THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Note when the attachments are accessed by the receiving application code, the read process will fail to complete if the validation fails. For example, if the application code copies a given part's InputStream to the disk then this copy operation will fail. For example:
| Code Block | ||
|---|---|---|
| ||
@POST
@Path("/books")
@Consumes("multipart/related")
public void uploadBookMultipart(@Multipart(type = "application/xml") Book book) {
// This method will not be even invoked if the data signature verification fails
// causing the construction of Book bean to fail
}
POST
@Path("/pdf")
@Consumes("multipart/related")
public void uploadStreamMultipart(@Multipart(type = "application/pdf") InputStream is) {
OutputStream os = getTargetOutputStream();
// This copy operation will fail
IOUtils.copy(is, os);
}
|
However, if the receiver starts acting immediately on the attachment's InputStream, for example, the attachment data returned from the service to the client are streamed to a UI display which can activate a script then it is important that a 'bufferPayload' property is enabled on either JwsMultipartContainerRequestFilter or JwsMultipartClientResponseFilter. It will ensure that the data streams are validated first before the application gets an access to them.
Here is the an example showing how a Book object (represented as an XML attachment on the wire) can be secured.
...
| Code Block |
|---|
@Path("/bookstore")
public class BookStore {
@POST
@Path("/books")
@Produces("multipart/related")
@Consumes("multipart/related")
@Multipart(type = "application/xml")
public Book echoBookMultipart(@Multipart(type = "application/xml") Book book) {
// This method will not be even invoked if the returndata signature verification fails
return book;
}
} |
and server configuration:
...