Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8010

Avoid applying the SAAJInInterceptor to unsecured messages when using WS-SecurityPolicy

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.3.2
    • Component/s: None
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      It's possible to have a scenario where certain operations are secured using a WS-SecurityPolicy, and some are not secured at all. Up til now, the WSS4JInInterceptor will convert all messages to DOM form for WS-Security processing, using the SAAJInInterceptor.

      With this fix, if a message does not contain a security header, it will not be converted using the SAAJInIntereptor. Instead the policies are evaluated against an empty set. This should result in a performance boost for the insecured message case. Note that this only applies when using WS-SecurityPolicy, and not using the plain WSS4JInInterceptor with "action" configuration.

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              coheigea Colm O hEigeartaigh
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: