cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Decker (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-7456) empty query string injects into enum type will lead 404 error
Date Thu, 27 Jul 2017 15:10:04 GMT

    [ https://issues.apache.org/jira/browse/CXF-7456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16103318#comment-16103318
] 

Michael Decker commented on CXF-7456:
-------------------------------------

org.apache.cxf.jaxrs.utils.InjectionUtils.handleParameter(...) in general allows to return
"null":
    --- SNIP ---
        if (value == null) {
            return null;
        }
    --- SNAP ---

eventually it tries to call "fromString"
    --- SNIP ---
        if (result == null) {
            // check for valueOf(String) static methods
            String[] methodNames = cls.isEnum() 
                ? new String[] {"fromString", "fromValue", "valueOf"} 
                : new String[] {"valueOf", "fromString"};
            result = evaluateFactoryMethods(value, pType, result, cls, methodNames);
        }
    --- SNAP ---

But also at the end, it does not support "null" any longer
    --- SNIP ---
        if (result == null) {
            reportServerError("WRONG_PARAMETER_TYPE", pClass.getName());
        }
    --- SNAP ---
but, if it generally supports null, I wonder, why it should not support later on "null"


On the other hand "evaluateFactoryMethods" does not recognize "null" as a valid value, as
it continues calling methods then:
    --- SNIP ---
        for (String mName : methodNames) {
...
                result = evaluateFactoryMethod(value, cls, pType, mName);
                if (result != null) {
                    factoryMethodEx = null;
                    break;
                }
            } catch (Exception ex) {
...
            }
...
        }
    --- SNAP ---
So it calls "fromString", which is returning "null". But does not consider it, continue with
the for loop.
Calls "fromValue", which is not implemented, remember that exception, and continue with the
for loop
Calls "valueOf", which is returning the exception, as it cannot handle an empty string, that
exception is remembered as last exception and rethrown.

I wonder, if "evaluateFactoryMethods" should support "null" as valid return value, as "handleParameter"
does support it in general.

> empty query string injects into enum type will lead 404 error
> -------------------------------------------------------------
>
>                 Key: CXF-7456
>                 URL: https://issues.apache.org/jira/browse/CXF-7456
>             Project: CXF
>          Issue Type: Bug
>          Components: Core, JAX-RS
>    Affects Versions: 3.1.11
>            Reporter: Michael Decker
>
> This issue is similar to CXF-7307.
> The http request:
> GET /demo-provider/v1.0/users/beanparam?a= HTTP/1.1
> HOST: localhost:8080
> accept: application/json
> content-type: application/json
> The resource method returns null:
> public String beanParam(@QueryParam("a") MyEnum a)
> { return ""+a; }
> javax.ws.rs.ClientErrorException: HTTP 404 Not Found
> {{
> 2017-07-27 14:51:34.325 [Default Executor-thread-117] DEBUG d.k.i.a.e.h.WebApplicationExceptionHandler
toResponse[30]: Build webapplication error response [exceptionMessage=HTTP 404 Not Found]
> javax.ws.rs.WebApplicationException: HTTP 404 Not Found
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.evaluateFactoryMethods(InjectionUtils.java:546)
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.handleParameter(InjectionUtils.java:457)
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.injectIntoCollectionOrArray(InjectionUtils.java:931)
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.createParameterObject(InjectionUtils.java:1003)
> 	at org.apache.cxf.jaxrs.utils.JAXRSUtils.readQueryString(JAXRSUtils.java:1192)
> 	at org.apache.cxf.jaxrs.utils.JAXRSUtils.createHttpParameterValue(JAXRSUtils.java:868)
> 	at org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameter(JAXRSUtils.java:838)
> 	at org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameters(JAXRSUtils.java:789)
> 	at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:212)
> 	at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:77)
> 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> 	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> 	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:262)
> 	at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> 	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> 	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> 	at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180)
> 	at de.CXFServlet.invoke(CXFServlet.java:71)
> 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:299)
> 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:223)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
> 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:274)
> 	at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1290)
> ...
> 	at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.IllegalArgumentException: No enum constant de.MyEnum.
> 	at java.lang.Enum.valueOf(Enum.java:236)
> 	at de.MyEnum.valueOf(EndpointType.java:1)
> 	at sun.reflect.GeneratedMethodAccessor1111.invoke(Unknown Source)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java)
> 	at java.lang.reflect.Method.invoke(Method.java:606)
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.evaluateFactoryMethod(InjectionUtils.java:560)
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.evaluateFactoryMethods(InjectionUtils.java:527)
> 	... 51 common frames omitted
> }}
>     
>     
> org.apache.cxf.jaxrs.utils.InjectionUtils.handleParameter(String, boolean, Class<T>,
Type, Annotation[], ParameterType, Message)
>     -> calls org.apache.cxf.jaxrs.utils.InjectionUtils.evaluateFactoryMethods(String,
ParameterType, Object, Class<?>, String[])
>         using "fromString", "fromValue", "valueOf"
>         -> evaluateFactoryMethods continues with next method, if the first method
returns null
>             -> as "fromString" returns "null" now (it is implemented), "fromValue"
does not exists, it calls "valueOf" and that one cannot handle null, empty or blank Strings
>     -> and even, if evaluateFactoryMethods would return null, the handleParameter
contains this check, that forbids null:
>         --- SNIP ---
>             if (result == null) {
>                 reportServerError("WRONG_PARAMETER_TYPE", pClass.getName());
>             }
>         --- SNAP ---



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message