You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ff...@apache.org on 2011/02/23 09:21:10 UTC
svn commit: r1073632 - in /cxf/branches/2.3.x-fixes: ./
common/common/src/main/java/org/apache/cxf/staxutils/
systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/
systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/resources/
Author: ffang
Date: Wed Feb 23 08:21:10 2011
New Revision: 1073632
URL: http://svn.apache.org/viewvc?rev=1073632&view=rev
Log:
Merged revisions 1073631 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1073631 | ffang | 2011-02-23 16:14:53 +0800 (δΈ‰, 23 2 2011) | 1 line
[CXF-3359]introduce a threshold system property for staxutils to avoid parsing message with unreasonable element count
........
Added:
cxf/branches/2.3.x-fixes/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/ResponseInterceptorType.java
- copied unchanged from r1073631, cxf/trunk/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/ResponseInterceptorType.java
cxf/branches/2.3.x-fixes/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/resources/GreetMeDocLiteralRespBreakElementCountThreshold.xml
- copied unchanged from r1073631, cxf/trunk/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/resources/GreetMeDocLiteralRespBreakElementCountThreshold.xml
Modified:
cxf/branches/2.3.x-fixes/ (props changed)
cxf/branches/2.3.x-fixes/common/common/src/main/java/org/apache/cxf/staxutils/StaxUtils.java
cxf/branches/2.3.x-fixes/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/DispatchClientServerWithHugeResponseTest.java
cxf/branches/2.3.x-fixes/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/HugeResponseInterceptor.java
Propchange: cxf/branches/2.3.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.3.x-fixes/common/common/src/main/java/org/apache/cxf/staxutils/StaxUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/common/common/src/main/java/org/apache/cxf/staxutils/StaxUtils.java?rev=1073632&r1=1073631&r2=1073632&view=diff
==============================================================================
--- cxf/branches/2.3.x-fixes/common/common/src/main/java/org/apache/cxf/staxutils/StaxUtils.java (original)
+++ cxf/branches/2.3.x-fixes/common/common/src/main/java/org/apache/cxf/staxutils/StaxUtils.java Wed Feb 23 08:21:10 2011
@@ -95,6 +95,7 @@ public final class StaxUtils {
};
private static int innerElementLevelThreshold = -1;
+ private static int innerElementCountThreshold = -1;
static {
int i = 20;
@@ -122,6 +123,17 @@ public final class StaxUtils {
if (innerElementLevelThreshold <= 0) {
innerElementLevelThreshold = -1;
}
+ try {
+ String s = System.getProperty("org.apache.cxf.staxutils.innerElementCountThreshold",
+ "-1");
+ innerElementCountThreshold = Integer.parseInt(s);
+ } catch (Throwable t) {
+ innerElementCountThreshold = -1;
+ }
+ if (innerElementCountThreshold <= 0) {
+ innerElementCountThreshold = -1;
+ }
+
}
@@ -938,9 +950,11 @@ public final class StaxUtils {
throws XMLStreamException {
Stack<Node> stack = new Stack<Node>();
int event = reader.getEventType();
+ int elementCount = 0;
while (reader.hasNext()) {
switch (event) {
case XMLStreamConstants.START_ELEMENT: {
+ elementCount++;
Element e = doc.createElementNS(reader.getNamespaceURI(), reader.getLocalName());
if (reader.getPrefix() != null) {
e.setPrefix(reader.getPrefix());
@@ -976,6 +990,11 @@ public final class StaxUtils {
throw new RuntimeException("reach the innerElementLevelThreshold:"
+ innerElementLevelThreshold);
}
+ if (isThreshold && innerElementCountThreshold != -1
+ && elementCount >= innerElementCountThreshold) {
+ throw new RuntimeException("reach the innerElementCountThreshold:"
+ + innerElementCountThreshold);
+ }
parent = e;
break;
}
Modified: cxf/branches/2.3.x-fixes/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/DispatchClientServerWithHugeResponseTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/DispatchClientServerWithHugeResponseTest.java?rev=1073632&r1=1073631&r2=1073632&view=diff
==============================================================================
--- cxf/branches/2.3.x-fixes/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/DispatchClientServerWithHugeResponseTest.java (original)
+++ cxf/branches/2.3.x-fixes/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/DispatchClientServerWithHugeResponseTest.java Wed Feb 23 08:21:10 2011
@@ -88,6 +88,7 @@ public class DispatchClientServerWithHug
@org.junit.Before
public void setUp() {
System.setProperty("org.apache.cxf.staxutils.innerElementLevelThreshold", "12");
+ System.setProperty("org.apache.cxf.staxutils.innerElementCountThreshold", "12");
BusFactory.getDefaultBus().getOutInterceptors().add(new LoggingOutInterceptor());
BusFactory.getDefaultBus().getInInterceptors().add(new LoggingInInterceptor());
}
@@ -96,7 +97,8 @@ public class DispatchClientServerWithHug
@Test
public void testStackOverflowErrorForSOAPMessageWithHugeResponse() throws Exception {
- HugeResponseInterceptor hugeResponseInterceptor = new HugeResponseInterceptor(true);
+ HugeResponseInterceptor hugeResponseInterceptor =
+ new HugeResponseInterceptor(ResponseInterceptorType.overflow);
BusFactory.getDefaultBus().getInInterceptors().add(hugeResponseInterceptor);
URL wsdl = getClass().getResource("/wsdl/hello_world.wsdl");
assertNotNull(wsdl);
@@ -132,7 +134,8 @@ public class DispatchClientServerWithHug
@Test
public void testThresholdfForSOAPMessageWithHugeResponse() throws Exception {
- HugeResponseInterceptor hugeResponseInterceptor = new HugeResponseInterceptor(false);
+ HugeResponseInterceptor hugeResponseInterceptor =
+ new HugeResponseInterceptor(ResponseInterceptorType.ElementLevelThreshold);
BusFactory.getDefaultBus().getInInterceptors().add(hugeResponseInterceptor);
URL wsdl = getClass().getResource("/wsdl/hello_world.wsdl");
assertNotNull(wsdl);
@@ -166,4 +169,41 @@ public class DispatchClientServerWithHug
}
+ @Test
+ public void testElementCountThresholdfForSOAPMessageWithHugeResponse() throws Exception {
+ HugeResponseInterceptor hugeResponseInterceptor =
+ new HugeResponseInterceptor(ResponseInterceptorType.ElementCountThreshold);
+ BusFactory.getDefaultBus().getInInterceptors().add(hugeResponseInterceptor);
+ URL wsdl = getClass().getResource("/wsdl/hello_world.wsdl");
+ assertNotNull(wsdl);
+
+ SOAPService service = new SOAPService(wsdl, SERVICE_NAME);
+ assertNotNull(service);
+
+ Dispatch<SOAPMessage> disp = service
+ .createDispatch(PORT_NAME, SOAPMessage.class, Service.Mode.MESSAGE);
+ disp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
+ "http://localhost:"
+ + greeterPort
+ + "/SOAPDispatchService/SoapDispatchPort");
+
+
+
+ InputStream is3 = getClass().getResourceAsStream("resources/GreetMeDocLiteralReq3.xml");
+ SOAPMessage soapReqMsg3 = MessageFactory.newInstance().createMessage(null, is3);
+ assertNotNull(soapReqMsg3);
+ Response<SOAPMessage> response = disp.invokeAsync(soapReqMsg3);
+ try {
+ response.get(300, TimeUnit.SECONDS);
+ fail("should catch exception");
+ } catch (TimeoutException te) {
+ fail("We should not have encountered a timeout, "
+ + "should get some exception tell me stackoverflow");
+ } catch (Throwable e) {
+ assertTrue(e.getCause().getMessage().startsWith("reach the innerElementCountThreshold"));
+ } finally {
+ BusFactory.getDefaultBus().getInInterceptors().remove(hugeResponseInterceptor);
+ }
+
+ }
}
Modified: cxf/branches/2.3.x-fixes/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/HugeResponseInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/HugeResponseInterceptor.java?rev=1073632&r1=1073631&r2=1073632&view=diff
==============================================================================
--- cxf/branches/2.3.x-fixes/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/HugeResponseInterceptor.java (original)
+++ cxf/branches/2.3.x-fixes/systests/jaxws/src/test/java/org/apache/cxf/systest/dispatch/HugeResponseInterceptor.java Wed Feb 23 08:21:10 2011
@@ -31,18 +31,18 @@ import org.apache.cxf.phase.AbstractPhas
import org.apache.cxf.phase.Phase;
public class HugeResponseInterceptor extends AbstractPhaseInterceptor<Message> {
- private boolean isStackOverFlow;
+ private ResponseInterceptorType type;
- public HugeResponseInterceptor(boolean isStackOverFlow) {
+ public HugeResponseInterceptor(ResponseInterceptorType type) {
super(Phase.RECEIVE);
addAfter(LoggingInInterceptor.class.getName());
- this.isStackOverFlow = isStackOverFlow;
+ this.type = type;
}
public void handleMessage(Message message) throws Fault {
- if (isStackOverFlow) {
+ if (type.equals(ResponseInterceptorType.overflow)) {
throw new StackOverflowError();
- } else {
+ } else if (type.equals(ResponseInterceptorType.ElementLevelThreshold)) {
InputStream is = message.getContent(InputStream.class);
if (is != null) {
CachedOutputStream bos = new CachedOutputStream();
@@ -59,6 +59,24 @@ public class HugeResponseInterceptor ext
throw new Fault(e);
}
}
+ } else if (type.equals(ResponseInterceptorType.ElementCountThreshold)) {
+ InputStream is = message.getContent(InputStream.class);
+ if (is != null) {
+ CachedOutputStream bos = new CachedOutputStream();
+ try {
+ is = getClass().getClassLoader().getResourceAsStream(
+ "org/apache/cxf/systest/dispatch/resources/"
+ + "GreetMeDocLiteralRespBreakElementCountThreshold.xml");
+ IOUtils.copy(is, bos);
+ bos.flush();
+ is.close();
+ message.setContent(InputStream.class, bos.getInputStream());
+ bos.close();
+ message.setContent(InputStream.class, bos.getInputStream());
+ } catch (IOException e) {
+ throw new Fault(e);
+ }
+ }
}
}