Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-7691

Can't add multiple instances of the same security interceptor to the same interceptor chain

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2.4
    • Fix Version/s: 3.1.16, 3.2.5
    • Component/s: WS-* Components
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      We consume a webservice that requires setting multiple <wss:Security> headers with different actors. I tried to add two WSS4JOutInterceptor instances, but only one of them actually added the header. I also tried to add two WSS4JStaxOutInterceptor instances, but that threw an exception:

      java.lang.IllegalArgumentException: null is not supported as output
      	at org.apache.wss4j.stax.setup.OutboundWSSec.processOutMessage(OutboundWSSec.java:218)
      	at org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor.handleMessage(WSS4JStaxOutInterceptor.java:169)
      	at org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor.handleMessage(WSS4JStaxOutInterceptor.java:61)
      	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
      	at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:533)
      	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:442)
      	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:343)
      	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:296)
      	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
      	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
      	at com.sun.proxy.$Proxy79.doubleIt(Unknown Source)
      	at org.apache.cxf.systest.ws.action.ActionTest.testMultipleActorsStAX(ActionTest.java:710)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
      	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
      	at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
      	at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
      	at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
      	at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
      	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
      	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
      	at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
      	at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
      	at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
      	at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
      	at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
      	at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
      	at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
      	at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
      	at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
      	at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
      	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:538)
      	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:760)
      	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:460)
      	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:206)
      
      

      The only thing that worked was adding one WSS4JOutInterceptor and one WSS4JStaxOutInterceptor, but that feels like a hack.

      I wrote three tests here, one passing (testMultipleActorsMixed) and two failing (testMultipleActors, testMultipleActorsStAX) to show the issue. Unfortunately, I'm not familiar enough with the innards of CXF to fix the issue.

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              imgx64 Ibrahim M. Ghazal
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: