Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-892

SOAP call not rejected when an interceptor fails

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Complete
    • Affects Version/s: 2.2.0.RELEASE
    • Fix Version/s: 2.2.1
    • Component/s: Core
    • Labels:
      None

      Description

      During a SOAP call, in case a ClientInterceptor returns false (meaning it did not manage to do its job), the call is not rejected. The WebServiceTemplate class iterates through the ClientInterceptors, and if one returns false, it simply stops calling the next interceptors, but executes the SOAP call itself.

      In my opinion this can lead to a security hole. If the WSS interceptor does not manage to encrypt the message body, the call is not rejected, but sensitive data goes to the wire.

        Issue Links

          Activity

          ibrencsics Ivan Brencsics created issue -
          arjen.poutsma Arjen Poutsma made changes -
          Field Original Value New Value
          Assignee Arjen Poutsma [ arjen.poutsma ]
          arjen.poutsma Arjen Poutsma made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Fix Version/s 2.2.1 [ 14639 ]
          Resolution Fixed [ 1 ]
          gregturn Greg Turnquist made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          gregturn Greg Turnquist made changes -
          Resolution Fixed [ 1 ]
          Status Closed [ 6 ] Reopened [ 4 ]
          gregturn Greg Turnquist made changes -
          Status Reopened [ 4 ] Resolved [ 5 ]
          Resolution Complete [ 8 ]
          gregturn Greg Turnquist made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          gregturn Greg Turnquist made changes -
          Link This issue is related to SWS-900 [ SWS-900 ]

            People

            • Assignee:
              arjen.poutsma Arjen Poutsma
              Reporter:
              ibrencsics Ivan Brencsics
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: