For the record, i never agreed to this "critical fix" mode. Please check the thread
http://marc.info/?t=121543407100005&r=1&w=2 I explicitly objected to keeping things open. It's been a month since we started the thread. Please point out where exactly did we agree on this "critical fixes" as the policy for 1.4.1. So that i don't make the same mistake next time. thanks, dims On Thu, Aug 7, 2008 at 6:38 AM, Davanum Srinivas <[EMAIL PROTECTED]> wrote: > Guess it really does not matter anymore...we have hit the slippery > slope at full tilt. Let's see where we end up when we finally ship > 1.4.1. maybe we should stop calling it 1.4.1 because it is not tiny > release anymore. > > -- dims > > On Thu, Aug 7, 2008 at 4:34 AM, keith chapman <[EMAIL PROTECTED]> wrote: >> Hi Dims, >> >> I agree that its not a security problem. But REST stuff via WSDL 2.0 would >> not work without this fix. Which means that REST via WSDL 2.0 is broken in >> Axis 2 1.4. We agreed that if there are critical fixes we would put them >> into this release. And this IS a critical fix. >> >> Thanks, >> Keith. >> >> On Thu, Aug 7, 2008 at 11:18 AM, Davanum Srinivas <[EMAIL PROTECTED]> wrote: >>> >>> Keith, >>> >>> Do you consider this in scope for a security problem oriented 1.4.1 >>> release? >>> >>> -- dims >>> >>> On Thu, Aug 7, 2008 at 12:56 AM, keith chapman <[EMAIL PROTECTED]> >>> wrote: >>> > Here is the reason for adding the trailing "/" >>> > >>> > When a WSDL has a httpLocation that is resolved against the base URI, so >>> > lets assume a bindingOperation has whttp:laction="foo/{bar} and that >>> > this is >>> > exposed over 3 endpoints, SOAP 11 SOAP 12 and HTTP. >>> > for the SOAP 11 endpoint the address would be >>> > http://localhost:8080/axis2/services/fooService.SOAP11Endpoint/ >>> > for the SOAP 11 endpoint the address would be >>> > http://localhost:8080/axis2/services/fooService.SOAP12Endpoint/ >>> > for the SOAP 11 endpoint the address would be >>> > http://localhost:8080/axis2/services/fooService.HTTPEndpoint/ >>> > >>> > Now the above works perfectly only if the trailing "/" is there. If its >>> > absent when >>> > http://localhost:8080/axis2/services/fooService.SOAP11Endpoint/ >>> > is resolved agaist foo/{bar} the result would be >>> > http://localhost:8080/axis2/services/foo/{bar} which is incorrect. >>> > >>> > So that is the reason for having the trailing "/" >>> > >>> > Now the second point. Why did I remove it ;). >>> > >>> > Previously the trailing "/" was added in the AxisEndpoint class where >>> > the >>> > epr was calculated. This leads to undesirable issues when other >>> > transports >>> > are used. For e.g when JMS was used the endpoint address was >>> > >>> > jms:/fooService?transport.jms.ConnectionFactoryJNDIName=QueueConnectionFactory&java.naming.factory.initial=org.apache.activemq.jndi.ActiveMQInitialContextFactory&java.naming.provider.url=tcp://localhost:61616/ >>> > >>> > If the dynamic mode of service client was used to write a client for >>> > this it >>> > would fail with a numberFormatException. All because of the trailing >>> > "/". >>> > >>> > The trailing "/" is needed only for the HTTP case. So it should be the >>> > duty >>> > of the httpListeners to add this trailing "/". This was the rationale >>> > for >>> > getting rid of this logic from the AxisEndpoint class and adding it to >>> > the >>> > http listeners. >>> > >>> > Thanks, >>> > Keith. >>> > >>> > On Wed, Aug 6, 2008 at 10:44 PM, Davanum Srinivas <[EMAIL PROTECTED]> >>> > wrote: >>> >> >>> >> Sorry! had to ask! and is this a security issue? Why is it even being >>> >> considered? >>> >> >>> >> -- dims >>> >> >>> >> On Wed, Aug 6, 2008 at 1:06 PM, Saminda Abeyruwan <[EMAIL PROTECTED]> >>> >> wrote: >>> >> > Is there any particular reason to add the tailing "/". >>> >> > >>> >> > Saminda >>> >> > >>> >> > On Wed, Aug 6, 2008 at 8:35 AM, Amila Suriarachchi >>> >> > <[EMAIL PROTECTED]> wrote: >>> >> >> >>> >> >> hi keith, >>> >> >> >>> >> >> is there any reason to remove the ending "/". >>> >> >> IMHO we should not remove this if there is no problem with that. >>> >> >> Because >>> >> >> someone may have written a code >>> >> >> by considering that "/" >>> >> >> >>> >> >> thanks, >>> >> >> Amila. >>> >> >> >>> >> >> On Tue, Aug 5, 2008 at 12:49 AM, <[EMAIL PROTECTED]> wrote: >>> >> >>> >>> >> >>> Author: keithc >>> >> >>> Date: Mon Aug 4 12:19:15 2008 >>> >> >>> New Revision: 682470 >>> >> >>> >>> >> >>> URL: http://svn.apache.org/viewvc?rev=682470&view=rev >>> >> >>> Log: >>> >> >>> Applying patch given by amila to Axis2-3961. Also getting rid of >>> >> >>> the >>> >> >>> trailing / added in axisEndpoint and adding it in the http related >>> >> >>> listeners >>> >> >>> >>> >> >>> Modified: >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java >>> >> >>> >>> >> >>> Modified: >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java >>> >> >>> URL: >>> >> >>> >>> >> >>> >>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java?rev=682470&r1=682469&r2=682470&view=diff >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> ============================================================================== >>> >> >>> --- >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java >>> >> >>> (original) >>> >> >>> +++ >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/description/AxisEndpoint.java >>> >> >>> Mon Aug 4 12:19:15 2008 >>> >> >>> @@ -194,7 +194,7 @@ >>> >> >>> >>> >> >>> .getEPRsForService(sDOTe, ip); >>> >> >>> // we consider only the >>> >> >>> first >>> >> >>> address return by the listener >>> >> >>> if (eprsForService != null >>> >> >>> && >>> >> >>> eprsForService.length > 0) { >>> >> >>> - return >>> >> >>> eprsForService[0].getAddress() + "/"; >>> >> >>> + return >>> >> >>> eprsForService[0].getAddress(); >>> >> >>> } >>> >> >>> } catch (SocketException e) { >>> >> >>> logger.warn(e.getMessage(), >>> >> >>> e); >>> >> >>> >>> >> >>> Modified: >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java >>> >> >>> URL: >>> >> >>> >>> >> >>> >>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java?rev=682470&r1=682469&r2=682470&view=diff >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> ============================================================================== >>> >> >>> --- >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java >>> >> >>> (original) >>> >> >>> +++ >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/AxisServlet.java >>> >> >>> Mon Aug 4 12:19:15 2008 >>> >> >>> @@ -590,7 +590,7 @@ >>> >> >>> endpointRefernce = endpointRefernce + '/' + >>> >> >>> configContext.getServiceContextPath() + "/" + >>> >> >>> serviceName; >>> >> >>> } >>> >> >>> - EndpointReference endpoint = new >>> >> >>> EndpointReference(endpointRefernce); >>> >> >>> + EndpointReference endpoint = new >>> >> >>> EndpointReference(endpointRefernce + "/"); >>> >> >>> >>> >> >>> return new EndpointReference[]{endpoint}; >>> >> >>> } >>> >> >>> >>> >> >>> Modified: >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java >>> >> >>> URL: >>> >> >>> >>> >> >>> >>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java?rev=682470&r1=682469&r2=682470&view=diff >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> ============================================================================== >>> >> >>> --- >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java >>> >> >>> (original) >>> >> >>> +++ >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/CustomListener.java >>> >> >>> Mon Aug 4 12:19:15 2008 >>> >> >>> @@ -71,7 +71,7 @@ >>> >> >>> if(path.charAt(0)!='/'){ >>> >> >>> path = '/' + path; >>> >> >>> } >>> >> >>> - return new EndpointReference[]{new >>> >> >>> EndpointReference(schema + >>> >> >>> "://" + ip + ":" + port + path )}; >>> >> >>> + return new EndpointReference[]{new >>> >> >>> EndpointReference(schema + >>> >> >>> "://" + ip + ":" + port + path + "/" )}; >>> >> >>> } >>> >> >>> >>> >> >>> public EndpointReference getEPRForService(String serviceName, >>> >> >>> String >>> >> >>> ip) throws AxisFault { >>> >> >>> >>> >> >>> Modified: >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java >>> >> >>> URL: >>> >> >>> >>> >> >>> >>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java?rev=682470&r1=682469&r2=682470&view=diff >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> ============================================================================== >>> >> >>> --- >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java >>> >> >>> (original) >>> >> >>> +++ >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/http/SimpleHTTPServer.java >>> >> >>> Mon Aug 4 12:19:15 2008 >>> >> >>> @@ -262,7 +262,7 @@ >>> >> >>> endpointRefernce = endpointRefernce + '/' + >>> >> >>> >>> >> >>> configurationContext.getServiceContextPath() >>> >> >>> + "/" + serviceName; >>> >> >>> } >>> >> >>> - return new EndpointReference[]{new >>> >> >>> EndpointReference(endpointRefernce)}; >>> >> >>> + return new EndpointReference[]{new >>> >> >>> EndpointReference(endpointRefernce + "/")}; >>> >> >>> } else { >>> >> >>> throw new AxisFault("Unable to generate EPR for the >>> >> >>> transport : http"); >>> >> >>> } >>> >> >>> @@ -296,7 +296,7 @@ >>> >> >>> } >>> >> >>> >>> >> >>> >>> >> >>> - return new EndpointReference[]{new >>> >> >>> EndpointReference(endpointRefernce)}; >>> >> >>> + return new EndpointReference[]{new >>> >> >>> EndpointReference(endpointRefernce + "/")}; >>> >> >>> } else { >>> >> >>> throw new AxisFault("Unable to generate EPR for the >>> >> >>> transport >>> >> >>> : http"); >>> >> >>> } >>> >> >>> >>> >> >>> Modified: >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java >>> >> >>> URL: >>> >> >>> >>> >> >>> >>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java?rev=682470&r1=682469&r2=682470&view=diff >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> ============================================================================== >>> >> >>> --- >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java >>> >> >>> (original) >>> >> >>> +++ >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/jms/JMSListener.java >>> >> >>> Mon Aug 4 12:19:15 2008 >>> >> >>> @@ -350,8 +350,15 @@ >>> >> >>> if (serviceName.indexOf('/') != -1) { >>> >> >>> serviceName = serviceName.substring(0, >>> >> >>> serviceName.indexOf('/')); >>> >> >>> } >>> >> >>> - return new EndpointReference[]{ >>> >> >>> - new EndpointReference((String) >>> >> >>> serviceNameToEprMap.get(serviceName))}; >>> >> >>> + >>> >> >>> + String endpointName = (String) >>> >> >>> serviceNameToEprMap.get(serviceName); >>> >> >>> + if (endpointName == null){ >>> >> >>> + if (serviceName.indexOf(".") != -1){ >>> >> >>> + serviceName = serviceName.substring(0, >>> >> >>> serviceName.indexOf(".")); >>> >> >>> + endpointName = (String) >>> >> >>> serviceNameToEprMap.get(serviceName); >>> >> >>> + } >>> >> >>> + } >>> >> >>> + return new EndpointReference[]{new >>> >> >>> EndpointReference(endpointName)}; >>> >> >>> } >>> >> >>> >>> >> >>> /** >>> >> >>> >>> >> >>> Modified: >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java >>> >> >>> URL: >>> >> >>> >>> >> >>> >>> >> >>> http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java?rev=682470&r1=682469&r2=682470&view=diff >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> ============================================================================== >>> >> >>> --- >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java >>> >> >>> (original) >>> >> >>> +++ >>> >> >>> >>> >> >>> >>> >> >>> webservices/axis2/branches/java/1_4/modules/kernel/src/org/apache/axis2/transport/nhttp/HttpCoreNIOListener.java >>> >> >>> Mon Aug 4 12:19:15 2008 >>> >> >>> @@ -222,7 +222,7 @@ >>> >> >>> * Return the EPR for the given service (implements deprecated >>> >> >>> method >>> >> >>> temporarily) >>> >> >>> */ >>> >> >>> public EndpointReference getEPRForService(String serviceName, >>> >> >>> String >>> >> >>> ip) throws AxisFault { >>> >> >>> - return new EndpointReference(serviceEPRPrefix + >>> >> >>> serviceName); >>> >> >>> + return new EndpointReference(serviceEPRPrefix + >>> >> >>> serviceName + >>> >> >>> "/"); >>> >> >>> } >>> >> >>> >>> >> >>> /** >>> >> >>> @@ -234,7 +234,7 @@ >>> >> >>> */ >>> >> >>> public EndpointReference[] getEPRsForService(String >>> >> >>> serviceName, >>> >> >>> String ip) throws AxisFault { >>> >> >>> EndpointReference[] endpointReferences = new >>> >> >>> EndpointReference[1]; >>> >> >>> - endpointReferences[0] = new >>> >> >>> EndpointReference(serviceEPRPrefix + >>> >> >>> serviceName); >>> >> >>> + endpointReferences[0] = new >>> >> >>> EndpointReference(serviceEPRPrefix + >>> >> >>> serviceName + "/"); >>> >> >>> return endpointReferences; >>> >> >>> } >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >> >>> >> >> >>> >> >> >>> >> >> -- >>> >> >> Amila Suriarachchi, >>> >> >> WSO2 Inc. >>> >> > >>> >> > >>> >> >>> >> >>> >> >>> >> -- >>> >> Davanum Srinivas :: http://davanum.wordpress.com >>> >> >>> >> --------------------------------------------------------------------- >>> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> >> For additional commands, e-mail: [EMAIL PROTECTED] >>> >> >>> > >>> > >>> > >>> > -- >>> > Keith Chapman >>> > Senior Software Engineer >>> > WSO2 Inc. >>> > Oxygenating the Web Service Platform. >>> > http://wso2.org/ >>> > >>> > blog: http://www.keith-chapman.org >>> > >>> >>> >>> >>> -- >>> Davanum Srinivas :: http://davanum.wordpress.com >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >> >> >> >> -- >> Keith Chapman >> Senior Software Engineer >> WSO2 Inc. >> Oxygenating the Web Service Platform. >> http://wso2.org/ >> >> blog: http://www.keith-chapman.org >> > > > > -- > Davanum Srinivas :: http://davanum.wordpress.com > -- Davanum Srinivas :: http://davanum.wordpress.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
