ServiceDispatcher.checkAuth modifies the context if the invocation service has
a permissionServiceName
------------------------------------------------------------------------------------------------------
Key: OFBIZ-3699
URL: https://issues.apache.org/jira/browse/OFBIZ-3699
Project: OFBiz
Issue Type: Bug
Components: framework
Affects Versions: SVN trunk
Reporter: Bob Morley
Fix For: SVN trunk
Created as a result of thread:
http://n4.nabble.com/Magically-converted-types-from-simpleTypeConvert-td1838891.html
The follow code in the ServiceDispatcher ...
if (UtilValidate.isNotEmpty(origService.permissionServiceName)) {
...
if (hasPermission.booleanValue()) {
context.putAll(permResp);
context = origService.makeValid(context,
ModelService.IN_PARAM);
... causes the incoming context to be modified both by adding values from the
results of the permission service but also by converting any datatypes to match
those in the service definition. This hides any invalid service invocations
(from a data type pov) and if the permisionServiceName is removed, the code
would start failing with the incorrect data types.
Suggest is to change this to something like ...
Map<String, Object> permRespContext = ServiceUtil.setServiceFields(dctx,
serviceName, permResp);
context.putAll(permRespContext);
The concern is that by doing this there may be some services that were relying
on the data type conversion (because they were invalid requests) which would
start to fail. Appropriate impact analysis of services that define
"permissionServiceName" and appropriate resolutions need to be included with
this change.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
