Alessio Soldano [
https://community.jboss.org/people/asoldano] created the discussion
"Re: SOAP Message validation now enabled by default?"
To view the discussion, visit:
https://community.jboss.org/message/762441#762441
--------------------------------------------------------------
Apache CXF 2.4.9 is more strict in terms of message validations for security reasons. This
is also required to deal with the vulnerability mentioned at
http://cxf.apache.org/cve-2012-3451.html http://cxf.apache.org/cve-2012-3451.html .
Unfortunately, the only real solution here is fixing the wrong message. As a workaround,
though, you might want to try setting the Apache CXF +soap.no.validate.parts+ property to
true in the message context. Unfortunately, on server side that's not easily done in
an effective way withouth introducing a dependency to apache cxf api; you should try
adding +(a)org.apache.cxf.annotations.EndpointProperty(key =
"soap.no.validate.parts", value = "true")+ to your endpoint impl
class.
--------------------------------------------------------------
Reply to this message by going to Community
[
https://community.jboss.org/message/762441#762441]
Start a new discussion in JBoss Web Services Development at Community
[
https://community.jboss.org/choose-container!input.jspa?contentType=1&...]