[
https://issues.jboss.org/browse/JBESB-3906?page=com.atlassian.jira.plugin...
]
RH Bugzilla Integration commented on JBESB-3906:
------------------------------------------------
Tadayoshi Sato <tasato(a)redhat.com> made a comment on [bug
947862|https://bugzilla.redhat.com/show_bug.cgi?id=947862]
Hi Rick,
No, this regression is by no means caused by BZ902156. The error [1] reproduced by comment
13 of BZ915386 indicates it stems from the invoked web service not SOAPClient. And I
confirmed in my environment that if all BZ915386 patches but CXF upgrade is applied the
error doesn't happen. I believe the root cause should be found in the following BZs:
- [BZ-858926] [CVE-2012-3451] jbossws-cxf, apache-cxf: SOAPAction spoofing on document
literal web services
- [BZ-896338] [CVE-2012-5633] jbossws-cxf, apache-cxf: Bypass of security constraints on
WS endpoints
I also doubt that this is a regression of JBoss ESB or SOA-P as no behaviours in JBoss ESB
seem to change; what's changed is JBoss WS. So, should we close this BZ and chase it
as a JBoss WS regression instead?
Thank you!
[1]
15:33:39,174 WARNING [PhaseInterceptorChain] Interceptor for
{http://webservice_consumer1/helloworld}HelloWorldWSService#{http://webservice_consumer1/helloworld}sayHello
has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: The given SOAPAction sayHello does not match an
operation.
at
org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor$SoapActionInAttemptTwoInterceptor.handleMessage(SoapActionInInterceptor.java:192)
at
org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor$SoapActionInAttemptTwoInterceptor.handleMessage(SoapActionInInterceptor.java:164)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:111)
at
org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:431)
at org.jboss.wsf.stack.cxf.ServletControllerExt.invoke(ServletControllerExt.java:173)
at
org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:61)
at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:185)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)
at
org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at
org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74)
at
org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451)
at java.lang.Thread.run(Thread.java:722)
Backport JBESB-3898 to JBESB_4_11_CP2 branch
--------------------------------------------
Key: JBESB-3906
URL:
https://issues.jboss.org/browse/JBESB-3906
Project: JBoss ESB
Issue Type: Task
Security Level: Public(Everyone can see)
Components: Web Services
Affects Versions: 4.11
Reporter: Tadayoshi Sato
Assignee: Tadayoshi Sato
Fix For: 4.11 CP3
Backport JBESB-3898 (EBWS on CXF fails to handle WS-Security header with
soap:mustUnderstand="1") to JBESB_4_11_CP2 branch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:
http://www.atlassian.com/software/jira