cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Decker (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CXF-7456) empty query string injects into enum type will lead 404 error
Date Thu, 27 Jul 2017 14:59:00 GMT

    [ https://issues.apache.org/jira/browse/CXF-7456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16103302#comment-16103302
] 

Michael Decker edited comment on CXF-7456 at 7/27/17 2:58 PM:
--------------------------------------------------------------

That is for example the implementation of our enum:

public enum MyEnum {
  FOO,
  BAR;

  public MyEnum fromString(String value) {
    if (StringUtils.isBlank(value)) {
      return null;
    }
    
    for (MyEnum item : MyEnum.class.getEnumConstants()) {
      // Be userfriendly and support ignore case
      if (StringUtils.equalsIgnoreCase(item.toString(), value)) {
        return item;
      }
    }
    
    if (result == null) {
      throw new WebApplicationException(format(ERROR_MESSAGE, value, clazz.getSimpleName()),
HttpStatus.SC_BAD_REQUEST);
    }
  }
  
}

So it returns "null" in case of empty string.
But if it returns null CFX is calling MyEnum.valueOf(value) instead of allowing null value.

So I wonder, why "null" is not an allowed value.


was (Author: michael d.):
That is for example the implementation of our enum:

public enum MyEnum {
  FOO,
  BAR;

  public MyEnum fromString(String value) {
    if (StringUtils.isBlank(value)) {
      return null;
    }
    
    for (EndpointType item : EndpointType.class.getEnumConstants()) {
      // Be userfriendly and support ignore case
      if (StringUtils.equalsIgnoreCase(item.toString(), value)) {
        return item;
      }
    }
    
    if (result == null) {
      throw new WebApplicationException(format(ERROR_MESSAGE, value, clazz.getSimpleName()),
HttpStatus.SC_BAD_REQUEST);
    }
  }
  
}

So it returns "null" in case of empty string.
But if it returns null CFX is calling MyEnum.valueOf(value) instead of allowing null value.

So I wonder, why "null" is not an allowed value.

> empty query string injects into enum type will lead 404 error
> -------------------------------------------------------------
>
>                 Key: CXF-7456
>                 URL: https://issues.apache.org/jira/browse/CXF-7456
>             Project: CXF
>          Issue Type: Bug
>          Components: Core, JAX-RS
>    Affects Versions: 3.1.11
>            Reporter: Michael Decker
>
> This issue is similar to CXF-7307.
> The http request:
> GET /demo-provider/v1.0/users/beanparam?a= HTTP/1.1
> HOST: localhost:8080
> accept: application/json
> content-type: application/json
> The resource method returns null:
> public String beanParam(@QueryParam("a") MyEnum a)
> { return ""+a; }
> javax.ws.rs.ClientErrorException: HTTP 404 Not Found
> {{
> 2017-07-27 14:51:34.325 [Default Executor-thread-117] DEBUG d.k.i.a.e.h.WebApplicationExceptionHandler
toResponse[30]: Build webapplication error response [exceptionMessage=HTTP 404 Not Found]
> javax.ws.rs.WebApplicationException: HTTP 404 Not Found
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.evaluateFactoryMethods(InjectionUtils.java:546)
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.handleParameter(InjectionUtils.java:457)
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.injectIntoCollectionOrArray(InjectionUtils.java:931)
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.createParameterObject(InjectionUtils.java:1003)
> 	at org.apache.cxf.jaxrs.utils.JAXRSUtils.readQueryString(JAXRSUtils.java:1192)
> 	at org.apache.cxf.jaxrs.utils.JAXRSUtils.createHttpParameterValue(JAXRSUtils.java:868)
> 	at org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameter(JAXRSUtils.java:838)
> 	at org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameters(JAXRSUtils.java:789)
> 	at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:212)
> 	at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:77)
> 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> 	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> 	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:262)
> 	at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> 	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> 	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> 	at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180)
> 	at de.CXFServlet.invoke(CXFServlet.java:71)
> 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:299)
> 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:223)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
> 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:274)
> 	at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1290)
> ...
> 	at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.IllegalArgumentException: No enum constant de.MyEnum.
> 	at java.lang.Enum.valueOf(Enum.java:236)
> 	at de.MyEnum.valueOf(EndpointType.java:1)
> 	at sun.reflect.GeneratedMethodAccessor1111.invoke(Unknown Source)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java)
> 	at java.lang.reflect.Method.invoke(Method.java:606)
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.evaluateFactoryMethod(InjectionUtils.java:560)
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.evaluateFactoryMethods(InjectionUtils.java:527)
> 	... 51 common frames omitted
> }}
>     
>     
> org.apache.cxf.jaxrs.utils.InjectionUtils.handleParameter(String, boolean, Class<T>,
Type, Annotation[], ParameterType, Message)
>     -> calls org.apache.cxf.jaxrs.utils.InjectionUtils.evaluateFactoryMethods(String,
ParameterType, Object, Class<?>, String[])
>         using "fromString", "fromValue", "valueOf"
>         -> evaluateFactoryMethods continues with next method, if the first method
returns null
>             -> as "fromString" returns "null" now (it is implemented), "fromValue"
does not exists, it calls "valueOf" and that one cannot handle null, empty or blank Strings
>     -> and even, if evaluateFactoryMethods would return null, the handleParameter
contains this check, that forbids null:
>         --- SNIP ---
>             if (result == null) {
>                 reportServerError("WRONG_PARAMETER_TYPE", pClass.getName());
>             }
>         --- SNAP ---



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message