开发者

Problems with Spring WS Streaming Attachments with Security Interceptor

I'm having problems getting Spring WS to receive a request which has a file attached and use streaming. The problem is I get the following exception whenever I try to use a security interceptor:

2011-01-11 15:10:05,132 DEBUG [org.springframework.ws.soap.server.SoapMessageDispatcher] - 
java.lang.IllegalArgumentException: Error in converting SOAP Envelope to Document
    at org.springframework.ws.soap.axiom.support.AxiomUtils.toDocument(AxiomUtils.java:135)
    at org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor.toDocument(Wss4jSecurityInterceptor.java:621)
    at org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor.validateMessage(Wss4jSecurityInterceptor.java:492)
    at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:104)
    at org.springframework.ws.server.MessageDispatcher.dispatch(MessageDispatcher.java:213)
    at org.springframework.ws.server.MessageDispatcher.receive(MessageDispatcher.java:168)
    at org.springframework.ws.transport.support.WebServiceMessageReceiverObjectSupport.handleConnection(WebServiceMessageReceiverObjectSupport.java:88)
    at org.springframework.ws.transport.http.WebServiceMessageReceiverHandlerAdapter.handle(WebServiceMessageReceiverHandlerAdapter.java:57)
    at org.springframework.ws.transport.http.MessageDispatcherServlet.doService(MessageDispatcherServlet.java:230)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
    at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:530)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:426)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:457)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:931)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.开发者_Python百科java:361)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:867)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:245)
    at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)
    at org.eclipse.jetty.server.Server.handle(Server.java:337)
    at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:581)
    at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1020)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:775)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:228)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:417)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:474)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:437)
    at java.lang.Thread.run(Thread.java:595)
Caused by: org.apache.axiom.om.OMException: java.util.NoSuchElementException
    at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:249)
    at org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:327)
    at org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:706)
    at org.springframework.ws.soap.axiom.support.AxiomUtils.toDocument(AxiomUtils.java:125)
    ... 34 more
Caused by: java.util.NoSuchElementException
    at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1083)
    at org.apache.axiom.om.impl.builder.StAXOMBuilder.parserNext(StAXOMBuilder.java:506)
    at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:161)
    ... 37 more

I am using the Axiom Message Factory:

<bean id="messageFactory" class="org.springframework.ws.soap.axiom.AxiomSoapMessageFactory">
    <property name="payloadCaching" value="false"/>
    <property name="attachmentCaching" value="true"/>
    <property name="attachmentCacheThreshold" value="1024" />
</bean>

My endpoint mapping uses the wss4jSecurityInterceptor:

<bean class="org.springframework.ws.server.endpoint.mapping.PayloadRootQNameEndpointMapping">
    <property name="mappings">
        <props>
            <prop key="{http://www.aquilauk.co.uk/hribulkupload}BulkHRRequest">hriBulkUploadEndpoint</prop>
        </props>
    </property>
     <property name="interceptors">
        <list>
            <!-- <bean class="org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor"/> -->
            <ref bean="wss4jSecurityInterceptor"/>
        </list>            
    </property>
</bean>

and my security interceptor has been set up to ensure it does not make use of the Payload:

<bean id="wss4jSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
    <property name="validationActions" value="UsernameToken" />
    <property name="validationCallbackHandler" ref="springWSS4JHandler"/>
    <property name="secureResponse" value="false"/>
    <property name="secureRequest" value="false" />
</bean> 


<bean id="acegiWSS4JHandler" 
    class="org.springframework.ws.soap.security.wss4j.callback.SpringPlainTextPasswordValidationCallbackHandler">
    <property name="authenticationManager" ref="authenticationManager"/>
</bean>

Regard, Craig


I believe that the security interceptor you have defined still consumes the payload. It just doesn't perform any security validation on it. The AxiomSoapMessageFactory.createWebServiceMesssage() method should be being called in order to create the MessageContext that is provided to the security interceptor. The security interceptor then ignores it as per the secureRequest flag.


I Found the solutions to this problem through trial and error:

The problem is the setup of the wss4jSecurityInterceptor, the lines:

<property name="secureResponse" value="false"/>
<property name="secureRequest" value="false" />

should have been:

<property name="validateRequest" value="false" />
<property name="validateResponse" value="false" />
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜