You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Michael Decker (JIRA)" <ji...@apache.org> on 2017/07/27 14:13:00 UTC
[jira] [Commented] (CXF-7456) empty query string injects into enum
type will lead 404 error
[ https://issues.apache.org/jira/browse/CXF-7456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16103251#comment-16103251 ]
Michael Decker commented on CXF-7456:
-------------------------------------
Perhaps it would already solve this issue, if this first line of the method "handleParameter"
--- SNIP ---
if (value == null) {
return null;
}
--- SNAP ---
would be adjusted to
--- SNIP ---
if (value == null || value.isEmpty()) {
return null;
}
--- SNAP ---
but perhaps allowing to returning "null" from "fromString" could be the more safe implementation
> empty query string injects into enum type will lead 404 error
> -------------------------------------------------------------
>
> Key: CXF-7456
> URL: https://issues.apache.org/jira/browse/CXF-7456
> Project: CXF
> Issue Type: Bug
> Components: Core, JAX-RS
> Affects Versions: 3.1.11
> Reporter: Michael Decker
>
> This issue is similar to CXF-7307.
> The http request:
> GET /demo-provider/v1.0/users/beanparam?a= HTTP/1.1
> HOST: localhost:8080
> accept: application/json
> content-type: application/json
> The resource method returns null:
> public String beanParam(@QueryParam("a") MyEnum a)
> { return ""+a; }
> javax.ws.rs.ClientErrorException: HTTP 404 Not Found
> {{
> 2017-07-27 14:51:34.325 [Default Executor-thread-117] DEBUG d.k.i.a.e.h.WebApplicationExceptionHandler toResponse[30]: Build webapplication error response [exceptionMessage=HTTP 404 Not Found]
> javax.ws.rs.WebApplicationException: HTTP 404 Not Found
> at org.apache.cxf.jaxrs.utils.InjectionUtils.evaluateFactoryMethods(InjectionUtils.java:546)
> at org.apache.cxf.jaxrs.utils.InjectionUtils.handleParameter(InjectionUtils.java:457)
> at org.apache.cxf.jaxrs.utils.InjectionUtils.injectIntoCollectionOrArray(InjectionUtils.java:931)
> at org.apache.cxf.jaxrs.utils.InjectionUtils.createParameterObject(InjectionUtils.java:1003)
> at org.apache.cxf.jaxrs.utils.JAXRSUtils.readQueryString(JAXRSUtils.java:1192)
> at org.apache.cxf.jaxrs.utils.JAXRSUtils.createHttpParameterValue(JAXRSUtils.java:868)
> at org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameter(JAXRSUtils.java:838)
> at org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameters(JAXRSUtils.java:789)
> at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:212)
> at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:77)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:262)
> at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180)
> at de.CXFServlet.invoke(CXFServlet.java:71)
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:299)
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:223)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:274)
> at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1290)
> ...
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.IllegalArgumentException: No enum constant de.MyEnum.
> at java.lang.Enum.valueOf(Enum.java:236)
> at de.MyEnum.valueOf(EndpointType.java:1)
> at sun.reflect.GeneratedMethodAccessor1111.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.apache.cxf.jaxrs.utils.InjectionUtils.evaluateFactoryMethod(InjectionUtils.java:560)
> at org.apache.cxf.jaxrs.utils.InjectionUtils.evaluateFactoryMethods(InjectionUtils.java:527)
> ... 51 common frames omitted
> }}
>
>
> org.apache.cxf.jaxrs.utils.InjectionUtils.handleParameter(String, boolean, Class<T>, Type, Annotation[], ParameterType, Message)
> -> calls org.apache.cxf.jaxrs.utils.InjectionUtils.evaluateFactoryMethods(String, ParameterType, Object, Class<?>, String[])
> using "fromString", "fromValue", "valueOf"
> -> evaluateFactoryMethods continues with next method, if the first method returns null
> -> as "fromString" returns "null" now (it is implemented), "fromValue" does not exists, it calls "valueOf" and that one cannot handle null, empty or blank Strings
> -> and even, if evaluateFactoryMethods would return null, the handleParameter contains this check, that forbids null:
> --- SNIP ---
> if (result == null) {
> reportServerError("WRONG_PARAMETER_TYPE", pClass.getName());
> }
> --- SNAP ---
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)