Keith,
Do you consider this in scope for a security problem oriented 1.4.1 release?
-- dims
On Thu, Aug 7, 2008 at 12:56 AM, keith chapman <[EMAIL PROTECTED]> wrote:
> Here is the reason for adding the trailing "/"
>
> When a WSDL has a httpLocation that is resolved against the base URI, so
> lets assume a bindingOperation has whttp:laction="foo/{bar} and that this is
> exposed over 3 endpoints, SOAP 11 SOAP 12 and HTTP.
> for the SOAP 11 endpoint the address would be
> http://localhost:8080/axis2/services/fooService.SOAP11Endpoint/
> for the SOAP 11 endpoint the address would be
> http://localhost:8080/axis2/services/fooService.SOAP12Endpoint/
> for the SOAP 11 endpoint the address would be
> http://localhost:8080/axis2/services/fooService.HTTPEndpoint/
>
> Now the above works perfectly only if the trailing "/" is there. If its
> absent when http://localhost:8080/axis2/services/fooService.SOAP11Endpoint/
> is resolved agaist foo/{bar} the result would be
> http://localhost:8080/axis2/services/foo/{bar} which is incorrect.
>
> So that is the reason for having the trailing "/"
>
> Now the second point. Why did I remove it ;).
>
> Previously the trailing "/" was added in the AxisEndpoint class where the
> epr was calculated. This leads to undesirable issues when other transports
> are used. For e.g when JMS was used the endpoint address was
> jms:/fooService?transport.jms.ConnectionFactoryJNDIName=QueueConnectionFactory&java.naming.factory.initial=org.apache.activemq.jndi.ActiveMQInitialContextFactory&java.naming.provider.url=tcp://localhost:61616/
>
> If the dynamic mode of service client was used to write a client for this it
> would fail with a numberFormatException. All because of the trailing "/".
>
> The trailing "/" is needed only for the HTTP case. So it should be the duty
> of the httpListeners to add this trailing "/". This was the rationale for
> getting rid of this logic from the AxisEndpoint class and adding it to the
> http listeners.
>
> Thanks,
> Keith.
>
> On Wed, Aug 6, 2008 at 10:44 PM, Davanum Srinivas <[EMAIL PROTECTED]> wrote:
>>
>> Sorry! had to ask! and is this a security issue? Why is it even being
>> considered?
>>
>> -- dims
>>
>> On Wed, Aug 6, 2008 at 1:06 PM, Saminda Abeyruwan <[EMAIL PROTECTED]>
>> wrote:
>> > Is there any particular reason to add the tailing "/".
>> >
>> > Saminda
>> >
>> > On Wed, Aug 6, 2008 at 8:35 AM, Amila Suriarachchi
>> > <[EMAIL PROTECTED]> wrote:
>> >>
>> >> hi keith,
>> >>
>> >> is there any reason to remove the ending "/".
>> >> IMHO we should not remove this if there is no problem with that.
>> >> Because
>> >> someone may have written a code
>> >> by considering that "/"
>> >>
>> >> thanks,
>> >> Amila.
>> >>
>> >> On Tue, Aug 5, 2008 at 12:49 AM, <[EMAIL PROTECTED]> wrote:
>> >>>
>> >>> Author: keithc
>> >>> Date: Mon Aug 4 12:19:15 2008
>> >>> New Revision: 682470
>> >>>
>> >>> URL: http://svn.apache.org/viewvc?rev=682470&view=rev
>> >>> Log:
>> >>> Applying patch given by amila to Axis2-3961. Also getting rid of the
>> >>> trailing / added in axisEndpoint and adding it in the http related
>> >>> listeners
>> >>>
>> >>> Modified:
>> >>>
>> >>>
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>> >>>
>> >>>
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>> >>>
>> >>>
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>> >>>
>> >>>
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>> >>>
>> >>>
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>> >>>
>> >>>
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>> >>>
>> >>> Modified:
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>> >>> URL:
>> >>>
>> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java?rev=682470&r1=682469&r2=682470&view=diff
>> >>>
>> >>>
>> >>> ==============================================================================
>> >>> ---
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>> >>> (original)
>> >>> +++
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>> >>> Mon Aug 4 12:19:15 2008
>> >>> @@ -194,7 +194,7 @@
>> >>>
>> >>> .getEPRsForService(sDOTe, ip);
>> >>> // we consider only the first
>> >>> address return by the listener
>> >>> if (eprsForService != null &&
>> >>> eprsForService.length > 0) {
>> >>> - return
>> >>> eprsForService[0].getAddress() + "/";
>> >>> + return
>> >>> eprsForService[0].getAddress();
>> >>> }
>> >>> } catch (SocketException e) {
>> >>> logger.warn(e.getMessage(), e);
>> >>>
>> >>> Modified:
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>> >>> URL:
>> >>>
>> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java?rev=682470&r1=682469&r2=682470&view=diff
>> >>>
>> >>>
>> >>> ==============================================================================
>> >>> ---
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>> >>> (original)
>> >>> +++
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>> >>> Mon Aug 4 12:19:15 2008
>> >>> @@ -590,7 +590,7 @@
>> >>> endpointRefernce = endpointRefernce + '/' +
>> >>> configContext.getServiceContextPath() + "/" +
>> >>> serviceName;
>> >>> }
>> >>> - EndpointReference endpoint = new
>> >>> EndpointReference(endpointRefernce);
>> >>> + EndpointReference endpoint = new
>> >>> EndpointReference(endpointRefernce + "/");
>> >>>
>> >>> return new EndpointReference[]{endpoint};
>> >>> }
>> >>>
>> >>> Modified:
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>> >>> URL:
>> >>>
>> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java?rev=682470&r1=682469&r2=682470&view=diff
>> >>>
>> >>>
>> >>> ==============================================================================
>> >>> ---
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>> >>> (original)
>> >>> +++
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>> >>> Mon Aug 4 12:19:15 2008
>> >>> @@ -71,7 +71,7 @@
>> >>> if(path.charAt(0)!='/'){
>> >>> path = '/' + path;
>> >>> }
>> >>> - return new EndpointReference[]{new EndpointReference(schema +
>> >>> "://" + ip + ":" + port + path )};
>> >>> + return new EndpointReference[]{new EndpointReference(schema +
>> >>> "://" + ip + ":" + port + path + "/" )};
>> >>> }
>> >>>
>> >>> public EndpointReference getEPRForService(String serviceName,
>> >>> String
>> >>> ip) throws AxisFault {
>> >>>
>> >>> Modified:
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>> >>> URL:
>> >>>
>> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java?rev=682470&r1=682469&r2=682470&view=diff
>> >>>
>> >>>
>> >>> ==============================================================================
>> >>> ---
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>> >>> (original)
>> >>> +++
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>> >>> Mon Aug 4 12:19:15 2008
>> >>> @@ -262,7 +262,7 @@
>> >>> endpointRefernce = endpointRefernce + '/' +
>> >>>
>> >>> configurationContext.getServiceContextPath()
>> >>> + "/" + serviceName;
>> >>> }
>> >>> - return new EndpointReference[]{new
>> >>> EndpointReference(endpointRefernce)};
>> >>> + return new EndpointReference[]{new
>> >>> EndpointReference(endpointRefernce + "/")};
>> >>> } else {
>> >>> throw new AxisFault("Unable to generate EPR for the
>> >>> transport : http");
>> >>> }
>> >>> @@ -296,7 +296,7 @@
>> >>> }
>> >>>
>> >>>
>> >>> - return new EndpointReference[]{new
>> >>> EndpointReference(endpointRefernce)};
>> >>> + return new EndpointReference[]{new
>> >>> EndpointReference(endpointRefernce + "/")};
>> >>> } else {
>> >>> throw new AxisFault("Unable to generate EPR for the
>> >>> transport
>> >>> : http");
>> >>> }
>> >>>
>> >>> Modified:
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>> >>> URL:
>> >>>
>> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java?rev=682470&r1=682469&r2=682470&view=diff
>> >>>
>> >>>
>> >>> ==============================================================================
>> >>> ---
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>> >>> (original)
>> >>> +++
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>> >>> Mon Aug 4 12:19:15 2008
>> >>> @@ -350,8 +350,15 @@
>> >>> if (serviceName.indexOf('/') != -1) {
>> >>> serviceName = serviceName.substring(0,
>> >>> serviceName.indexOf('/'));
>> >>> }
>> >>> - return new EndpointReference[]{
>> >>> - new EndpointReference((String)
>> >>> serviceNameToEprMap.get(serviceName))};
>> >>> +
>> >>> + String endpointName = (String)
>> >>> serviceNameToEprMap.get(serviceName);
>> >>> + if (endpointName == null){
>> >>> + if (serviceName.indexOf(".") != -1){
>> >>> + serviceName = serviceName.substring(0,
>> >>> serviceName.indexOf("."));
>> >>> + endpointName = (String)
>> >>> serviceNameToEprMap.get(serviceName);
>> >>> + }
>> >>> + }
>> >>> + return new EndpointReference[]{new
>> >>> EndpointReference(endpointName)};
>> >>> }
>> >>>
>> >>> /**
>> >>>
>> >>> Modified:
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>> >>> URL:
>> >>>
>> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java?rev=682470&r1=682469&r2=682470&view=diff
>> >>>
>> >>>
>> >>> ==============================================================================
>> >>> ---
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>> >>> (original)
>> >>> +++
>> >>>
>> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>> >>> Mon Aug 4 12:19:15 2008
>> >>> @@ -222,7 +222,7 @@
>> >>> * Return the EPR for the given service (implements deprecated
>> >>> method
>> >>> temporarily)
>> >>> */
>> >>> public EndpointReference getEPRForService(String serviceName,
>> >>> String
>> >>> ip) throws AxisFault {
>> >>> - return new EndpointReference(serviceEPRPrefix + serviceName);
>> >>> + return new EndpointReference(serviceEPRPrefix + serviceName +
>> >>> "/");
>> >>> }
>> >>>
>> >>> /**
>> >>> @@ -234,7 +234,7 @@
>> >>> */
>> >>> public EndpointReference[] getEPRsForService(String serviceName,
>> >>> String ip) throws AxisFault {
>> >>> EndpointReference[] endpointReferences = new
>> >>> EndpointReference[1];
>> >>> - endpointReferences[0] = new
>> >>> EndpointReference(serviceEPRPrefix +
>> >>> serviceName);
>> >>> + endpointReferences[0] = new
>> >>> EndpointReference(serviceEPRPrefix +
>> >>> serviceName + "/");
>> >>> return endpointReferences;
>> >>> }
>> >>>
>> >>>
>> >>>
>> >>
>> >>
>> >>
>> >> --
>> >> Amila Suriarachchi,
>> >> WSO2 Inc.
>> >
>> >
>>
>>
>>
>> --
>> Davanum Srinivas :: http://davanum.wordpress.com
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>
>
>
> --
> Keith Chapman
> Senior Software Engineer
> WSO2 Inc.
> Oxygenating the Web Service Platform.
> http://wso2.org/
>
> blog: http://www.keith-chapman.org
>
--
Davanum Srinivas :: http://davanum.wordpress.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
