You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by gd...@apache.org on 2002/03/08 17:32:04 UTC
cvs commit: xml-axis/java/src/org/apache/axis/transport/http AxisServlet.java
gdaniels 02/03/08 08:32:04
Modified: java/src/org/apache/axis/transport/http AxisServlet.java
Log:
Fix for fault code equality check, submitted by Adam Leggett.
Also remove print of configPath, which is a small but real security
hole (gives away absolute paths on server).
Revision Changes Path
1.88 +4 -2 xml-axis/java/src/org/apache/axis/transport/http/AxisServlet.java
Index: AxisServlet.java
===================================================================
RCS file: /home/cvs/xml-axis/java/src/org/apache/axis/transport/http/AxisServlet.java,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -r1.87 -r1.88
--- AxisServlet.java 27 Feb 2002 18:29:35 -0000 1.87
+++ AxisServlet.java 8 Mar 2002 16:32:04 -0000 1.88
@@ -359,7 +359,6 @@
res.setContentType("text/html");
writer.println("<h1>" + req.getRequestURI() +
"</h1>");
- writer.println(configPath);
writer.println(
"<p>" +
JavaUtils.getMessage("axisService00") + "</p>");
@@ -548,7 +547,10 @@
log.debug(e);
if ( e instanceof AxisFault ) {
AxisFault af = (AxisFault) e ;
- if ( "Server.Unauthorized".equals( af.getFaultCode() ) )
+ // Should really be doing this with explicit AxisFault
+ // sublcasses... --Glen
+ if ( "Server.Unauthorized".equals(
+ af.getFaultCode().getLocalPart() ) )
res.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
else
res.setStatus( HttpServletResponse.SC_INTERNAL_SERVER_ERROR );