axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Davanum Srinivas" <dava...@gmail.com>
Subject Re: svn commit: r682470 - in /webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2: description/ transport/http/ transport/jms/ transport/nhttp/
Date Thu, 07 Aug 2008 10:45:32 GMT
For the record, i never agreed to this "critical fix" mode. Please
check the thread

http://marc.info/?t=121543407100005&r=1&w=2

I explicitly objected to keeping things open. It's been a month since
we started the thread.

Please point out where exactly did we agree on this "critical fixes"
as the policy for 1.4.1. So that i don't make the same mistake next
time.

thanks,
dims

On Thu, Aug 7, 2008 at 6:38 AM, Davanum Srinivas <davanum@gmail.com> wrote:
> Guess it really does not matter anymore...we have hit the slippery
> slope at full tilt. Let's see where we end up when we finally ship
> 1.4.1. maybe we should stop calling it 1.4.1 because it is not tiny
> release anymore.
>
> -- dims
>
> On Thu, Aug 7, 2008 at 4:34 AM, keith chapman <keithgchapman@gmail.com> wrote:
>> Hi Dims,
>>
>> I agree that its not a security problem. But REST stuff via WSDL 2.0 would
>> not work without this fix. Which means that REST via WSDL 2.0 is broken in
>> Axis 2 1.4. We agreed that if there are critical fixes we would put them
>> into this release. And this IS a critical fix.
>>
>> Thanks,
>> Keith.
>>
>> On Thu, Aug 7, 2008 at 11:18 AM, Davanum Srinivas <davanum@gmail.com> wrote:
>>>
>>> Keith,
>>>
>>> Do you consider this in scope for a security problem oriented 1.4.1
>>> release?
>>>
>>> -- dims
>>>
>>> On Thu, Aug 7, 2008 at 12:56 AM, keith chapman <keithgchapman@gmail.com>
>>> wrote:
>>> > Here is the reason for adding the trailing "/"
>>> >
>>> > When a WSDL has a httpLocation that is resolved against the base URI, so
>>> > lets assume a bindingOperation has whttp:laction="foo/{bar} and that
>>> > this is
>>> > exposed over 3 endpoints, SOAP 11 SOAP 12 and HTTP.
>>> > for the SOAP 11 endpoint  the address would be
>>> > http://localhost:8080/axis2/services/fooService.SOAP11Endpoint/
>>> > for the SOAP 11 endpoint  the address would be
>>> > http://localhost:8080/axis2/services/fooService.SOAP12Endpoint/
>>> > for the SOAP 11 endpoint  the address would be
>>> > http://localhost:8080/axis2/services/fooService.HTTPEndpoint/
>>> >
>>> > Now the above works perfectly only if the trailing "/" is there. If its
>>> > absent when
>>> > http://localhost:8080/axis2/services/fooService.SOAP11Endpoint/
>>> > is resolved agaist foo/{bar} the result would be
>>> > http://localhost:8080/axis2/services/foo/{bar} which is incorrect.
>>> >
>>> > So that is the reason for having the trailing "/"
>>> >
>>> > Now the second point. Why did I remove it ;).
>>> >
>>> > Previously the trailing "/" was added in the AxisEndpoint class where
>>> > the
>>> > epr was calculated. This leads to undesirable issues when other
>>> > transports
>>> > are used. For e.g when JMS was used the endpoint address was
>>> >
>>> > jms:/fooService?transport.jms.ConnectionFactoryJNDIName=QueueConnectionFactory&java.naming.factory.initial=org.apache.activemq.jndi.ActiveMQInitialContextFactory&java.naming.provider.url=tcp://localhost:61616/
>>> >
>>> > If the dynamic mode of service client was used to write a client for
>>> > this it
>>> > would fail with a numberFormatException. All because of the trailing
>>> > "/".
>>> >
>>> > The trailing "/" is needed only for the HTTP case. So it should be the
>>> > duty
>>> > of the httpListeners to add this trailing "/". This was the rationale
>>> > for
>>> > getting rid of this logic from the AxisEndpoint class and adding it to
>>> > the
>>> > http listeners.
>>> >
>>> > Thanks,
>>> > Keith.
>>> >
>>> > On Wed, Aug 6, 2008 at 10:44 PM, Davanum Srinivas <davanum@gmail.com>
>>> > wrote:
>>> >>
>>> >> Sorry! had to ask! and is this a security issue? Why is it even being
>>> >> considered?
>>> >>
>>> >> -- dims
>>> >>
>>> >> On Wed, Aug 6, 2008 at 1:06 PM, Saminda Abeyruwan <samindaa@gmail.com>
>>> >> wrote:
>>> >> > Is there any particular reason to add the tailing "/".
>>> >> >
>>> >> > Saminda
>>> >> >
>>> >> > On Wed, Aug 6, 2008 at 8:35 AM, Amila Suriarachchi
>>> >> > <amilasuriarachchi@gmail.com> wrote:
>>> >> >>
>>> >> >> hi keith,
>>> >> >>
>>> >> >> is there any reason to remove the ending "/".
>>> >> >> IMHO we should not remove this if there is no problem with
that.
>>> >> >> Because
>>> >> >> someone may have written a code
>>> >> >> by considering that "/"
>>> >> >>
>>> >> >> thanks,
>>> >> >> Amila.
>>> >> >>
>>> >> >> On Tue, Aug 5, 2008 at 12:49 AM, <keithc@apache.org>
wrote:
>>> >> >>>
>>> >> >>> Author: keithc
>>> >> >>> Date: Mon Aug  4 12:19:15 2008
>>> >> >>> New Revision: 682470
>>> >> >>>
>>> >> >>> URL: http://svn.apache.org/viewvc?rev=682470&view=rev
>>> >> >>> Log:
>>> >> >>> Applying patch given by amila to Axis2-3961. Also getting
rid of
>>> >> >>> the
>>> >> >>> trailing / added in axisEndpoint and adding it in the http
related
>>> >> >>> listeners
>>> >> >>>
>>> >> >>> Modified:
>>> >> >>>
>>> >> >>>
>>> >> >>>
>>> >> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>>> >> >>>
>>> >> >>>
>>> >> >>>
>>> >> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>>> >> >>>
>>> >> >>>
>>> >> >>>
>>> >> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>>> >> >>>
>>> >> >>>
>>> >> >>>
>>> >> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>>> >> >>>
>>> >> >>>
>>> >> >>>
>>> >> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>>> >> >>>
>>> >> >>>
>>> >> >>>
>>> >> >>>  webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>>> >> >>>
>>> >> >>> Modified:
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>>> >> >>> URL:
>>> >> >>>
>>> >> >>>
>>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java?rev=682470&r1=682469&r2=682470&view=diff
>>> >> >>>
>>> >> >>>
>>> >> >>>
>>> >> >>> ==============================================================================
>>> >> >>> ---
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>>> >> >>> (original)
>>> >> >>> +++
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>>> >> >>> Mon Aug  4 12:19:15 2008
>>> >> >>> @@ -194,7 +194,7 @@
>>> >> >>>
>>> >> >>>  .getEPRsForService(sDOTe, ip);
>>> >> >>>                                        // we consider only
the
>>> >> >>> first
>>> >> >>> address return by the listener
>>> >> >>>                                        if (eprsForService
!= null
>>> >> >>> &&
>>> >> >>> eprsForService.length > 0) {
>>> >> >>> -                                               return
>>> >> >>> eprsForService[0].getAddress()  + "/";
>>> >> >>> +                                               return
>>> >> >>> eprsForService[0].getAddress();
>>> >> >>>                                        }
>>> >> >>>                                } catch (SocketException
e) {
>>> >> >>>                                        logger.warn(e.getMessage(),
>>> >> >>> e);
>>> >> >>>
>>> >> >>> Modified:
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>>> >> >>> URL:
>>> >> >>>
>>> >> >>>
>>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java?rev=682470&r1=682469&r2=682470&view=diff
>>> >> >>>
>>> >> >>>
>>> >> >>>
>>> >> >>> ==============================================================================
>>> >> >>> ---
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>>> >> >>> (original)
>>> >> >>> +++
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>>> >> >>> Mon Aug  4 12:19:15 2008
>>> >> >>> @@ -590,7 +590,7 @@
>>> >> >>>             endpointRefernce = endpointRefernce + '/' +
>>> >> >>>                     configContext.getServiceContextPath()
+ "/" +
>>> >> >>> serviceName;
>>> >> >>>         }
>>> >> >>> -        EndpointReference endpoint = new
>>> >> >>> EndpointReference(endpointRefernce);
>>> >> >>> +        EndpointReference endpoint = new
>>> >> >>> EndpointReference(endpointRefernce + "/");
>>> >> >>>
>>> >> >>>         return new EndpointReference[]{endpoint};
>>> >> >>>     }
>>> >> >>>
>>> >> >>> Modified:
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>>> >> >>> URL:
>>> >> >>>
>>> >> >>>
>>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java?rev=682470&r1=682469&r2=682470&view=diff
>>> >> >>>
>>> >> >>>
>>> >> >>>
>>> >> >>> ==============================================================================
>>> >> >>> ---
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>>> >> >>> (original)
>>> >> >>> +++
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>>> >> >>> Mon Aug  4 12:19:15 2008
>>> >> >>> @@ -71,7 +71,7 @@
>>> >> >>>         if(path.charAt(0)!='/'){
>>> >> >>>             path = '/' + path;
>>> >> >>>         }
>>> >> >>> -        return new EndpointReference[]{new
>>> >> >>> EndpointReference(schema +
>>> >> >>> "://" + ip + ":" + port + path )};
>>> >> >>> +        return new EndpointReference[]{new
>>> >> >>> EndpointReference(schema +
>>> >> >>> "://" + ip + ":" + port + path + "/" )};
>>> >> >>>     }
>>> >> >>>
>>> >> >>>     public EndpointReference getEPRForService(String serviceName,
>>> >> >>> String
>>> >> >>> ip) throws AxisFault {
>>> >> >>>
>>> >> >>> Modified:
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>>> >> >>> URL:
>>> >> >>>
>>> >> >>>
>>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java?rev=682470&r1=682469&r2=682470&view=diff
>>> >> >>>
>>> >> >>>
>>> >> >>>
>>> >> >>> ==============================================================================
>>> >> >>> ---
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>>> >> >>> (original)
>>> >> >>> +++
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>>> >> >>> Mon Aug  4 12:19:15 2008
>>> >> >>> @@ -262,7 +262,7 @@
>>> >> >>>                     endpointRefernce = endpointRefernce
+ '/' +
>>> >> >>>
>>> >> >>> configurationContext.getServiceContextPath()
>>> >> >>> + "/" + serviceName;
>>> >> >>>                 }
>>> >> >>> -                return new EndpointReference[]{new
>>> >> >>> EndpointReference(endpointRefernce)};
>>> >> >>> +                return new EndpointReference[]{new
>>> >> >>> EndpointReference(endpointRefernce + "/")};
>>> >> >>>             } else {
>>> >> >>>                 throw new AxisFault("Unable to generate
EPR for the
>>> >> >>> transport : http");
>>> >> >>>             }
>>> >> >>> @@ -296,7 +296,7 @@
>>> >> >>>             }
>>> >> >>>
>>> >> >>>
>>> >> >>> -            return new EndpointReference[]{new
>>> >> >>> EndpointReference(endpointRefernce)};
>>> >> >>> +            return new EndpointReference[]{new
>>> >> >>> EndpointReference(endpointRefernce + "/")};
>>> >> >>>         } else {
>>> >> >>>             throw new AxisFault("Unable to generate EPR
for the
>>> >> >>> transport
>>> >> >>> : http");
>>> >> >>>         }
>>> >> >>>
>>> >> >>> Modified:
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>>> >> >>> URL:
>>> >> >>>
>>> >> >>>
>>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java?rev=682470&r1=682469&r2=682470&view=diff
>>> >> >>>
>>> >> >>>
>>> >> >>>
>>> >> >>> ==============================================================================
>>> >> >>> ---
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>>> >> >>> (original)
>>> >> >>> +++
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>>> >> >>> Mon Aug  4 12:19:15 2008
>>> >> >>> @@ -350,8 +350,15 @@
>>> >> >>>         if (serviceName.indexOf('/') != -1) {
>>> >> >>>             serviceName = serviceName.substring(0,
>>> >> >>> serviceName.indexOf('/'));
>>> >> >>>         }
>>> >> >>> -        return new EndpointReference[]{
>>> >> >>> -                new EndpointReference((String)
>>> >> >>> serviceNameToEprMap.get(serviceName))};
>>> >> >>> +
>>> >> >>> +        String endpointName = (String)
>>> >> >>> serviceNameToEprMap.get(serviceName);
>>> >> >>> +        if (endpointName == null){
>>> >> >>> +            if (serviceName.indexOf(".") != -1){
>>> >> >>> +                serviceName = serviceName.substring(0,
>>> >> >>> serviceName.indexOf("."));
>>> >> >>> +                endpointName = (String)
>>> >> >>> serviceNameToEprMap.get(serviceName);
>>> >> >>> +            }
>>> >> >>> +        }
>>> >> >>> +        return new EndpointReference[]{new
>>> >> >>> EndpointReference(endpointName)};
>>> >> >>>     }
>>> >> >>>
>>> >> >>>     /**
>>> >> >>>
>>> >> >>> Modified:
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>>> >> >>> URL:
>>> >> >>>
>>> >> >>>
>>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java?rev=682470&r1=682469&r2=682470&view=diff
>>> >> >>>
>>> >> >>>
>>> >> >>>
>>> >> >>> ==============================================================================
>>> >> >>> ---
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>>> >> >>> (original)
>>> >> >>> +++
>>> >> >>>
>>> >> >>>
>>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>>> >> >>> Mon Aug  4 12:19:15 2008
>>> >> >>> @@ -222,7 +222,7 @@
>>> >> >>>      * Return the EPR for the given service (implements
deprecated
>>> >> >>> method
>>> >> >>> temporarily)
>>> >> >>>      */
>>> >> >>>     public EndpointReference getEPRForService(String serviceName,
>>> >> >>> String
>>> >> >>> ip) throws AxisFault {
>>> >> >>> -        return new EndpointReference(serviceEPRPrefix
+
>>> >> >>> serviceName);
>>> >> >>> +        return new EndpointReference(serviceEPRPrefix
+
>>> >> >>> serviceName +
>>> >> >>> "/");
>>> >> >>>     }
>>> >> >>>
>>> >> >>>     /**
>>> >> >>> @@ -234,7 +234,7 @@
>>> >> >>>      */
>>> >> >>>     public EndpointReference[] getEPRsForService(String
>>> >> >>> serviceName,
>>> >> >>> String ip) throws AxisFault {
>>> >> >>>         EndpointReference[] endpointReferences = new
>>> >> >>> EndpointReference[1];
>>> >> >>> -        endpointReferences[0] = new
>>> >> >>> EndpointReference(serviceEPRPrefix +
>>> >> >>> serviceName);
>>> >> >>> +        endpointReferences[0] = new
>>> >> >>> EndpointReference(serviceEPRPrefix +
>>> >> >>> serviceName + "/");
>>> >> >>>         return endpointReferences;
>>> >> >>>     }
>>> >> >>>
>>> >> >>>
>>> >> >>>
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >> --
>>> >> >> Amila Suriarachchi,
>>> >> >> WSO2 Inc.
>>> >> >
>>> >> >
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Davanum Srinivas :: http://davanum.wordpress.com
>>> >>
>>> >> ---------------------------------------------------------------------
>>> >> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
>>> >> For additional commands, e-mail: axis-dev-help@ws.apache.org
>>> >>
>>> >
>>> >
>>> >
>>> > --
>>> > Keith Chapman
>>> > Senior Software Engineer
>>> > WSO2 Inc.
>>> > Oxygenating the Web Service Platform.
>>> > http://wso2.org/
>>> >
>>> > blog: http://www.keith-chapman.org
>>> >
>>>
>>>
>>>
>>> --
>>> Davanum Srinivas :: http://davanum.wordpress.com
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
>>> For additional commands, e-mail: axis-dev-help@ws.apache.org
>>>
>>
>>
>>
>> --
>> Keith Chapman
>> Senior Software Engineer
>> WSO2 Inc.
>> Oxygenating the Web Service Platform.
>> http://wso2.org/
>>
>> blog: http://www.keith-chapman.org
>>
>
>
>
> --
> Davanum Srinivas :: http://davanum.wordpress.com
>



-- 
Davanum Srinivas :: http://davanum.wordpress.com

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org


Mime
View raw message