.StreamScanner.loadMore(StreamScanner.java:1006)
at com.ctc.wstx.sr.StreamScanner.getNext(StreamScanner.java:765)
at
com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2786)
at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1115)
at
org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor.forwardToWrapperElement(AbstractDecryptInputProcessor.java:371)
at
org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor.processEvent(AbstractDecryptInputProcessor.java:291)
at
org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor.processNextHeaderEvent(AbstractDecryptInputProcessor.java:141)
at
org.apache.xml.security.stax.impl.InputProcessorChainImpl.processHeaderEvent(InputProcessorChainImpl.java:188)
at
org.apache.wss4j.stax.impl.processor.input.OperationInputProcessor.processNextHeaderEvent(OperationInputProcessor.java:51)
at
org.apache.xml.security.stax.impl.InputProcessorChainImpl.processHeaderEvent(InputProcessorChainImpl.java:188)
at
org.apache.wss4j.policy.stax.PolicyInputProcessor.processNextHeaderEvent(PolicyInputProcessor.java:64)
at
org.apache.xml.security.stax.impl.InputProcessorChainImpl.processHeaderEvent(InputProcessorChainImpl.java:188)
at
org.apache.wss4j.stax.impl.processor.input.SecurityHeaderInputProcessor$InternalSecurityHeaderBufferProcessor.processNextHeaderEvent(SecurityHeaderInputProcessor.java:244)
at
org.apache.xml.security.stax.impl.InputProcessorChainImpl.processHeaderEvent(InputProcessorChainImpl.java:188)
at
org.apache.wss4j.stax.impl.processor.input.SecurityHeaderInputProcessor.processNextEvent(SecurityHeaderInputProcessor.java:86)
at
org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:193)
at
org.apache.xml.security.stax.impl.XMLSecurityStreamReader.next(XMLSecurityStreamReader.java:78)
at
org.apache.wss4j.stax.impl.WSSecurityStreamReader.next(WSSecurityStreamReader.java:45)
at
org.apache.xml.security.stax.impl.XMLSecurityStreamReader.getEventType(XMLSecurityStreamReader.java:395)
at
org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:161)
at
org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:65)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
- locked <0x66e2> (a org.apache.cxf.phase.PhaseInterceptorChain)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
{code}
> CXF web service cannot process MTOM/XOP-optimized content within a
> CipherValue element
> --------------------------------------------------------------------------------------
>
> Key: CXF-6409
> URL: https://issues.apache.org/jira/browse/CXF-6409
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 3.0.4
> Reporter: Dallas Vaughan
> Assignee: Colm O hEigeartaigh
>
> When a CXF (WS-Security streaming-enabled) web service endpoint is configured
> to use WS-Security and MTOM, CXF cannot handle requests from .NET and Metro
> clients because it cannot process {{xop:Include}} elements that are children
> of {{enc:CipherValue}} elements, as both of these clients will optimize any
> large encrypted (base64-encoded binary) content by serializing it as a MIME
> part.
> For example, when a Metro MTOM-optimized WS-Security-based request is sent to
> a CXF endpoint, the following exception is thrown within
> {{org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor$DecryptionThread.run()}}:
> {code}org.apache.xml.security.exceptions.XMLSecurityException: Unexpected
> StAX-Event: START_ELEMENT{code}
> This makes it impossible for .NET and Metro clients to communicate with CXF
> endpoints which have the MTOM and encryption policies specified.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
