[jboss-dev-forums] [JBoss Web Services Development] - Re: SOAP Message validation now enabled by default?
Alessio Soldano
do-not-reply at jboss.com
Mon Oct 1 04:41:52 EDT 2012
Alessio Soldano [https://community.jboss.org/people/asoldano] created the discussion
"Re: SOAP Message validation now enabled by default?"
To view the discussion, visit: https://community.jboss.org/message/762441#762441
--------------------------------------------------------------
Apache CXF 2.4.9 is more strict in terms of message validations for security reasons. This is also required to deal with the vulnerability mentioned at http://cxf.apache.org/cve-2012-3451.html http://cxf.apache.org/cve-2012-3451.html .
Unfortunately, the only real solution here is fixing the wrong message. As a workaround, though, you might want to try setting the Apache CXF +soap.no.validate.parts+ property to true in the message context. Unfortunately, on server side that's not easily done in an effective way withouth introducing a dependency to apache cxf api; you should try adding + at org.apache.cxf.annotations.EndpointProperty(key = "soap.no.validate.parts", value = "true")+ to your endpoint impl class.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/762441#762441]
Start a new discussion in JBoss Web Services Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2047]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20121001/fde1440b/attachment.html
More information about the jboss-dev-forums
mailing list