The issue here is whether SUPPORT_SINGLE_OP takes priority or the sequence
of deployers do. That is, right now it appears that SSO is tested at the
end of the dispatch phase .. which just makes sure that if that property
has been set it overrides everything else.
Service dispatch also happens in the dispatch phase often ... so I think
the code is right.
Sanjiva.
David Illsley wrote:
Um, presumably it should go after the RequestURIBasedDispatcher so you
don't have to redo the service dispatch?
David
On Dec 19, 2007 3:27 PM, Amila Suriarachchi <[EMAIL PROTECTED]> wrote:
On Dec 19, 2007 8:32 PM, David Illsley <[EMAIL PROTECTED]> wrote:
So what's the plan? Where are you going to move the code to?
yes. What I thought was to get this code to a separate dispatcher and set
this dispatcher as the first
dispatcher in the Transport phase.
Amila
David
On Dec 19, 2007 7:11 AM, Amila Suriarachchi < [EMAIL PROTECTED]>
wrote:
On Dec 19, 2007 10:00 AM, Amila Suriarachchi
<[EMAIL PROTECTED] >
wrote:
hi all,
1. Here is a code segment found in the
org.apache.axis2.engine.DispatchPhase
checkPostConditions method.
if (operation == null &&
JavaUtils.isTrue(service.getParameterValue
(AxisService.SUPPORT_SINGLE_OP))) {
Iterator ops = service.getOperations();
// If there's exactly one, that's the one we want. If
there's
more, forget it.
if (ops.hasNext ()) {
operation = (AxisOperation)ops.next();
if (ops.hasNext()) {
operation = null;
}
}
msgContext.setAxisOperation (operation);
}
What it basically doing is that dispatch the operation if the
AxisService.SUPPORT_SINGLE_OP parameter is set and
there is only one operation on it.
Isn't this dispatcher supposed to run just after service being
dispatched?
i.e as the first dispatcher of the Tranport phase.
Think about the scenario where this operation is engaged security. in
this
case it should dispatched before the security.
I think any dispatcher which is possible to run before the security
should
run before it.
I found this security hole and I the only option to fix it to add a
handler
as the last phase to dispatch
to check whether the security is applied or not.
https://issues.apache.org/jira/browse/RAMPART-127
So we need to move this before security definitely.
2. RequestURIBasedDispatcher and SOAPActionBasedDispatcher are both in
Transport and Dispatch phases.
Is there any reason for this? or is it an obsolete code to keep this
in
Dispatch phase?
Shall I do the above changes?
thanks,
Amila.
--
Amila Suriarachchi,
WSO2 Inc.
--
Amila Suriarachchi,
WSO2 Inc.
--
David Illsley - IBM Web Services Development
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Amila Suriarachchi,
WSO2 Inc.
--
Sanjiva Weerawarana, Ph.D.
Founder & Director; Lanka Software Foundation; http://www.opensource.lk/
Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/
Member; Apache Software Foundation; http://www.apache.org/
Visiting Lecturer; University of Moratuwa; http://www.cse.mrt.ac.lk/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]