[jira] [Commented] (CXF-6409) CXF web service cannot process MTOM/XOP-optimized content within a CipherValue element

Fri, 22 May 2015 07:41:44 -0700 

    [ 
https://issues.apache.org/jira/browse/CXF-6409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14556243#comment-14556243
 ] 

Colm O hEigeartaigh commented on CXF-6409:
------------------------------------------


Thanks for information. Ok I've added some initial support for processing 
CipherValue Elements containing xop:Include in the DOM code only in WSS4J 
2.1.1-SNAPSHOT and 2.0.5-SNAPSHOT. Could you grab the latest code (easiest to 
build the relevant branch yourself), and run the test again? I expect it to 
fail as I haven't added support for it in BinarySecurityToken Elements yet. I'm 
not entirely sure if I'm doing the right thing in terms of decryption, so it'd 
be helpful to know where the processing fails.

Colm.

> CXF web service cannot process MTOM/XOP-optimized content within a 
> CipherValue element
> --------------------------------------------------------------------------------------
>
>                 Key: CXF-6409
>                 URL: https://issues.apache.org/jira/browse/CXF-6409
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 3.0.4
>            Reporter: Dallas Vaughan
>            Assignee: Colm O hEigeartaigh
>
> When a CXF (WS-Security streaming-enabled) web service endpoint is configured 
> to use WS-Security and MTOM, CXF cannot handle requests from .NET and Metro 
> clients because it cannot process {{xop:Include}} elements that are children 
> of {{enc:CipherValue}} elements, as both of these clients will optimize any 
> large encrypted (base64-encoded binary) content by serializing it as a MIME 
> part.
> For example, when a Metro MTOM-optimized WS-Security-based request is sent to 
> a CXF endpoint, the following exception is thrown within 
> {{org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor$DecryptionThread.run()}}:
> {code}org.apache.xml.security.exceptions.XMLSecurityException: Unexpected 
> StAX-Event: START_ELEMENT{code}
> This makes it impossible for .NET and Metro clients to communicate with CXF 
> endpoints which have the MTOM and encryption policies specified.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to