Problems with Spring WS Streaming Attachments with Security Interceptor

StackOverflow https://stackoverflow.com/questions/4659246

سؤال

I'm having problems getting Spring WS to receive a request which has a file attached and use streaming. The problem is I get the following exception whenever I try to use a security interceptor:

2011-01-11 15:10:05,132 DEBUG [org.springframework.ws.soap.server.SoapMessageDispatcher] - 
java.lang.IllegalArgumentException: Error in converting SOAP Envelope to Document
    at org.springframework.ws.soap.axiom.support.AxiomUtils.toDocument(AxiomUtils.java:135)
    at org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor.toDocument(Wss4jSecurityInterceptor.java:621)
    at org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor.validateMessage(Wss4jSecurityInterceptor.java:492)
    at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:104)
    at org.springframework.ws.server.MessageDispatcher.dispatch(MessageDispatcher.java:213)
    at org.springframework.ws.server.MessageDispatcher.receive(MessageDispatcher.java:168)
    at org.springframework.ws.transport.support.WebServiceMessageReceiverObjectSupport.handleConnection(WebServiceMessageReceiverObjectSupport.java:88)
    at org.springframework.ws.transport.http.WebServiceMessageReceiverHandlerAdapter.handle(WebServiceMessageReceiverHandlerAdapter.java:57)
    at org.springframework.ws.transport.http.MessageDispatcherServlet.doService(MessageDispatcherServlet.java:230)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
    at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:530)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:426)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:457)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:931)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:361)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:867)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:245)
    at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)
    at org.eclipse.jetty.server.Server.handle(Server.java:337)
    at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:581)
    at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1020)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:775)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:228)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:417)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:474)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:437)
    at java.lang.Thread.run(Thread.java:595)
Caused by: org.apache.axiom.om.OMException: java.util.NoSuchElementException
    at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:249)
    at org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:327)
    at org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:706)
    at org.springframework.ws.soap.axiom.support.AxiomUtils.toDocument(AxiomUtils.java:125)
    ... 34 more
Caused by: java.util.NoSuchElementException
    at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1083)
    at org.apache.axiom.om.impl.builder.StAXOMBuilder.parserNext(StAXOMBuilder.java:506)
    at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:161)
    ... 37 more

I am using the Axiom Message Factory:

<bean id="messageFactory" class="org.springframework.ws.soap.axiom.AxiomSoapMessageFactory">
    <property name="payloadCaching" value="false"/>
    <property name="attachmentCaching" value="true"/>
    <property name="attachmentCacheThreshold" value="1024" />
</bean>

My endpoint mapping uses the wss4jSecurityInterceptor:

<bean class="org.springframework.ws.server.endpoint.mapping.PayloadRootQNameEndpointMapping">
    <property name="mappings">
        <props>
            <prop key="{http://www.aquilauk.co.uk/hribulkupload}BulkHRRequest">hriBulkUploadEndpoint</prop>
        </props>
    </property>
     <property name="interceptors">
        <list>
            <!-- <bean class="org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor"/> -->
            <ref bean="wss4jSecurityInterceptor"/>
        </list>            
    </property>
</bean>

and my security interceptor has been set up to ensure it does not make use of the Payload:

<bean id="wss4jSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
    <property name="validationActions" value="UsernameToken" />
    <property name="validationCallbackHandler" ref="springWSS4JHandler"/>
    <property name="secureResponse" value="false"/>
    <property name="secureRequest" value="false" />
</bean> 


<bean id="acegiWSS4JHandler" 
    class="org.springframework.ws.soap.security.wss4j.callback.SpringPlainTextPasswordValidationCallbackHandler">
    <property name="authenticationManager" ref="authenticationManager"/>
</bean>

Regard, Craig

هل كانت مفيدة؟

المحلول 2

I Found the solutions to this problem through trial and error:

The problem is the setup of the wss4jSecurityInterceptor, the lines:

<property name="secureResponse" value="false"/>
<property name="secureRequest" value="false" />

should have been:

<property name="validateRequest" value="false" />
<property name="validateResponse" value="false" />

نصائح أخرى

I believe that the security interceptor you have defined still consumes the payload. It just doesn't perform any security validation on it. The AxiomSoapMessageFactory.createWebServiceMesssage() method should be being called in order to create the MessageContext that is provided to the security interceptor. The security interceptor then ignores it as per the secureRequest flag.

مرخصة بموجب: CC-BY-SA مع الإسناد
لا تنتمي إلى StackOverflow
scroll top