apache
CXF-8706: CXF MTOM handler allow content injection
I don't think this is the "right" fix for this. The Soap w/ Attachement spec allows for http URL's for the cid and actually shows that use in the examples ( https://www.w3.org/TR/SOAP-attachments/ ). Thus, I think the better fix would be to pass a flag into LazyDataSource to allow flipping to URLDataSource if the CID isn't present as a direct attachment.
Thus, I think the better fix would be to pass a flag into LazyDataSource to allow flipping to URLDataSource if the CID isn't present as a direct attachment.
@dkulp thanks, I think I got your idea, but it solves a bit different problem: it does not help with the original issue, namely to limit href scheme cid: usage for xop:include, unless I am missing something ...
The main issue is that SOAP w/ Attachments doesn't have that limitation. Thus, applying that limitation in AttachmentUtils is not the right place unless an extra flag is passed in to enable/disable the check and that's just set for the xop cases.
The main issue is that SOAP w/ Attachments doesn't have that limitation. Thus, applying that limitation in AttachmentUtils is not the right place unless an extra flag is passed in to enable/disable the check and that's just set for the xop cases.
Exactly, I am looking at how to distinguish xop / non-xop cases, this information is "lost" when MTOM decorator calls AttachmentUnmarshaller::getAttachmentAsDataHandler (if you have something in mind, please share), thanks!
@dkulp relied on isXOPPackage() flag of the AttachmentUnmarshaller to distinguish xop / non-xop cases, what do you think of it? Thank you!