Re: [Axis2] Dispatch order

Wed, 19 Dec 2007 07:03:23 -0800 

So what's the plan? Where are you going to move the code to?
David

On Dec 19, 2007 7:11 AM, Amila Suriarachchi <[EMAIL PROTECTED]> wrote:
>
>
>
> On Dec 19, 2007 10:00 AM, Amila Suriarachchi <[EMAIL PROTECTED]>
> wrote:
> > hi all,
> >
> > 1. Here is a code segment found in the
> org.apache.axis2.engine.DispatchPhase
> > checkPostConditions method.
> >
> > if (operation == null &&
> >                 JavaUtils.isTrue(service.getParameterValue
> (AxisService.SUPPORT_SINGLE_OP))) {
> >             Iterator ops = service.getOperations();
> >             // If there's exactly one, that's the one we want.  If there's
> more, forget it.
> >             if (ops.hasNext ()) {
> >                 operation = (AxisOperation)ops.next();
> >                 if (ops.hasNext()) {
> >                     operation = null;
> >                 }
> >             }
> >             msgContext.setAxisOperation (operation);
> >         }
> >
> > What it basically doing is that dispatch the operation if the
> AxisService.SUPPORT_SINGLE_OP parameter is set and
> > there is only one operation on it.
> > Isn't this dispatcher supposed to run just after service being dispatched?
> i.e as the first dispatcher of the Tranport phase.
> >
> > Think about the scenario where this operation is engaged security. in this
> case it should dispatched before the security.
> >
> > I think any dispatcher which is possible to run before the security should
> run before it.
>
> I found this security hole  and I the only option to fix it to add a handler
> as the last phase to dispatch
> to check whether the security is applied or not.
>  https://issues.apache.org/jira/browse/RAMPART-127
>
> So we need to move this before security definitely.
>
> >
> >
> > 2. RequestURIBasedDispatcher and SOAPActionBasedDispatcher are both in
> Transport and Dispatch phases.
> > Is there any reason for this? or is it an obsolete code to keep this in
> Dispatch phase?
> >
> > Shall I do the above changes?
> >
> > thanks,
> > Amila.
> >
> >
> >
> >
> > --
> > Amila Suriarachchi,
> > WSO2 Inc.
>
>
>
> --
> Amila Suriarachchi,
> WSO2 Inc.



-- 
David Illsley - IBM Web Services Development

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to