struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-5029) The content allowed-methods tag of the XML configuration is sometimes truncated
Date Sat, 20 Apr 2019 05:34:00 GMT

    [ https://issues.apache.org/jira/browse/WW-5029?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16822365#comment-16822365
] 

ASF subversion and git services commented on WW-5029:
-----------------------------------------------------

Commit 47a8a21da276ca1f2521685f7445330be84c66ee in struts's branch refs/heads/master from
JCgH4164838Gh792C124B5
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=47a8a21 ]

Proposed fix for WW-5029 for the 2.5.x branch (#347)

* Proposed fix for WW-5029 for the 2.5.x branch:
- NOTE: If the PR is accepted please credit Maxime Clement for this change as they found
        the issue, identified the probable cause/related details and opened the JIRA.
- Updated XWorkConfigurationProvider buildAllowedMethods(), loadGlobalAllowedMethods() so
that
  they now handle situations when a SAX parser produces multiple elements to represent the
tag
  body value.
- No changes to unit tests.

* Update commit to fix weakness identified by Maxime Clement:
- Implementation should now properly concatenate the node children values together (as a single
unified string)
  in both buildAllowedMethods(), loadGlobalAllowedMethods() - before generating the method
Set to be added.
- Made some eligible variables final.

* Update commit to provide new unit tests:
- Added unit tests to confirm the fixes for buildAllowedMethods(), loadGlobalAllowedMethods()
- Added Mock DOM classes sufficient for these tests.
- Added unit tests to cover buildResults() and loadGlobalResults().

(cherry picked from commit fb38a91)


> The content allowed-methods tag of the XML configuration is sometimes truncated
> -------------------------------------------------------------------------------
>
>                 Key: WW-5029
>                 URL: https://issues.apache.org/jira/browse/WW-5029
>             Project: Struts 2
>          Issue Type: Bug
>          Components: XML Configuration
>    Affects Versions: 2.5.18
>            Reporter: Maxime Clement
>            Priority: Major
>             Fix For: 2.5.21, 2.6
>
>
> Under WebSphere 8.5, the SAX parser sometimes create multiple text elements to represent
the value of the "allowed-methods" tag found in the struts.xml configuration file. This happens
when the text is read in chunks as stated here: [https://docs.oracle.com/javase/8/docs/api/org/xml/sax/ContentHandler.html#characters-char:A-int-int-].
> This case is not handled in class XmlConfigurationProvider, which only reads the first
child of the org.w3c.dom.Node returned by the parser (see [https://github.com/apache/struts/blob/struts-2-5-x/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java#L879]).
>  
> This means that with this configuration:
> {code:java}
> <allowed-methods>method1,method2</allowed-methods>
> {code}
> The node instance almost always contains a single child [ "method1,method2" ], but randomly
the node instance can contain two children: [ "method1,me", "thod2" ]. As only the first child
is considered, the retrieved text is truncated and the configuration doesn't work.
>  
> It happens randomly and cannot be reproduced easily, but we can see in the XmlConfigurationProvider
class that this case has been taken into account for the "result" tag:
> {code:java}
> <result>something</result>
> {code}
>  See: [https://github.com/apache/struts/blob/struts-2-5-x/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java#L767] where
all node children of type Node.TEXT_NODE are concatenated to retrieve the text value, so even
if the SAX parser returns multiple chunks, the word is correctly reconstructed.
>  
> As a workaround I created a custom configuration provider that overrides StrutsXmlConfigurationProvider
and redefines the method "buildAllowedMethods" in order to parse all children of the node
object, as done in method "buildResults". Note that the same problem applies for "global-allowed-methods"
as the XmlConfigurationProvider also considers the first child only.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message