You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Adrian Crum (JIRA)" <ji...@apache.org> on 2012/07/16 10:03:35 UTC

[jira] [Commented] (OFBIZ-3699) ServiceDispatcher.checkAuth modifies the context if the invocation service has a permissionServiceName

    [ https://issues.apache.org/jira/browse/OFBIZ-3699?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13414914#comment-13414914 ] 

Adrian Crum commented on OFBIZ-3699:
------------------------------------

If I understand correctly, there are two issues mentioned here:

1. Results from the permission service are added to the service parameters.
2. Service IN parameter data types are converted before invoking the service.

If that is correct, then #2 is not an issue - that is the intended behavior. For example, if HTTP parameters are passed to a service, then all of them will be java.lang.String data types (or a List of Strings). So, the automatic data type conversion is needed.

                
> ServiceDispatcher.checkAuth modifies the context if the invocation service has a permissionServiceName
> ------------------------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-3699
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-3699
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: SVN trunk
>            Reporter: Bob Morley
>             Fix For: SVN trunk
>
>
> Created as a result of thread: http://n4.nabble.com/Magically-converted-types-from-simpleTypeConvert-td1838891.html
> The follow code in the ServiceDispatcher ...
>         if (UtilValidate.isNotEmpty(origService.permissionServiceName)) {
>             ...
>             if (hasPermission.booleanValue()) {
>                 context.putAll(permResp);
>                 context = origService.makeValid(context, ModelService.IN_PARAM); 
> ... causes the incoming context to be modified both by adding values from the results of the permission service but also by converting any datatypes to match those in the service definition.  This hides any invalid service invocations (from a data type pov) and if the permisionServiceName is removed, the code would start failing with the incorrect data types.
> Suggest is to change this to something like ...
> Map<String, Object> permRespContext = ServiceUtil.setServiceFields(dctx, serviceName, permResp);
> context.putAll(permRespContext); 
> The concern is that by doing this there may be some services that were relying on the data type conversion (because they were invalid requests) which would start to fail.  Appropriate impact analysis of services that define "permissionServiceName" and appropriate resolutions need to be included with this change.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira