You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Michael Decker (JIRA)" <ji...@apache.org> on 2017/07/27 14:13:00 UTC
[jira] [Commented] (CXF-7456) empty query string injects into enum type will lead 404 error

    [ https://issues.apache.org/jira/browse/CXF-7456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16103251#comment-16103251 ] 

Michael Decker commented on CXF-7456:
-------------------------------------

Perhaps it would already solve this issue, if this first line of the method "handleParameter"
    --- SNIP ---
if (value == null) {
            return null;
}
    --- SNAP ---

would be adjusted to
    --- SNIP ---
if (value == null || value.isEmpty()) {
            return null;
}
    --- SNAP ---
    
but perhaps allowing to returning "null" from "fromString" could be the more safe implementation

> empty query string injects into enum type will lead 404 error
> -------------------------------------------------------------
>
>                 Key: CXF-7456
>                 URL: https://issues.apache.org/jira/browse/CXF-7456
>             Project: CXF
>          Issue Type: Bug
>          Components: Core, JAX-RS
>    Affects Versions: 3.1.11
>            Reporter: Michael Decker
>
> This issue is similar to CXF-7307.
> The http request:
> GET /demo-provider/v1.0/users/beanparam?a= HTTP/1.1
> HOST: localhost:8080
> accept: application/json
> content-type: application/json
> The resource method returns null:
> public String beanParam(@QueryParam("a") MyEnum a)
> { return ""+a; }
> javax.ws.rs.ClientErrorException: HTTP 404 Not Found
> {{
> 2017-07-27 14:51:34.325 [Default Executor-thread-117] DEBUG d.k.i.a.e.h.WebApplicationExceptionHandler toResponse[30]: Build webapplication error response [exceptionMessage=HTTP 404 Not Found]
> javax.ws.rs.WebApplicationException: HTTP 404 Not Found
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.evaluateFactoryMethods(InjectionUtils.java:546)
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.handleParameter(InjectionUtils.java:457)
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.injectIntoCollectionOrArray(InjectionUtils.java:931)
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.createParameterObject(InjectionUtils.java:1003)
> 	at org.apache.cxf.jaxrs.utils.JAXRSUtils.readQueryString(JAXRSUtils.java:1192)
> 	at org.apache.cxf.jaxrs.utils.JAXRSUtils.createHttpParameterValue(JAXRSUtils.java:868)
> 	at org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameter(JAXRSUtils.java:838)
> 	at org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameters(JAXRSUtils.java:789)
> 	at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:212)
> 	at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:77)
> 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> 	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> 	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:262)
> 	at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> 	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> 	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> 	at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180)
> 	at de.CXFServlet.invoke(CXFServlet.java:71)
> 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:299)
> 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:223)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
> 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:274)
> 	at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1290)
> ...
> 	at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.IllegalArgumentException: No enum constant de.MyEnum.
> 	at java.lang.Enum.valueOf(Enum.java:236)
> 	at de.MyEnum.valueOf(EndpointType.java:1)
> 	at sun.reflect.GeneratedMethodAccessor1111.invoke(Unknown Source)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java)
> 	at java.lang.reflect.Method.invoke(Method.java:606)
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.evaluateFactoryMethod(InjectionUtils.java:560)
> 	at org.apache.cxf.jaxrs.utils.InjectionUtils.evaluateFactoryMethods(InjectionUtils.java:527)
> 	... 51 common frames omitted
> }}
>     
>     
> org.apache.cxf.jaxrs.utils.InjectionUtils.handleParameter(String, boolean, Class<T>, Type, Annotation[], ParameterType, Message)
>     -> calls org.apache.cxf.jaxrs.utils.InjectionUtils.evaluateFactoryMethods(String, ParameterType, Object, Class<?>, String[])
>         using "fromString", "fromValue", "valueOf"
>         -> evaluateFactoryMethods continues with next method, if the first method returns null
>             -> as "fromString" returns "null" now (it is implemented), "fromValue" does not exists, it calls "valueOf" and that one cannot handle null, empty or blank Strings
>     -> and even, if evaluateFactoryMethods would return null, the handleParameter contains this check, that forbids null:
>         --- SNIP ---
>             if (result == null) {
>                 reportServerError("WRONG_PARAMETER_TYPE", pClass.getName());
>             }
>         --- SNAP ---



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)