[jira] [Commented] (CXF-7927) CXF accepts a SOAP message with two bodies

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Commented] (CXF-7927) CXF accepts a SOAP message with two bodies

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/CXF-7927?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16737933#comment-16737933 ]

Freeman Fang commented on CXF-7927:

Don't think CXF would do this check.
By default CXF use stream way to read the message and process it, which means read whole message before hand and check it has negative impact to the performance.

If you really care about the two "body" sections issue, you can add a customer in interceptor to check it. The interceptor would be like
public class SoapBodyCheckInterceptor extends AbstractPhaseInterceptor<Message> {

    public SoapBodyCheckInterceptor() {

    public void handleMessage(Message message) throws Fault {
        InputStream is = message.getContent(InputStream.class);
        if (is != null) {
            CachedOutputStream bos = new CachedOutputStream();
            try {
                IOUtils.copy(is, bos);

                message.setContent(InputStream.class, bos.getInputStream());
                String soapMessage = new String(bos.getBytes());// or you can use DOM stuff here
                if (soapMessage has two bodys) {
                    reject the message with a SOAP Fault
            } catch (IOException e) {
                throw new Fault(e);


> CXF accepts a SOAP message with two bodies
> ------------------------------------------
>                 Key: CXF-7927
>                 URL: https://issues.apache.org/jira/browse/CXF-7927
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 3.1.6
>            Reporter: zarhane adil
>            Priority: Minor
> Send a SOAP request having two "body" sections.
> The first body is processed and the second is ignored.
> Expected behavior : reject the message with a SOAP Fault

This message was sent by Atlassian JIRA