axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Davanum Srinivas" <dava...@gmail.com>
Subject Re: svn commit: r682470 - in /webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2: description/ transport/http/ transport/jms/ transport/nhttp/
Date Thu, 07 Aug 2008 10:38:32 GMT
Guess it really does not matter anymore...we have hit the slippery
slope at full tilt. Let's see where we end up when we finally ship
1.4.1. maybe we should stop calling it 1.4.1 because it is not tiny
release anymore.

-- dims

On Thu, Aug 7, 2008 at 4:34 AM, keith chapman <keithgchapman@gmail.com> wrote:
> Hi Dims,
>
> I agree that its not a security problem. But REST stuff via WSDL 2.0 would
> not work without this fix. Which means that REST via WSDL 2.0 is broken in
> Axis 2 1.4. We agreed that if there are critical fixes we would put them
> into this release. And this IS a critical fix.
>
> Thanks,
> Keith.
>
> On Thu, Aug 7, 2008 at 11:18 AM, Davanum Srinivas <davanum@gmail.com> wrote:
>>
>> Keith,
>>
>> Do you consider this in scope for a security problem oriented 1.4.1
>> release?
>>
>> -- dims
>>
>> On Thu, Aug 7, 2008 at 12:56 AM, keith chapman <keithgchapman@gmail.com>
>> wrote:
>> > Here is the reason for adding the trailing "/"
>> >
>> > When a WSDL has a httpLocation that is resolved against the base URI, so
>> > lets assume a bindingOperation has whttp:laction="foo/{bar} and that
>> > this is
>> > exposed over 3 endpoints, SOAP 11 SOAP 12 and HTTP.
>> > for the SOAP 11 endpoint  the address would be
>> > http://localhost:8080/axis2/services/fooService.SOAP11Endpoint/
>> > for the SOAP 11 endpoint  the address would be
>> > http://localhost:8080/axis2/services/fooService.SOAP12Endpoint/
>> > for the SOAP 11 endpoint  the address would be
>> > http://localhost:8080/axis2/services/fooService.HTTPEndpoint/
>> >
>> > Now the above works perfectly only if the trailing "/" is there. If its
>> > absent when
>> > http://localhost:8080/axis2/services/fooService.SOAP11Endpoint/
>> > is resolved agaist foo/{bar} the result would be
>> > http://localhost:8080/axis2/services/foo/{bar} which is incorrect.
>> >
>> > So that is the reason for having the trailing "/"
>> >
>> > Now the second point. Why did I remove it ;).
>> >
>> > Previously the trailing "/" was added in the AxisEndpoint class where
>> > the
>> > epr was calculated. This leads to undesirable issues when other
>> > transports
>> > are used. For e.g when JMS was used the endpoint address was
>> >
>> > jms:/fooService?transport.jms.ConnectionFactoryJNDIName=QueueConnectionFactory&java.naming.factory.initial=org.apache.activemq.jndi.ActiveMQInitialContextFactory&java.naming.provider.url=tcp://localhost:61616/
>> >
>> > If the dynamic mode of service client was used to write a client for
>> > this it
>> > would fail with a numberFormatException. All because of the trailing
>> > "/".
>> >
>> > The trailing "/" is needed only for the HTTP case. So it should be the
>> > duty
>> > of the httpListeners to add this trailing "/". This was the rationale
>> > for
>> > getting rid of this logic from the AxisEndpoint class and adding it to
>> > the
>> > http listeners.
>> >
>> > Thanks,
>> > Keith.
>> >
>> > On Wed, Aug 6, 2008 at 10:44 PM, Davanum Srinivas <davanum@gmail.com>
>> > wrote:
>> >>
>> >> Sorry! had to ask! and is this a security issue? Why is it even being
>> >> considered?
>> >>
>> >> -- dims
>> >>
>> >> On Wed, Aug 6, 2008 at 1:06 PM, Saminda Abeyruwan <samindaa@gmail.com>
>> >> wrote:
>> >> > Is there any particular reason to add the tailing "/".
>> >> >
>> >> > Saminda
>> >> >
>> >> > On Wed, Aug 6, 2008 at 8:35 AM, Amila Suriarachchi
>> >> > <amilasuriarachchi@gmail.com> wrote:
>> >> >>
>> >> >> hi keith,
>> >> >>
>> >> >> is there any reason to remove the ending "/".
>> >> >> IMHO we should not remove this if there is no problem with that.
>> >> >> Because
>> >> >> someone may have written a code
>> >> >> by considering that "/"
>> >> >>
>> >> >> thanks,
>> >> >> Amila.
>> >> >>
>> >> >> On Tue, Aug 5, 2008 at 12:49 AM, <keithc@apache.org> wrote:
>> >> >>>
>> >> >>> Author: keithc
>> >> >>> Date: Mon Aug  4 12:19:15 2008
>> >> >>> New Revision: 682470
>> >> >>>
>> >> >>> URL: http://svn.apache.org/viewvc?rev=682470&view=rev
>> >> >>> Log:
>> >> >>> Applying patch given by amila to Axis2-3961. Also getting rid
of
>> >> >>> the
>> >> >>> trailing / added in axisEndpoint and adding it in the http
related
>> >> >>> listeners
>> >> >>>
>> >> >>> Modified:
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>> >> >>>
>> >> >>> Modified:
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>> >> >>> URL:
>> >> >>>
>> >> >>>
>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java?rev=682470&r1=682469&r2=682470&view=diff
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> ==============================================================================
>> >> >>> ---
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>> >> >>> (original)
>> >> >>> +++
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>> >> >>> Mon Aug  4 12:19:15 2008
>> >> >>> @@ -194,7 +194,7 @@
>> >> >>>
>> >> >>>  .getEPRsForService(sDOTe, ip);
>> >> >>>                                        // we consider only
the
>> >> >>> first
>> >> >>> address return by the listener
>> >> >>>                                        if (eprsForService !=
null
>> >> >>> &&
>> >> >>> eprsForService.length > 0) {
>> >> >>> -                                               return
>> >> >>> eprsForService[0].getAddress()  + "/";
>> >> >>> +                                               return
>> >> >>> eprsForService[0].getAddress();
>> >> >>>                                        }
>> >> >>>                                } catch (SocketException e)
{
>> >> >>>                                        logger.warn(e.getMessage(),
>> >> >>> e);
>> >> >>>
>> >> >>> Modified:
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>> >> >>> URL:
>> >> >>>
>> >> >>>
>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java?rev=682470&r1=682469&r2=682470&view=diff
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> ==============================================================================
>> >> >>> ---
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>> >> >>> (original)
>> >> >>> +++
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>> >> >>> Mon Aug  4 12:19:15 2008
>> >> >>> @@ -590,7 +590,7 @@
>> >> >>>             endpointRefernce = endpointRefernce + '/' +
>> >> >>>                     configContext.getServiceContextPath() +
"/" +
>> >> >>> serviceName;
>> >> >>>         }
>> >> >>> -        EndpointReference endpoint = new
>> >> >>> EndpointReference(endpointRefernce);
>> >> >>> +        EndpointReference endpoint = new
>> >> >>> EndpointReference(endpointRefernce + "/");
>> >> >>>
>> >> >>>         return new EndpointReference[]{endpoint};
>> >> >>>     }
>> >> >>>
>> >> >>> Modified:
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>> >> >>> URL:
>> >> >>>
>> >> >>>
>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java?rev=682470&r1=682469&r2=682470&view=diff
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> ==============================================================================
>> >> >>> ---
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>> >> >>> (original)
>> >> >>> +++
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>> >> >>> Mon Aug  4 12:19:15 2008
>> >> >>> @@ -71,7 +71,7 @@
>> >> >>>         if(path.charAt(0)!='/'){
>> >> >>>             path = '/' + path;
>> >> >>>         }
>> >> >>> -        return new EndpointReference[]{new
>> >> >>> EndpointReference(schema +
>> >> >>> "://" + ip + ":" + port + path )};
>> >> >>> +        return new EndpointReference[]{new
>> >> >>> EndpointReference(schema +
>> >> >>> "://" + ip + ":" + port + path + "/" )};
>> >> >>>     }
>> >> >>>
>> >> >>>     public EndpointReference getEPRForService(String serviceName,
>> >> >>> String
>> >> >>> ip) throws AxisFault {
>> >> >>>
>> >> >>> Modified:
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>> >> >>> URL:
>> >> >>>
>> >> >>>
>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java?rev=682470&r1=682469&r2=682470&view=diff
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> ==============================================================================
>> >> >>> ---
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>> >> >>> (original)
>> >> >>> +++
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>> >> >>> Mon Aug  4 12:19:15 2008
>> >> >>> @@ -262,7 +262,7 @@
>> >> >>>                     endpointRefernce = endpointRefernce + '/'
+
>> >> >>>
>> >> >>> configurationContext.getServiceContextPath()
>> >> >>> + "/" + serviceName;
>> >> >>>                 }
>> >> >>> -                return new EndpointReference[]{new
>> >> >>> EndpointReference(endpointRefernce)};
>> >> >>> +                return new EndpointReference[]{new
>> >> >>> EndpointReference(endpointRefernce + "/")};
>> >> >>>             } else {
>> >> >>>                 throw new AxisFault("Unable to generate EPR
for the
>> >> >>> transport : http");
>> >> >>>             }
>> >> >>> @@ -296,7 +296,7 @@
>> >> >>>             }
>> >> >>>
>> >> >>>
>> >> >>> -            return new EndpointReference[]{new
>> >> >>> EndpointReference(endpointRefernce)};
>> >> >>> +            return new EndpointReference[]{new
>> >> >>> EndpointReference(endpointRefernce + "/")};
>> >> >>>         } else {
>> >> >>>             throw new AxisFault("Unable to generate EPR for
the
>> >> >>> transport
>> >> >>> : http");
>> >> >>>         }
>> >> >>>
>> >> >>> Modified:
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>> >> >>> URL:
>> >> >>>
>> >> >>>
>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java?rev=682470&r1=682469&r2=682470&view=diff
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> ==============================================================================
>> >> >>> ---
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>> >> >>> (original)
>> >> >>> +++
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>> >> >>> Mon Aug  4 12:19:15 2008
>> >> >>> @@ -350,8 +350,15 @@
>> >> >>>         if (serviceName.indexOf('/') != -1) {
>> >> >>>             serviceName = serviceName.substring(0,
>> >> >>> serviceName.indexOf('/'));
>> >> >>>         }
>> >> >>> -        return new EndpointReference[]{
>> >> >>> -                new EndpointReference((String)
>> >> >>> serviceNameToEprMap.get(serviceName))};
>> >> >>> +
>> >> >>> +        String endpointName = (String)
>> >> >>> serviceNameToEprMap.get(serviceName);
>> >> >>> +        if (endpointName == null){
>> >> >>> +            if (serviceName.indexOf(".") != -1){
>> >> >>> +                serviceName = serviceName.substring(0,
>> >> >>> serviceName.indexOf("."));
>> >> >>> +                endpointName = (String)
>> >> >>> serviceNameToEprMap.get(serviceName);
>> >> >>> +            }
>> >> >>> +        }
>> >> >>> +        return new EndpointReference[]{new
>> >> >>> EndpointReference(endpointName)};
>> >> >>>     }
>> >> >>>
>> >> >>>     /**
>> >> >>>
>> >> >>> Modified:
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>> >> >>> URL:
>> >> >>>
>> >> >>>
>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java?rev=682470&r1=682469&r2=682470&view=diff
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> ==============================================================================
>> >> >>> ---
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>> >> >>> (original)
>> >> >>> +++
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>> >> >>> Mon Aug  4 12:19:15 2008
>> >> >>> @@ -222,7 +222,7 @@
>> >> >>>      * Return the EPR for the given service (implements deprecated
>> >> >>> method
>> >> >>> temporarily)
>> >> >>>      */
>> >> >>>     public EndpointReference getEPRForService(String serviceName,
>> >> >>> String
>> >> >>> ip) throws AxisFault {
>> >> >>> -        return new EndpointReference(serviceEPRPrefix +
>> >> >>> serviceName);
>> >> >>> +        return new EndpointReference(serviceEPRPrefix +
>> >> >>> serviceName +
>> >> >>> "/");
>> >> >>>     }
>> >> >>>
>> >> >>>     /**
>> >> >>> @@ -234,7 +234,7 @@
>> >> >>>      */
>> >> >>>     public EndpointReference[] getEPRsForService(String
>> >> >>> serviceName,
>> >> >>> String ip) throws AxisFault {
>> >> >>>         EndpointReference[] endpointReferences = new
>> >> >>> EndpointReference[1];
>> >> >>> -        endpointReferences[0] = new
>> >> >>> EndpointReference(serviceEPRPrefix +
>> >> >>> serviceName);
>> >> >>> +        endpointReferences[0] = new
>> >> >>> EndpointReference(serviceEPRPrefix +
>> >> >>> serviceName + "/");
>> >> >>>         return endpointReferences;
>> >> >>>     }
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> Amila Suriarachchi,
>> >> >> WSO2 Inc.
>> >> >
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Davanum Srinivas :: http://davanum.wordpress.com
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
>> >> For additional commands, e-mail: axis-dev-help@ws.apache.org
>> >>
>> >
>> >
>> >
>> > --
>> > Keith Chapman
>> > Senior Software Engineer
>> > WSO2 Inc.
>> > Oxygenating the Web Service Platform.
>> > http://wso2.org/
>> >
>> > blog: http://www.keith-chapman.org
>> >
>>
>>
>>
>> --
>> Davanum Srinivas :: http://davanum.wordpress.com
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-dev-help@ws.apache.org
>>
>
>
>
> --
> Keith Chapman
> Senior Software Engineer
> WSO2 Inc.
> Oxygenating the Web Service Platform.
> http://wso2.org/
>
> blog: http://www.keith-chapman.org
>



-- 
Davanum Srinivas :: http://davanum.wordpress.com

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org


Mime
View raw message