ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nicolas Malin (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (OFBIZ-3699) ServiceDispatcher.checkAuth modifies the context if the invocation service has a permissionServiceName
Date Sat, 17 Sep 2016 07:50:20 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-3699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Nicolas Malin reassigned OFBIZ-3699:
------------------------------------

    Assignee: Nicolas Malin

> ServiceDispatcher.checkAuth modifies the context if the invocation service has a permissionServiceName
> ------------------------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-3699
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-3699
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Bob Morley
>            Assignee: Nicolas Malin
>
> Created as a result of thread: http://n4.nabble.com/Magically-converted-types-from-simpleTypeConvert-td1838891.html
> The follow code in the ServiceDispatcher ...
>         if (UtilValidate.isNotEmpty(origService.permissionServiceName)) {
>             ...
>             if (hasPermission.booleanValue()) {
>                 context.putAll(permResp);
>                 context = origService.makeValid(context, ModelService.IN_PARAM); 
> ... causes the incoming context to be modified both by adding values from the results
of the permission service but also by converting any datatypes to match those in the service
definition.  This hides any invalid service invocations (from a data type pov) and if the
permisionServiceName is removed, the code would start failing with the incorrect data types.
> Suggest is to change this to something like ...
> Map<String, Object> permRespContext = ServiceUtil.setServiceFields(dctx, serviceName,
permResp);
> context.putAll(permRespContext); 
> The concern is that by doing this there may be some services that were relying on the
data type conversion (because they were invalid requests) which would start to fail.  Appropriate
impact analysis of services that define "permissionServiceName" and appropriate resolutions
need to be included with this change.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message