[CXF-8010] Avoid applying the SAAJInInterceptor to unsecured messages when using WS-SecurityPolicy - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.3.2
Component/s: None
Labels:
None

Estimated Complexity:
Unknown

Description

It's possible to have a scenario where certain operations are secured using a WS-SecurityPolicy, and some are not secured at all. Up til now, the WSS4JInInterceptor will convert all messages to DOM form for WS-Security processing, using the SAAJInInterceptor.

With this fix, if a message does not contain a security header, it will not be converted using the SAAJInIntereptor. Instead the policies are evaluated against an empty set. This should result in a performance boost for the insecured message case. Note that this only applies when using WS-SecurityPolicy, and not using the plain WSS4JInInterceptor with "action" configuration.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 03/Apr/19 13:26

Updated:: 13/May/19 18:08

Resolved:: 03/Apr/19 14:31