cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject [3/3] cxf git commit: [CXF-6173] Use configured sizes limits for the SAAJIn processing
Date Tue, 23 Dec 2014 14:54:57 GMT
[CXF-6173] Use configured sizes limits for the SAAJIn processing


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d69dcbfc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d69dcbfc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d69dcbfc

Branch: refs/heads/3.0.x-fixes
Commit: d69dcbfcc67c78c254c050f94c4d29609aec5023
Parents: 60d7bf2
Author: Daniel Kulp <dkulp@apache.org>
Authored: Tue Dec 23 09:51:24 2014 -0500
Committer: Daniel Kulp <dkulp@apache.org>
Committed: Tue Dec 23 09:54:41 2014 -0500

----------------------------------------------------------------------
 .../org/apache/cxf/staxutils/StaxUtils.java     | 22 ++++++++
 .../binding/soap/saaj/SAAJInInterceptor.java    |  7 ++-
 ...ispatchClientServerWithHugeResponseTest.java | 56 +++++++++++++++-----
 3 files changed, 72 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/d69dcbfc/core/src/main/java/org/apache/cxf/staxutils/StaxUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/staxutils/StaxUtils.java b/core/src/main/java/org/apache/cxf/staxutils/StaxUtils.java
index d22a337..52b2246 100644
--- a/core/src/main/java/org/apache/cxf/staxutils/StaxUtils.java
+++ b/core/src/main/java/org/apache/cxf/staxutils/StaxUtils.java
@@ -230,10 +230,18 @@ public final class StaxUtils {
     }
     
     public static void setInnerElementLevelThreshold(int i) {
+        if (i == -1) {
+            i = 500;
+        }
         innerElementLevelThreshold = i;
+        setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxElementDepth", i);
     }
     public static void setInnerElementCountThreshold(int i) {
+        if (i == -1) {
+            i = 50000;
+        }
         innerElementCountThreshold = i;
+        setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxChildrenPerElement", i);
     }
 
     /**
@@ -2102,6 +2110,20 @@ public final class StaxUtils {
         }
     }
     
+    public static boolean isSecureReader(XMLStreamReader reader, Message message) {
+        if (reader instanceof DocumentDepthProperties) {
+            return true;
+        }
+        try {
+            if (reader.getProperty("com.ctc.wstx.maxChildrenPerElement") != null) {
+                return true;
+            }
+        } catch (Exception ex) {
+            //ignore
+        }
+        return false;
+    }
+    
     public static XMLStreamReader configureReader(XMLStreamReader xreader, Message message)
throws XMLStreamException {
         Integer messageMaxChildElements = PropertyUtils.getInteger(message, MAX_CHILD_ELEMENTS);
         Integer messageMaxElementDepth = PropertyUtils.getInteger(message, MAX_ELEMENT_DEPTH);

http://git-wip-us.apache.org/repos/asf/cxf/blob/d69dcbfc/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/saaj/SAAJInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/saaj/SAAJInInterceptor.java
b/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/saaj/SAAJInInterceptor.java
index 0cca461..627d251 100644
--- a/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/saaj/SAAJInInterceptor.java
+++ b/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/saaj/SAAJInInterceptor.java
@@ -220,10 +220,15 @@ public class SAAJInInterceptor extends AbstractSoapInterceptor {
                 soapMessage.getSOAPPart().getEnvelope().addHeader();
             }
             
+            //If we have an xmlReader that already is counting the attributes and such
+            //then we don't want to rely on the system level defaults in StaxUtils.copy
+            //CXF-6173
+            boolean secureReader = StaxUtils.isSecureReader(xmlReader, message);
             StaxUtils.copy(xmlReader, 
                            new SAAJStreamWriter(soapMessage.getSOAPPart(), 
                                                 soapMessage.getSOAPPart().getEnvelope().getBody()),
-                           true, true);
+                           true, 
+                           !secureReader);
             DOMSource bodySource = new DOMSource(soapMessage.getSOAPPart().getEnvelope().getBody());
             xmlReader = StaxUtils.createXMLStreamReader(bodySource);
             xmlReader.nextTag();

http://git-wip-us.apache.org/repos/asf/cxf/blob/d69dcbfc/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/DispatchClientServerWithHugeResponseTest.java
----------------------------------------------------------------------
diff --git a/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/DispatchClientServerWithHugeResponseTest.java
b/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/DispatchClientServerWithHugeResponseTest.java
index beb536d..658c074 100644
--- a/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/DispatchClientServerWithHugeResponseTest.java
+++ b/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/DispatchClientServerWithHugeResponseTest.java
@@ -21,10 +21,10 @@ package org.apache.cxf.systest.dispatch;
 
 import java.io.InputStream;
 import java.net.URL;
+import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
 
-
 import javax.xml.namespace.QName;
 import javax.xml.soap.MessageFactory;
 import javax.xml.soap.SOAPMessage;
@@ -34,7 +34,7 @@ import javax.xml.ws.Endpoint;
 import javax.xml.ws.Response;
 import javax.xml.ws.Service;
 
-
+import org.apache.cxf.binding.soap.SoapFault;
 import org.apache.cxf.interceptor.LoggingInInterceptor;
 import org.apache.cxf.interceptor.LoggingOutInterceptor;
 import org.apache.cxf.staxutils.StaxUtils;
@@ -44,7 +44,6 @@ import org.apache.cxf.testutil.common.TestUtil;
 import org.apache.hello_world_soap_http.GreeterImpl;
 import org.apache.hello_world_soap_http.SOAPService;
 
-import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 
@@ -93,15 +92,13 @@ public class DispatchClientServerWithHugeResponseTest extends AbstractBusClientS
     
     @org.junit.Before
     public void setUp() throws Exception {
-        StaxUtils.setInnerElementCountThreshold(12);
-        StaxUtils.setInnerElementLevelThreshold(12);
         createBus();
         getBus().getOutInterceptors().add(new LoggingOutInterceptor());
         getBus().getInInterceptors().add(new LoggingInInterceptor());
     }
     
-    @AfterClass
-    public static void cleanup() throws Exception {
+    @org.junit.After
+    public void cleanUp() throws Exception {
         StaxUtils.setInnerElementCountThreshold(-1);
         StaxUtils.setInnerElementLevelThreshold(-1);
     }
@@ -125,6 +122,8 @@ public class DispatchClientServerWithHugeResponseTest extends AbstractBusClientS
                                      + "/SOAPDispatchService/SoapDispatchPort");
         
         
+        StaxUtils.setInnerElementCountThreshold(12);
+        StaxUtils.setInnerElementLevelThreshold(12);
 
         InputStream is3 = getClass().getResourceAsStream("resources/GreetMeDocLiteralReq3.xml");
         SOAPMessage soapReqMsg3 = MessageFactory.newInstance().createMessage(null, is3);
@@ -162,6 +161,8 @@ public class DispatchClientServerWithHugeResponseTest extends AbstractBusClientS
                                      + "/SOAPDispatchService/SoapDispatchPort");
         
         
+        StaxUtils.setInnerElementCountThreshold(12);
+        StaxUtils.setInnerElementLevelThreshold(12);
 
         InputStream is3 = getClass().getResourceAsStream("resources/GreetMeDocLiteralReq3.xml");
         SOAPMessage soapReqMsg3 = MessageFactory.newInstance().createMessage(null, is3);
@@ -173,7 +174,24 @@ public class DispatchClientServerWithHugeResponseTest extends AbstractBusClientS
             fail("We should not have encountered a timeout, " 
                 + "should get some exception tell me stackoverflow");
         } catch (Throwable e) {
-            assertTrue(e.getCause().getMessage().startsWith("reach the innerElementLevelThreshold"));
+            if (e.getCause() == null) {
+                throw e;
+            }
+            Throwable t = e.getCause();
+            if (t instanceof SoapFault) {
+                SoapFault sf = (SoapFault)e.getCause();
+                if (sf.getCause() == null) {
+                    throw e;
+                }
+                t = sf.getCause();
+            }
+            if (t.getMessage() == null) {
+                throw e;
+            }
+            
+            String msg = t.getMessage();          
+            assertTrue(msg, msg.startsWith("reach the innerElementLevelThreshold")
+                       || msg.contains("Maximum Element Depth limit"));
         } finally {
             getBus().getInInterceptors().remove(hugeResponseInterceptor);
         }
@@ -190,7 +208,7 @@ public class DispatchClientServerWithHugeResponseTest extends AbstractBusClientS
 
         SOAPService service = new SOAPService(wsdl, SERVICE_NAME);
         assertNotNull(service);
-
+        
         Dispatch<SOAPMessage> disp = service
             .createDispatch(PORT_NAME, SOAPMessage.class, Service.Mode.MESSAGE);
         disp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
@@ -200,6 +218,9 @@ public class DispatchClientServerWithHugeResponseTest extends AbstractBusClientS
         
         
 
+        StaxUtils.setInnerElementCountThreshold(12);
+        StaxUtils.setInnerElementLevelThreshold(12);
+
         InputStream is3 = getClass().getResourceAsStream("resources/GreetMeDocLiteralReq3.xml");
         SOAPMessage soapReqMsg3 = MessageFactory.newInstance().createMessage(null, is3);
         assertNotNull(soapReqMsg3);
@@ -210,14 +231,25 @@ public class DispatchClientServerWithHugeResponseTest extends AbstractBusClientS
         } catch (TimeoutException te) {
             fail("We should not have encountered a timeout, " 
                 + "should get some exception tell me stackoverflow");
-        } catch (Throwable e) {
+        } catch (ExecutionException e) {
             if (e.getCause() == null) {
                 throw e;
             }
-            if (e.getCause().getMessage() == null) {
+            Throwable t = e.getCause();
+            if (t instanceof SoapFault) {
+                SoapFault sf = (SoapFault)e.getCause();
+                if (sf.getCause() == null) {
+                    throw e;
+                }
+                t = sf.getCause();
+            }
+            if (t.getMessage() == null) {
                 throw e;
             }
-            assertTrue(e.getCause().getMessage().startsWith("reach the innerElementCountThreshold"));
+            
+            String msg = t.getMessage();
+            assertTrue(msg, msg.startsWith("reach the innerElementCountThreshold")
+                       || msg.contains("Maximum Number of Child Elements"));
         } finally {
             getBus().getInInterceptors().remove(hugeResponseInterceptor);
         }


Mime
View raw message