Merge branch 'main' into feature/CXF-8811

.github/workflows/codeql-analysis.yml

@@ -28,23 +28,23 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
     - name: Setup JDK 17
-      uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
+      uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
       with:
         distribution: 'temurin'
         java-version: '17'
     - name: Cache local Maven repository
-      uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+      uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
       with:
         path: ~/.m2/repository
         key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
         restore-keys: ${{ runner.os }}-maven-
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
+      uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
       with:
         languages: java
         #config-file: ./.github/codeql/codeql-cxf-config.yml
@@ -72,4 +72,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
+      uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10

.github/workflows/pull-request-build.yml

@@ -18,9 +18,9 @@ jobs:
       pull-requests: read
     timeout-minutes: 130
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.6.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3.6.0
       - name: Set up JDK 17
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
         with:
           java-version: '17'
           distribution: 'temurin'

.github/workflows/scorecards.yml

@@ -25,12 +25,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v3.0.0
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 #tag=2.3.3
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 #tag=2.4.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -49,14 +49,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # tag=v4.3.4
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # tag=v4.6.1
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c #tag=v2
+        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d #tag=v2
         with:
           sarif_file: results.sarif

Jenkinsfile

@@ -15,7 +15,7 @@ pipeline {
   stages {
     stage('Prepare') {
       agent {
-        label 'ubuntu  && !builds55 && !builds56 && !builds57 && !builds58 && !builds59 && !builds60'
+        label 'ubuntu'
       }
       stages {
         stage('Clean up') {
@@ -28,7 +28,7 @@ pipeline {
     stage('Build') {
       matrix {
         agent {
-          label 'ubuntu && !builds55 && !builds56 && !builds57 && !builds58 && !builds59 && !builds60'
+          label 'ubuntu'
         }
         axes {
           axis {
@@ -39,7 +39,7 @@ pipeline {
         stages {
           stage('JDK specific build') {
             agent {
-              label 'ubuntu && !builds55 && !builds56 && !builds57 && !builds58 && !builds59 && !builds60'
+              label 'ubuntu'
             }
             tools {
               jdk "${JAVA_VERSION}"

bom/pom.xml

@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.apache.cxf</groupId>
         <artifactId>cxf</artifactId>
-        <version>4.1.0-SNAPSHOT</version>
+        <version>4.1.1-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <artifactId>cxf-bom</artifactId>

core/pom.xml

@@ -27,7 +27,7 @@
     <parent>
         <groupId>org.apache.cxf</groupId>
         <artifactId>cxf-parent</artifactId>
-        <version>4.1.0-SNAPSHOT</version>
+        <version>4.1.1-SNAPSHOT</version>
         <relativePath>../parent/pom.xml</relativePath>
     </parent>
     <properties>
@@ -175,13 +175,18 @@
             <artifactId>saaj-impl</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.awaitility</groupId>
+            <artifactId>awaitility</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
     <build>
         <plugins>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>buildnumber-maven-plugin</artifactId>
-                <version>3.2.0</version>
+                <version>3.2.1</version>
                 <executions>
                     <execution>
                         <id>create-noncanonicalrev</id>

core/src/main/java/org/apache/cxf/common/jaxb/JAXBUtils.java

@@ -1176,18 +1176,15 @@ private static Object createEscapeHandler(Class<?> cls, String simpleClassName)
         }
         return null;
     }
+
+    @SuppressWarnings({ "deprecation", "removal" })
     public static JAXBContext createContext(final Set<Class<?>> classes,
                                             final Map<String, Object> map) throws JAXBException {
         JAXBContext ctx = null;
         try {
             ctx = AccessController.doPrivileged(new PrivilegedExceptionAction<JAXBContext>() {
                 public JAXBContext run() throws Exception {
-                    //This is a workaround for CXF-8675
-                    Class<?> factoryClass = ClassLoaderUtils.loadClass("org.glassfish.jaxb.runtime.v2.ContextFactory",
-                            JAXBContextCache.class);
-                    Method m = factoryClass.getMethod("createContext", Class[].class, Map.class);
-                    Object context = m.invoke(null, classes.toArray(new Class<?>[0]), map);
-                    return (JAXBContext) context;
+                    return JAXBContext.newInstance(classes.toArray(new Class<?>[0]), map);
                 }
             });
         } catch (PrivilegedActionException e2) {

core/src/main/java/org/apache/cxf/common/logging/LogUtils.java

@@ -98,7 +98,14 @@ public String run() {
                     // as we'll just use j.u.l and pax-logging will pick it up fine
                     // If we don't call this and there isn't a slf4j impl avail,
                     // you get warnings printed to stderr about NOPLoggers and such
-                    Class.forName("org.slf4j.impl.StaticLoggerBinder");
+                    try {
+                        // SLF4J 2.x
+                        Class.forName("org.slf4j.spi.SLF4JServiceProvider");
+                    } catch (final ClassNotFoundException ex) {
+                        // SLF4J 1.x
+                        Class.forName("org.slf4j.impl.StaticLoggerBinder");
+                    }
+
                     Class<?> cls = Class.forName("org.slf4j.LoggerFactory");
                     Class<?> fcls = cls.getMethod("getILoggerFactory").invoke(null).getClass();
                     String clsName = fcls.getName();

core/src/main/java/org/apache/cxf/common/util/PackageUtils.java

@@ -89,7 +89,7 @@ public static String getPackageNameByNameSpaceURI(String nameSpaceURI) {
         if (idx >= 0) {
             final String scheme = nameSpaceURI.substring(0, idx);
             urnScheme = "urn".equalsIgnoreCase(scheme);
-            if ("http".equalsIgnoreCase(scheme) || urnScheme) {
+            if ("http".equalsIgnoreCase(scheme) || "https".equalsIgnoreCase(scheme) || urnScheme) {
                 nameSpaceURI = nameSpaceURI.substring(idx + (urnScheme ? 1 : 3)); //
             }
         }

core/src/main/java/org/apache/cxf/configuration/jsse/SSLContextServerParameters.java

@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.configuration.jsse;
+
+import java.util.Arrays;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+
+/**
+ * Allows to supply to the HTTP Server the complete SSLContext already preconfigured.
+ */
+public class SSLContextServerParameters extends TLSServerParameters {
+    private final SSLContext sslContext;
+
+    public SSLContextServerParameters(SSLContext sslContext) {
+        this.sslContext = sslContext;
+        setSecureSocketProtocol(sslContext.getProtocol());
+        setJsseProvider(sslContext.getProvider().getName());
+        setCipherSuites(Arrays.asList(sslContext.getServerSocketFactory().getSupportedCipherSuites()));
+    }
+
+    public SSLContext getSslContext() {
+        return sslContext;
+    }
+
+    @Override
+    public TrustManager[] getTrustManagers() {
+        throw new UnsupportedOperationException("The operation is not supported by SSLContextServerParameters");
+    }
+
+    @Override
+    public KeyManager[] getKeyManagers() {
+        throw new UnsupportedOperationException("The operation is not supported by SSLContextServerParameters");
+    }
+}

core/src/main/java/org/apache/cxf/databinding/source/SourceDataBinding.java

@@ -40,6 +40,7 @@
 public class SourceDataBinding extends org.apache.cxf.databinding.AbstractDataBinding {
 
     public static final String PREFERRED_FORMAT = "source-preferred-format";
+    public static final String NOT_USE_MSV_SCHEMA_VALIDATOR = "not-use-msv-schema-validator";
 
     final Class<?> preferred;
 

core/src/main/java/org/apache/cxf/databinding/source/XMLStreamDataReader.java

@@ -52,6 +52,7 @@
 import org.apache.cxf.io.CachedOutputStream;
 import org.apache.cxf.message.Attachment;
 import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.service.model.MessagePartInfo;
 import org.apache.cxf.staxutils.DepthXMLStreamReader;
@@ -226,13 +227,16 @@ private Element validate(XMLStreamReader input) throws XMLStreamException, IOExc
 
         WoodstoxValidationImpl impl = new WoodstoxValidationImpl();
         XMLStreamWriter nullWriter = null;
-        if (impl.canValidate()) {
+        boolean notUseMsvSchemaValidator = 
+            MessageUtils.getContextualBoolean(message, SourceDataBinding.NOT_USE_MSV_SCHEMA_VALIDATOR, false);
+        if (impl.canValidate()
+            && !notUseMsvSchemaValidator) {
             nullWriter = StaxUtils.createXMLStreamWriter(new NUllOutputStream());
             impl.setupValidation(nullWriter, message.getExchange().getEndpoint(),
                                  message.getExchange().getService().getServiceInfos().get(0));
         }
         //check if the impl can still validate after the setup, possible issue loading schemas or similar
-        if (impl.canValidate()) {
+        if (impl.canValidate() && !notUseMsvSchemaValidator) {
             //Can use the MSV libs and woodstox to handle the schema validation during
             //parsing and processing.   Much faster and single traversal
             //filter xop node

core/src/main/java/org/apache/cxf/endpoint/ClientImpl.java

@@ -543,7 +543,9 @@ public void onMessage(Message message) {
                 Integer responseCode = (Integer)exchange.get(Message.RESPONSE_CODE);
                 resContext.put(MessageContext.HTTP_RESPONSE_CODE, responseCode);
                 resContext.put(org.apache.cxf.message.Message.RESPONSE_CODE, responseCode);
-                setResponseContext(resContext);
+                if (null != responseContext) {
+                    setResponseContext(resContext);
+                }
             }
             if (origLoader != null) {
                 origLoader.reset();

core/src/main/java/org/apache/cxf/interceptor/AttachmentOutInterceptor.java

@@ -119,11 +119,13 @@ public void handleMessage(Message message) {
             AttachmentSerializer ser = message.getContent(AttachmentSerializer.class);
             if (ser != null) {
                 try {
+                    message.put(Message.PARTIAL_ATTACHMENTS_MESSAGE, true);
                     String cte = (String)message.getContextualProperty(Message.CONTENT_TRANSFER_ENCODING);
                     if (cte != null) {
                         ser.setContentTransferEncoding(cte);
                     }
                     ser.writeAttachments();
+                    message.put(Message.PARTIAL_ATTACHMENTS_MESSAGE, false);
                 } catch (IOException e) {
                     throw new Fault(new org.apache.cxf.common.i18n.Message("WRITE_ATTACHMENTS", BUNDLE), e);
                 }

core/src/main/java/org/apache/cxf/interceptor/ClientFaultConverter.java

@@ -191,20 +191,55 @@ protected void processFaultDetail(Fault fault, Message msg) {
                 LogUtils.log(LOG, Level.INFO, "EXCEPTION_WHILE_CREATING_EXCEPTION", e1, e1.getMessage());
             }
         } else {
-            if (fault.getMessage() != null) {
+            Exception ex = (Exception)e; 
+            final String message = fault.getMessage();
+            if (message != null) {
                 Field f;
                 try {
                     f = Throwable.class.getDeclaredField("detailMessage");
                     ReflectionUtil.setAccessible(f);
-                    f.set(e, fault.getMessage());
+                    f.set(ex, fault.getMessage());
                 } catch (Exception e1) {
-                    //ignore
+                    if (isJdkException(ex.getClass().getPackageName())) {
+                        ex = cloneJdkException(ex, message);
+                    }
                 }
             }
-            msg.setContent(Exception.class, e);
+            msg.setContent(Exception.class, ex);
         }
     }
 
+    private static Exception cloneJdkException(Exception ex, final String message) {
+        try {
+            // Fallback, try to clone the exception instead of accessing the detailMessage 
+            // over reflection
+            Constructor<? extends Object> constructor = ReflectionUtil.getConstructor(
+                ex.getClass(), String.class, Throwable.class); /* String message, Throwable cause */
+
+            Exception clone = null;
+            if (constructor != null) {
+                clone = (Exception) constructor.newInstance(message, ex.getCause());
+            } else {
+                constructor = ReflectionUtil.getConstructor(ex.getClass(), String.class); /* String message */
+                if (constructor != null) {
+                    clone = (Exception) constructor.newInstance(message);
+                    clone.initCause(ex.getCause());
+                }
+            }
+
+            if (clone != null) {
+                clone.setStackTrace(ex.getStackTrace());
+                if (ex.getSuppressed().length > 0) {
+                    Arrays.stream(ex.getSuppressed()).forEach(clone::addSuppressed);
+                }
+                return clone;
+            }
+        } catch (Exception e2) {
+            /* nothing to do */
+        }
+        return ex;
+    }
+
     private Constructor<?> getConstructor(Class<?> faultClass, Object e) throws NoSuchMethodException {
         Class<?> beanClass = e.getClass();
         Constructor<?>[] cons = faultClass.getConstructors();
@@ -283,7 +318,7 @@ private Throwable getCause(Iterator<String> linesIterator, String firstLine) {
         Throwable res = null;
         if (firstLine.indexOf(':') != -1) {
             String cn = firstLine.substring(0, firstLine.indexOf(':')).trim();
-            if (cn.startsWith("java.lang")) {
+            if (isJdkException(cn)) {
                 try {
                     res = (Throwable)Class.forName(cn).getConstructor(String.class)
                             .newInstance(firstLine.substring(firstLine.indexOf(':') + 2));
@@ -310,6 +345,10 @@ private Throwable getCause(Iterator<String> linesIterator, String firstLine) {
         return res;
     }
 
+    private static boolean isJdkException(String pkg) {
+        return pkg.startsWith("java.lang");
+    }
+
     private static StackTraceElement parseStackTrackLine(String oneLine) {
         StringTokenizer stInner = new StringTokenizer(oneLine, "!");
         return new StackTraceElement(stInner.nextToken(), stInner.nextToken(),