[WSS-486] Streaming code does not process a (non-secured) SOAP Fault correctly - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.0.0
Component/s: None
Labels:
None

Description

The streaming code does not process a non-secured SOAP Fault correctly. I've merged some code to the PolicyEnforcer to not throw a PolicyValidationException when we are an initiator + there is no security header + there is no SOAP Fault. This allows a client to see what the actual error message is, rather than complain about an insecured response.

However, there is a bug in the SecurityHeaderInputProcessor, it throws the following exception:

Caused by: org.apache.wss4j.common.ext.WSSecurityException: Request is not a valid SOAP Message
at org.apache.wss4j.stax.impl.processor.input.SecurityHeaderInputProcessor.processNextEvent(SecurityHeaderInputProcessor.java:95)

I can only reproduce in conjunction with CXF. See the following test ("testSOAPFaultError"):

http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/PartsTest.java?view=markup

Attachments

Activity

People

Assignee:: Marc Giger

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 12/Dec/13 11:28

Updated:: 06/May/14 09:10

Resolved:: 13/Jan/14 16:41