axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Davanum Srinivas" <dava...@gmail.com>
Subject Re: svn commit: r682470 - in /webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2: description/ transport/http/ transport/jms/ transport/nhttp/
Date Thu, 07 Aug 2008 05:48:09 GMT
Keith,

Do you consider this in scope for a security problem oriented 1.4.1 release?

-- dims

On Thu, Aug 7, 2008 at 12:56 AM, keith chapman <keithgchapman@gmail.com> wrote:
> Here is the reason for adding the trailing "/"
>
> When a WSDL has a httpLocation that is resolved against the base URI, so
> lets assume a bindingOperation has whttp:laction="foo/{bar} and that this is
> exposed over 3 endpoints, SOAP 11 SOAP 12 and HTTP.
> for the SOAP 11 endpoint  the address would be
> http://localhost:8080/axis2/services/fooService.SOAP11Endpoint/
> for the SOAP 11 endpoint  the address would be
> http://localhost:8080/axis2/services/fooService.SOAP12Endpoint/
> for the SOAP 11 endpoint  the address would be
> http://localhost:8080/axis2/services/fooService.HTTPEndpoint/
>
> Now the above works perfectly only if the trailing "/" is there. If its
> absent when http://localhost:8080/axis2/services/fooService.SOAP11Endpoint/
> is resolved agaist foo/{bar} the result would be
> http://localhost:8080/axis2/services/foo/{bar} which is incorrect.
>
> So that is the reason for having the trailing "/"
>
> Now the second point. Why did I remove it ;).
>
> Previously the trailing "/" was added in the AxisEndpoint class where the
> epr was calculated. This leads to undesirable issues when other transports
> are used. For e.g when JMS was used the endpoint address was
> jms:/fooService?transport.jms.ConnectionFactoryJNDIName=QueueConnectionFactory&java.naming.factory.initial=org.apache.activemq.jndi.ActiveMQInitialContextFactory&java.naming.provider.url=tcp://localhost:61616/
>
> If the dynamic mode of service client was used to write a client for this it
> would fail with a numberFormatException. All because of the trailing "/".
>
> The trailing "/" is needed only for the HTTP case. So it should be the duty
> of the httpListeners to add this trailing "/". This was the rationale for
> getting rid of this logic from the AxisEndpoint class and adding it to the
> http listeners.
>
> Thanks,
> Keith.
>
> On Wed, Aug 6, 2008 at 10:44 PM, Davanum Srinivas <davanum@gmail.com> wrote:
>>
>> Sorry! had to ask! and is this a security issue? Why is it even being
>> considered?
>>
>> -- dims
>>
>> On Wed, Aug 6, 2008 at 1:06 PM, Saminda Abeyruwan <samindaa@gmail.com>
>> wrote:
>> > Is there any particular reason to add the tailing "/".
>> >
>> > Saminda
>> >
>> > On Wed, Aug 6, 2008 at 8:35 AM, Amila Suriarachchi
>> > <amilasuriarachchi@gmail.com> wrote:
>> >>
>> >> hi keith,
>> >>
>> >> is there any reason to remove the ending "/".
>> >> IMHO we should not remove this if there is no problem with that.
>> >> Because
>> >> someone may have written a code
>> >> by considering that "/"
>> >>
>> >> thanks,
>> >> Amila.
>> >>
>> >> On Tue, Aug 5, 2008 at 12:49 AM, <keithc@apache.org> wrote:
>> >>>
>> >>> Author: keithc
>> >>> Date: Mon Aug  4 12:19:15 2008
>> >>> New Revision: 682470
>> >>>
>> >>> URL: http://svn.apache.org/viewvc?rev=682470&view=rev
>> >>> Log:
>> >>> Applying patch given by amila to Axis2-3961. Also getting rid of the
>> >>> trailing / added in axisEndpoint and adding it in the http related
>> >>> listeners
>> >>>
>> >>> Modified:
>> >>>
>> >>>
>> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>> >>>
>> >>>
>> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>> >>>
>> >>>
>> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>> >>>
>> >>>
>> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>> >>>
>> >>>
>> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>> >>>
>> >>>
>> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>> >>>
>> >>> Modified:
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>> >>> URL:
>> >>>
>> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java?rev=682470&r1=682469&r2=682470&view=diff
>> >>>
>> >>>
>> >>> ==============================================================================
>> >>> ---
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>> >>> (original)
>> >>> +++
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>> >>> Mon Aug  4 12:19:15 2008
>> >>> @@ -194,7 +194,7 @@
>> >>>
>> >>>  .getEPRsForService(sDOTe, ip);
>> >>>                                        // we consider only the first
>> >>> address return by the listener
>> >>>                                        if (eprsForService != null &&
>> >>> eprsForService.length > 0) {
>> >>> -                                               return
>> >>> eprsForService[0].getAddress()  + "/";
>> >>> +                                               return
>> >>> eprsForService[0].getAddress();
>> >>>                                        }
>> >>>                                } catch (SocketException e) {
>> >>>                                        logger.warn(e.getMessage(), e);
>> >>>
>> >>> Modified:
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>> >>> URL:
>> >>>
>> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java?rev=682470&r1=682469&r2=682470&view=diff
>> >>>
>> >>>
>> >>> ==============================================================================
>> >>> ---
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>> >>> (original)
>> >>> +++
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>> >>> Mon Aug  4 12:19:15 2008
>> >>> @@ -590,7 +590,7 @@
>> >>>             endpointRefernce = endpointRefernce + '/' +
>> >>>                     configContext.getServiceContextPath() + "/" +
>> >>> serviceName;
>> >>>         }
>> >>> -        EndpointReference endpoint = new
>> >>> EndpointReference(endpointRefernce);
>> >>> +        EndpointReference endpoint = new
>> >>> EndpointReference(endpointRefernce + "/");
>> >>>
>> >>>         return new EndpointReference[]{endpoint};
>> >>>     }
>> >>>
>> >>> Modified:
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>> >>> URL:
>> >>>
>> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java?rev=682470&r1=682469&r2=682470&view=diff
>> >>>
>> >>>
>> >>> ==============================================================================
>> >>> ---
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>> >>> (original)
>> >>> +++
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>> >>> Mon Aug  4 12:19:15 2008
>> >>> @@ -71,7 +71,7 @@
>> >>>         if(path.charAt(0)!='/'){
>> >>>             path = '/' + path;
>> >>>         }
>> >>> -        return new EndpointReference[]{new EndpointReference(schema
+
>> >>> "://" + ip + ":" + port + path )};
>> >>> +        return new EndpointReference[]{new EndpointReference(schema
+
>> >>> "://" + ip + ":" + port + path + "/" )};
>> >>>     }
>> >>>
>> >>>     public EndpointReference getEPRForService(String serviceName,
>> >>> String
>> >>> ip) throws AxisFault {
>> >>>
>> >>> Modified:
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>> >>> URL:
>> >>>
>> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java?rev=682470&r1=682469&r2=682470&view=diff
>> >>>
>> >>>
>> >>> ==============================================================================
>> >>> ---
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>> >>> (original)
>> >>> +++
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>> >>> Mon Aug  4 12:19:15 2008
>> >>> @@ -262,7 +262,7 @@
>> >>>                     endpointRefernce = endpointRefernce + '/' +
>> >>>
>> >>> configurationContext.getServiceContextPath()
>> >>> + "/" + serviceName;
>> >>>                 }
>> >>> -                return new EndpointReference[]{new
>> >>> EndpointReference(endpointRefernce)};
>> >>> +                return new EndpointReference[]{new
>> >>> EndpointReference(endpointRefernce + "/")};
>> >>>             } else {
>> >>>                 throw new AxisFault("Unable to generate EPR for the
>> >>> transport : http");
>> >>>             }
>> >>> @@ -296,7 +296,7 @@
>> >>>             }
>> >>>
>> >>>
>> >>> -            return new EndpointReference[]{new
>> >>> EndpointReference(endpointRefernce)};
>> >>> +            return new EndpointReference[]{new
>> >>> EndpointReference(endpointRefernce + "/")};
>> >>>         } else {
>> >>>             throw new AxisFault("Unable to generate EPR for the
>> >>> transport
>> >>> : http");
>> >>>         }
>> >>>
>> >>> Modified:
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>> >>> URL:
>> >>>
>> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java?rev=682470&r1=682469&r2=682470&view=diff
>> >>>
>> >>>
>> >>> ==============================================================================
>> >>> ---
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>> >>> (original)
>> >>> +++
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>> >>> Mon Aug  4 12:19:15 2008
>> >>> @@ -350,8 +350,15 @@
>> >>>         if (serviceName.indexOf('/') != -1) {
>> >>>             serviceName = serviceName.substring(0,
>> >>> serviceName.indexOf('/'));
>> >>>         }
>> >>> -        return new EndpointReference[]{
>> >>> -                new EndpointReference((String)
>> >>> serviceNameToEprMap.get(serviceName))};
>> >>> +
>> >>> +        String endpointName = (String)
>> >>> serviceNameToEprMap.get(serviceName);
>> >>> +        if (endpointName == null){
>> >>> +            if (serviceName.indexOf(".") != -1){
>> >>> +                serviceName = serviceName.substring(0,
>> >>> serviceName.indexOf("."));
>> >>> +                endpointName = (String)
>> >>> serviceNameToEprMap.get(serviceName);
>> >>> +            }
>> >>> +        }
>> >>> +        return new EndpointReference[]{new
>> >>> EndpointReference(endpointName)};
>> >>>     }
>> >>>
>> >>>     /**
>> >>>
>> >>> Modified:
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>> >>> URL:
>> >>>
>> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java?rev=682470&r1=682469&r2=682470&view=diff
>> >>>
>> >>>
>> >>> ==============================================================================
>> >>> ---
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>> >>> (original)
>> >>> +++
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>> >>> Mon Aug  4 12:19:15 2008
>> >>> @@ -222,7 +222,7 @@
>> >>>      * Return the EPR for the given service (implements deprecated
>> >>> method
>> >>> temporarily)
>> >>>      */
>> >>>     public EndpointReference getEPRForService(String serviceName,
>> >>> String
>> >>> ip) throws AxisFault {
>> >>> -        return new EndpointReference(serviceEPRPrefix + serviceName);
>> >>> +        return new EndpointReference(serviceEPRPrefix + serviceName
+
>> >>> "/");
>> >>>     }
>> >>>
>> >>>     /**
>> >>> @@ -234,7 +234,7 @@
>> >>>      */
>> >>>     public EndpointReference[] getEPRsForService(String serviceName,
>> >>> String ip) throws AxisFault {
>> >>>         EndpointReference[] endpointReferences = new
>> >>> EndpointReference[1];
>> >>> -        endpointReferences[0] = new
>> >>> EndpointReference(serviceEPRPrefix +
>> >>> serviceName);
>> >>> +        endpointReferences[0] = new
>> >>> EndpointReference(serviceEPRPrefix +
>> >>> serviceName + "/");
>> >>>         return endpointReferences;
>> >>>     }
>> >>>
>> >>>
>> >>>
>> >>
>> >>
>> >>
>> >> --
>> >> Amila Suriarachchi,
>> >> WSO2 Inc.
>> >
>> >
>>
>>
>>
>> --
>> Davanum Srinivas :: http://davanum.wordpress.com
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-dev-help@ws.apache.org
>>
>
>
>
> --
> Keith Chapman
> Senior Software Engineer
> WSO2 Inc.
> Oxygenating the Web Service Platform.
> http://wso2.org/
>
> blog: http://www.keith-chapman.org
>



-- 
Davanum Srinivas :: http://davanum.wordpress.com

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org


Mime
View raw message