Guess it really does not matter anymore...we have hit the slippery
slope at full tilt. Let's see where we end up when we finally ship
1.4.1. maybe we should stop calling it 1.4.1 because it is not tiny
release anymore.
-- dims
On Thu, Aug 7, 2008 at 4:34 AM, keith chapman <[EMAIL PROTECTED]> wrote:
> Hi Dims,
>
> I agree that its not a security problem. But REST stuff via WSDL 2.0 would
> not work without this fix. Which means that REST via WSDL 2.0 is broken in
> Axis 2 1.4. We agreed that if there are critical fixes we would put them
> into this release. And this IS a critical fix.
>
> Thanks,
> Keith.
>
> On Thu, Aug 7, 2008 at 11:18 AM, Davanum Srinivas <[EMAIL PROTECTED]> wrote:
>>
>> Keith,
>>
>> Do you consider this in scope for a security problem oriented 1.4.1
>> release?
>>
>> -- dims
>>
>> On Thu, Aug 7, 2008 at 12:56 AM, keith chapman <[EMAIL PROTECTED]>
>> wrote:
>> > Here is the reason for adding the trailing "/"
>> >
>> > When a WSDL has a httpLocation that is resolved against the base URI, so
>> > lets assume a bindingOperation has whttp:laction="foo/{bar} and that
>> > this is
>> > exposed over 3 endpoints, SOAP 11 SOAP 12 and HTTP.
>> > for the SOAP 11 endpoint the address would be
>> > http://localhost:8080/axis2/services/fooService.SOAP11Endpoint/
>> > for the SOAP 11 endpoint the address would be
>> > http://localhost:8080/axis2/services/fooService.SOAP12Endpoint/
>> > for the SOAP 11 endpoint the address would be
>> > http://localhost:8080/axis2/services/fooService.HTTPEndpoint/
>> >
>> > Now the above works perfectly only if the trailing "/" is there. If its
>> > absent when
>> > http://localhost:8080/axis2/services/fooService.SOAP11Endpoint/
>> > is resolved agaist foo/{bar} the result would be
>> > http://localhost:8080/axis2/services/foo/{bar} which is incorrect.
>> >
>> > So that is the reason for having the trailing "/"
>> >
>> > Now the second point. Why did I remove it ;).
>> >
>> > Previously the trailing "/" was added in the AxisEndpoint class where
>> > the
>> > epr was calculated. This leads to undesirable issues when other
>> > transports
>> > are used. For e.g when JMS was used the endpoint address was
>> >
>> > jms:/fooService?transport.jms.ConnectionFactoryJNDIName=QueueConnectionFactory&java.naming.factory.initial=org.apache.activemq.jndi.ActiveMQInitialContextFactory&java.naming.provider.url=tcp://localhost:61616/
>> >
>> > If the dynamic mode of service client was used to write a client for
>> > this it
>> > would fail with a numberFormatException. All because of the trailing
>> > "/".
>> >
>> > The trailing "/" is needed only for the HTTP case. So it should be the
>> > duty
>> > of the httpListeners to add this trailing "/". This was the rationale
>> > for
>> > getting rid of this logic from the AxisEndpoint class and adding it to
>> > the
>> > http listeners.
>> >
>> > Thanks,
>> > Keith.
>> >
>> > On Wed, Aug 6, 2008 at 10:44 PM, Davanum Srinivas <[EMAIL PROTECTED]>
>> > wrote:
>> >>
>> >> Sorry! had to ask! and is this a security issue? Why is it even being
>> >> considered?
>> >>
>> >> -- dims
>> >>
>> >> On Wed, Aug 6, 2008 at 1:06 PM, Saminda Abeyruwan <[EMAIL PROTECTED]>
>> >> wrote:
>> >> > Is there any particular reason to add the tailing "/".
>> >> >
>> >> > Saminda
>> >> >
>> >> > On Wed, Aug 6, 2008 at 8:35 AM, Amila Suriarachchi
>> >> > <[EMAIL PROTECTED]> wrote:
>> >> >>
>> >> >> hi keith,
>> >> >>
>> >> >> is there any reason to remove the ending "/".
>> >> >> IMHO we should not remove this if there is no problem with that.
>> >> >> Because
>> >> >> someone may have written a code
>> >> >> by considering that "/"
>> >> >>
>> >> >> thanks,
>> >> >> Amila.
>> >> >>
>> >> >> On Tue, Aug 5, 2008 at 12:49 AM, <[EMAIL PROTECTED]> wrote:
>> >> >>>
>> >> >>> Author: keithc
>> >> >>> Date: Mon Aug 4 12:19:15 2008
>> >> >>> New Revision: 682470
>> >> >>>
>> >> >>> URL: http://svn.apache.org/viewvc?rev=682470&view=rev
>> >> >>> Log:
>> >> >>> Applying patch given by amila to Axis2-3961. Also getting rid of
>> >> >>> the
>> >> >>> trailing / added in axisEndpoint and adding it in the http related
>> >> >>> listeners
>> >> >>>
>> >> >>> Modified:
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>> >> >>>
>> >> >>> Modified:
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>> >> >>> URL:
>> >> >>>
>> >> >>>
>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java?rev=682470&r1=682469&r2=682470&view=diff
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> ==============================================================================
>> >> >>> ---
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>> >> >>> (original)
>> >> >>> +++
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java
>> >> >>> Mon Aug 4 12:19:15 2008
>> >> >>> @@ -194,7 +194,7 @@
>> >> >>>
>> >> >>> .getEPRsForService(sDOTe, ip);
>> >> >>> // we consider only the
>> >> >>> first
>> >> >>> address return by the listener
>> >> >>> if (eprsForService != null
>> >> >>> &&
>> >> >>> eprsForService.length > 0) {
>> >> >>> - return
>> >> >>> eprsForService[0].getAddress() + "/";
>> >> >>> + return
>> >> >>> eprsForService[0].getAddress();
>> >> >>> }
>> >> >>> } catch (SocketException e) {
>> >> >>> logger.warn(e.getMessage(),
>> >> >>> e);
>> >> >>>
>> >> >>> Modified:
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>> >> >>> URL:
>> >> >>>
>> >> >>>
>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java?rev=682470&r1=682469&r2=682470&view=diff
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> ==============================================================================
>> >> >>> ---
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>> >> >>> (original)
>> >> >>> +++
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java
>> >> >>> Mon Aug 4 12:19:15 2008
>> >> >>> @@ -590,7 +590,7 @@
>> >> >>> endpointRefernce = endpointRefernce + '/' +
>> >> >>> configContext.getServiceContextPath() + "/" +
>> >> >>> serviceName;
>> >> >>> }
>> >> >>> - EndpointReference endpoint = new
>> >> >>> EndpointReference(endpointRefernce);
>> >> >>> + EndpointReference endpoint = new
>> >> >>> EndpointReference(endpointRefernce + "/");
>> >> >>>
>> >> >>> return new EndpointReference[]{endpoint};
>> >> >>> }
>> >> >>>
>> >> >>> Modified:
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>> >> >>> URL:
>> >> >>>
>> >> >>>
>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java?rev=682470&r1=682469&r2=682470&view=diff
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> ==============================================================================
>> >> >>> ---
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>> >> >>> (original)
>> >> >>> +++
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java
>> >> >>> Mon Aug 4 12:19:15 2008
>> >> >>> @@ -71,7 +71,7 @@
>> >> >>> if(path.charAt(0)!='/'){
>> >> >>> path = '/' + path;
>> >> >>> }
>> >> >>> - return new EndpointReference[]{new
>> >> >>> EndpointReference(schema +
>> >> >>> "://" + ip + ":" + port + path )};
>> >> >>> + return new EndpointReference[]{new
>> >> >>> EndpointReference(schema +
>> >> >>> "://" + ip + ":" + port + path + "/" )};
>> >> >>> }
>> >> >>>
>> >> >>> public EndpointReference getEPRForService(String serviceName,
>> >> >>> String
>> >> >>> ip) throws AxisFault {
>> >> >>>
>> >> >>> Modified:
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>> >> >>> URL:
>> >> >>>
>> >> >>>
>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java?rev=682470&r1=682469&r2=682470&view=diff
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> ==============================================================================
>> >> >>> ---
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>> >> >>> (original)
>> >> >>> +++
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java
>> >> >>> Mon Aug 4 12:19:15 2008
>> >> >>> @@ -262,7 +262,7 @@
>> >> >>> endpointRefernce = endpointRefernce + '/' +
>> >> >>>
>> >> >>> configurationContext.getServiceContextPath()
>> >> >>> + "/" + serviceName;
>> >> >>> }
>> >> >>> - return new EndpointReference[]{new
>> >> >>> EndpointReference(endpointRefernce)};
>> >> >>> + return new EndpointReference[]{new
>> >> >>> EndpointReference(endpointRefernce + "/")};
>> >> >>> } else {
>> >> >>> throw new AxisFault("Unable to generate EPR for the
>> >> >>> transport : http");
>> >> >>> }
>> >> >>> @@ -296,7 +296,7 @@
>> >> >>> }
>> >> >>>
>> >> >>>
>> >> >>> - return new EndpointReference[]{new
>> >> >>> EndpointReference(endpointRefernce)};
>> >> >>> + return new EndpointReference[]{new
>> >> >>> EndpointReference(endpointRefernce + "/")};
>> >> >>> } else {
>> >> >>> throw new AxisFault("Unable to generate EPR for the
>> >> >>> transport
>> >> >>> : http");
>> >> >>> }
>> >> >>>
>> >> >>> Modified:
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>> >> >>> URL:
>> >> >>>
>> >> >>>
>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java?rev=682470&r1=682469&r2=682470&view=diff
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> ==============================================================================
>> >> >>> ---
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>> >> >>> (original)
>> >> >>> +++
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java
>> >> >>> Mon Aug 4 12:19:15 2008
>> >> >>> @@ -350,8 +350,15 @@
>> >> >>> if (serviceName.indexOf('/') != -1) {
>> >> >>> serviceName = serviceName.substring(0,
>> >> >>> serviceName.indexOf('/'));
>> >> >>> }
>> >> >>> - return new EndpointReference[]{
>> >> >>> - new EndpointReference((String)
>> >> >>> serviceNameToEprMap.get(serviceName))};
>> >> >>> +
>> >> >>> + String endpointName = (String)
>> >> >>> serviceNameToEprMap.get(serviceName);
>> >> >>> + if (endpointName == null){
>> >> >>> + if (serviceName.indexOf(".") != -1){
>> >> >>> + serviceName = serviceName.substring(0,
>> >> >>> serviceName.indexOf("."));
>> >> >>> + endpointName = (String)
>> >> >>> serviceNameToEprMap.get(serviceName);
>> >> >>> + }
>> >> >>> + }
>> >> >>> + return new EndpointReference[]{new
>> >> >>> EndpointReference(endpointName)};
>> >> >>> }
>> >> >>>
>> >> >>> /**
>> >> >>>
>> >> >>> Modified:
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>> >> >>> URL:
>> >> >>>
>> >> >>>
>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java?rev=682470&r1=682469&r2=682470&view=diff
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> ==============================================================================
>> >> >>> ---
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>> >> >>> (original)
>> >> >>> +++
>> >> >>>
>> >> >>>
>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java
>> >> >>> Mon Aug 4 12:19:15 2008
>> >> >>> @@ -222,7 +222,7 @@
>> >> >>> * Return the EPR for the given service (implements deprecated
>> >> >>> method
>> >> >>> temporarily)
>> >> >>> */
>> >> >>> public EndpointReference getEPRForService(String serviceName,
>> >> >>> String
>> >> >>> ip) throws AxisFault {
>> >> >>> - return new EndpointReference(serviceEPRPrefix +
>> >> >>> serviceName);
>> >> >>> + return new EndpointReference(serviceEPRPrefix +
>> >> >>> serviceName +
>> >> >>> "/");
>> >> >>> }
>> >> >>>
>> >> >>> /**
>> >> >>> @@ -234,7 +234,7 @@
>> >> >>> */
>> >> >>> public EndpointReference[] getEPRsForService(String
>> >> >>> serviceName,
>> >> >>> String ip) throws AxisFault {
>> >> >>> EndpointReference[] endpointReferences = new
>> >> >>> EndpointReference[1];
>> >> >>> - endpointReferences[0] = new
>> >> >>> EndpointReference(serviceEPRPrefix +
>> >> >>> serviceName);
>> >> >>> + endpointReferences[0] = new
>> >> >>> EndpointReference(serviceEPRPrefix +
>> >> >>> serviceName + "/");
>> >> >>> return endpointReferences;
>> >> >>> }
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>
>> >> >>
>> >> >>
>> >> >> --
>> >> >> Amila Suriarachchi,
>> >> >> WSO2 Inc.
>> >> >
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Davanum Srinivas :: http://davanum.wordpress.com
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >>
>> >
>> >
>> >
>> > --
>> > Keith Chapman
>> > Senior Software Engineer
>> > WSO2 Inc.
>> > Oxygenating the Web Service Platform.
>> > http://wso2.org/
>> >
>> > blog: http://www.keith-chapman.org
>> >
>>
>>
>>
>> --
>> Davanum Srinivas :: http://davanum.wordpress.com
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>
>
>
> --
> Keith Chapman
> Senior Software Engineer
> WSO2 Inc.
> Oxygenating the Web Service Platform.
> http://wso2.org/
>
> blog: http://www.keith-chapman.org
>
--
Davanum Srinivas :: http://davanum.wordpress.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
