org.apache.axis2.transport.http.AxisServlet.doGet() mishandles URLs with the
word "policy" in them.
---------------------------------------------------------------------------------------------------
Key: AXIS2-4229
URL: https://issues.apache.org/jira/browse/AXIS2-4229
Project: Axis 2.0 (Axis2)
Issue Type: Bug
Components: transports
Affects Versions: 1.2, 1.3, 1.4, 1.4.1
Environment: Linux, but clearly affects all OSes.
Reporter: John G
I have a simple web service that happens to involve policies. Guess what
happens when doGet() sees my URL?
https://myserver/mywebapp/services/PolicyService/executePolicy?policyId=123
// From org.apache.axis2.transport.http.AxisServlet ...
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException,
IOException {
if ((query != null) && (query.indexOf("wsdl2") >= 0 ||
query.indexOf("wsdl") >= 0 || query.indexOf("xsd") >= 0 ||
query.indexOf("policy") >= 0)) { <=== BUG ====
// handling meta data exchange stuff
agent.processListService(request, response);
....
I can rename my parameter, but the fact that you are searching for an English
word ANYWHERE in the query is just wrong, IMHO.
Now I am just worried a customer will use my web service and happen to name
something "policy-xyz".
Are there any other reserved words I need to know about?!?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
