[
https://issues.apache.org/jira/browse/ODE-590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Buddhika Chamith De Alwis updated ODE-590:
------------------------------------------
Attachment: ODE590.patch
In this patch the package element is obtained via the method call
getFirstChildWithName(QName) which returns an OMElement reference.
> Deployment Web Service generates ClassCastException in the presence of
> carriage return on SOAPBody
> --------------------------------------------------------------------------------------------------
>
> Key: ODE-590
> URL: https://issues.apache.org/jira/browse/ODE-590
> Project: ODE
> Issue Type: Improvement
> Components: Deployment
> Affects Versions: 1.2
> Reporter: Buddhika Chamith De Alwis
> Priority: Minor
> Fix For: 2.0
>
> Attachments: ODE590.patch
>
>
> In DeploymentWebService following line is used to get the package element of
> the SOAPBody.
> OMElement zipPart = (OMElement) namePart.getNextOMSibling();
> This code is vulnerable if a carriage return is present after the <name> tag
> before <package> tag in the SOAPBody. This happens because of the behaviour
> of Axiom. Axiom creates an OMText node for the carriage return. So when
> getNextOMSibling() is called instead of <package> element OMText is selected.
> But since the OMText cannot be cast to OMElement a ClassCastException occurs.
> This can be avoided by obtaining zipart OMElement with a call to getChild()
> or any related method which returns an OMElement reference.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
