You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2018/03/21 17:13:56 UTC
[cxf] 01/03: [CXF-7669/CXF-7520] Fix JSONProvider that may be
escaping strings via XML escape rules
This is an automated email from the ASF dual-hosted git repository.
dkulp pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit a8a9877e7c5ca191b2f584b33a50c324be2a2bd7
Author: Daniel Kulp <dk...@apache.org>
AuthorDate: Wed Mar 21 10:41:02 2018 -0400
[CXF-7669/CXF-7520] Fix JSONProvider that may be escaping strings via XML escape rules
---
core/src/main/java/org/apache/cxf/common/jaxb/JAXBUtils.java | 4 +++-
.../org/apache/cxf/jaxrs/provider/AbstractJAXBProvider.java | 1 -
.../org/apache/cxf/jaxrs/provider/JAXBElementProvider.java | 4 +++-
.../java/org/apache/cxf/jaxrs/provider/XSLTJaxbProvider.java | 1 +
.../org/apache/cxf/jaxrs/provider/json/JSONProvider.java | 1 +
.../apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java | 12 +++++++++---
6 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/core/src/main/java/org/apache/cxf/common/jaxb/JAXBUtils.java b/core/src/main/java/org/apache/cxf/common/jaxb/JAXBUtils.java
index fa28ee2..cf0a4d9 100644
--- a/core/src/main/java/org/apache/cxf/common/jaxb/JAXBUtils.java
+++ b/core/src/main/java/org/apache/cxf/common/jaxb/JAXBUtils.java
@@ -1563,7 +1563,9 @@ public final class JAXBUtils {
public static void setEscapeHandler(Marshaller marshaller, Object escapeHandler) {
try {
String postFix = getPostfix(marshaller.getClass());
- marshaller.setProperty("com.sun.xml" + postFix + ".bind.characterEscapeHandler", escapeHandler);
+ if (postFix != null) {
+ marshaller.setProperty("com.sun.xml" + postFix + ".bind.characterEscapeHandler", escapeHandler);
+ }
} catch (PropertyException e) {
LOG.log(Level.INFO, "Failed to set MinumEscapeHandler to jaxb marshaller", e);
}
diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/AbstractJAXBProvider.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/AbstractJAXBProvider.java
index e587b57..4b326ff 100644
--- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/AbstractJAXBProvider.java
+++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/AbstractJAXBProvider.java
@@ -627,7 +627,6 @@ public abstract class AbstractJAXBProvider<T> extends AbstractConfigurableProvid
if (marshallerListener != null) {
marshaller.setListener(marshallerListener);
}
- JAXBUtils.setMinimumEscapeHandler(marshaller);
validateObjectIfNeeded(marshaller, cls, obj);
return marshaller;
}
diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/JAXBElementProvider.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/JAXBElementProvider.java
index 966e339..e03a8b4 100644
--- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/JAXBElementProvider.java
+++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/JAXBElementProvider.java
@@ -542,7 +542,7 @@ public class JAXBElementProvider<T> extends AbstractJAXBProvider<T> {
return null;
}
//CHECKSTYLE:OFF
- protected void marshal(Object obj, Class<?> cls, Type genericType,
+ protected final void marshal(Object obj, Class<?> cls, Type genericType,
String enc, OutputStream os,
Annotation[] anns, MediaType mt, Marshaller ms)
throws Exception {
@@ -611,6 +611,7 @@ public class JAXBElementProvider<T> extends AbstractJAXBProvider<T> {
protected void marshalToOutputStream(Marshaller ms, Object obj, OutputStream os,
Annotation[] anns, MediaType mt)
throws Exception {
+ org.apache.cxf.common.jaxb.JAXBUtils.setMinimumEscapeHandler(ms);
if (os == null) {
Writer writer = getStreamHandlerFromCurrentMessage(Writer.class);
if (writer == null) {
@@ -627,6 +628,7 @@ public class JAXBElementProvider<T> extends AbstractJAXBProvider<T> {
protected void marshalToWriter(Marshaller ms, Object obj, XMLStreamWriter writer,
Annotation[] anns, MediaType mt)
throws Exception {
+ org.apache.cxf.common.jaxb.JAXBUtils.setNoEscapeHandler(ms);
ms.marshal(obj, writer);
}
diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/XSLTJaxbProvider.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/XSLTJaxbProvider.java
index d85a0da..e91f88e 100644
--- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/XSLTJaxbProvider.java
+++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/XSLTJaxbProvider.java
@@ -347,6 +347,7 @@ public class XSLTJaxbProvider<T> extends JAXBElementProvider<T> {
super.marshalToOutputStream(ms, obj, os, anns, mt);
return;
}
+ org.apache.cxf.common.jaxb.JAXBUtils.setMinimumEscapeHandler(ms);
TransformerHandler th = null;
try {
th = factory.newTransformerHandler(t);
diff --git a/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JSONProvider.java b/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JSONProvider.java
index 6926f54..dabe3ed 100644
--- a/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JSONProvider.java
+++ b/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JSONProvider.java
@@ -501,6 +501,7 @@ public class JSONProvider<T> extends AbstractJAXBProvider<T> {
if (namespaceMap.size() > 1 || namespaceMap.size() == 1 && !namespaceMap.containsKey(JSONUtils.XSI_URI)) {
setNamespaceMapper(ms, namespaceMap);
}
+ org.apache.cxf.common.jaxb.JAXBUtils.setNoEscapeHandler(ms);
ms.marshal(actualObject, writer);
writer.close();
if (os != actualOs) {
diff --git a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java
index 61dba7c..3fb110c 100644
--- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java
+++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java
@@ -946,7 +946,7 @@ public class JAXRSClientServerBookTest extends AbstractBusClientServerTestBase {
}
assertTrue("Did not contain JSESSIONID", hasJSESSION);
assertTrue("Did not contain dummy", hasDummy1);
- assertTrue("Did not contain dummy2", hasDummy1);
+ assertTrue("Did not contain dummy2", hasDummy2);
}
@@ -2087,10 +2087,16 @@ public class JAXRSClientServerBookTest extends AbstractBusClientServerTestBase {
@Test
public void testEchoBookElementWebClient() throws Exception {
WebClient wc = WebClient.create("http://localhost:" + PORT + "/bookstore/books/element/echo");
+ wc.type("application/xml").accept("application/json");
+ Book book = wc.post(new Book("\"Jack\" & \"Jill\"", 123L), Book.class);
+ assertEquals(123L, book.getId());
+ assertEquals("\"Jack\" & \"Jill\"", book.getName());
+
+ wc = WebClient.create("http://localhost:" + PORT + "/bookstore/books/element/echo");
wc.type("application/xml").accept("application/xml");
- Book book = wc.post(new Book("CXF", 123L), Book.class);
+ book = wc.post(new Book("Jack & Jill", 123L), Book.class);
assertEquals(123L, book.getId());
- assertEquals("CXF", book.getName());
+ assertEquals("Jack & Jill", book.getName());
}
@Test
--
To stop receiving notification emails like this one, please contact
dkulp@apache.org.