CXF with Spring AOP-based Auth makes JAX-RS POST urlencode gives
@FormParam=null
---------------------------------------------------------------------------------
Key: CXF-2346
URL: https://issues.apache.org/jira/browse/CXF-2346
Project: CXF
Issue Type: Bug
Components: REST
Affects Versions: 2.2.2
Environment: CXF 2.2.2, JAX-RS, Servlet Edition running under Tomcat
6.0, in combination with Spring and Spring AOP 2.5.6SEC01, Spring Security 2.0,
JSR-250 @RolesAllowed, and CGLIB 2.2
Reporter: Hendy Irawan
It's much accurate to illustrate this with a real project sample, since it
takes quite an effort to setup the integrated environment to reproduce this
bug. (yet I have to say, this integration setup is a good 'standard setup' for
my general JAX-RS purposes)
The sample project is at:
http://scm.ops4j.org/repos/ops4j/laboratory/users/ceefour/cxfbug-urlencode-basicauth
Given a project with the setup of CXF, JAX-RS, Servlet, Spring Security, Spring
AOP, CGLIB, and JSR-250 annotation, doing a POST with urlencode on JAX-RS
resource with @FormParam is not working.
Here's the script used to test:
#!/bin/sh
# Environment: CXF 2.2.2, JAX-RS, Servlet Edition running under Tomcat 6.0,
in combination with Spring and Spring AOP 2.5.6SEC01, Spring Security 2.0,
JSR-250 @RolesAllowed, and CGLIB 2.2
# Description: CXF with Spring AOP-based Auth makes JAX-RS POST urlencode
gives @FormParam=null
echo 'Test if CXF just works'
curl -D - -v http://localhost:8080/cxfbug-urlencode-basicauth/
echo
echo 'Test if CXF POST works'
curl -D - -v -X POST
http://localhost:8080/cxfbug-urlencode-basicauth/guestquery?name=Apache
echo
echo 'Test if CXF POST urlencode works'
curl -D - -v -X POST --data-urlencode name=Apache
http://localhost:8080/cxfbug-urlencode-basicauth/guestform
echo
echo 'Test if CXF Auth with Spring AOP + Spring Security + JSR-250 works'
curl -D - -v -u apache:apache
http://localhost:8080/cxfbug-urlencode-basicauth/loginget
echo
echo 'Test if CXF POST works'
curl -D - -v -u apache:apache -X POST
http://localhost:8080/cxfbug-urlencode-basicauth/loginquery?name=Apache
echo
echo 'Test if CXF POST urlencode works with Auth'
curl -D - -v -u apache:apache -X POST --data-urlencode name=Apache
http://localhost:8080/cxfbug-urlencode-basicauth/loginform
Only the last one is failing, here's the result of the last two tests in my
setup:
Test if CXF POST works
* About to connect() to localhost port 8080 (#0)
* Trying ::1... connected
* Connected to localhost (::1) port 8080 (#0)
* Server auth using Basic with user 'apache'
> POST /cxfbug-urlencode-basicauth/loginquery?name=Apache HTTP/1.1
> Authorization: Basic YXBhY2hlOmFwYWNoZQ==
> User-Agent: curl/7.18.2 (i486-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g
> zlib/1.2.3.3 libidn/1.10
> Host: localhost:8080
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
Server: Apache-Coyote/1.1
< Date: Fri, 17 Jul 2009 18:16:35 GMT
Date: Fri, 17 Jul 2009 18:16:35 GMT
< Content-Type: text/plain
Content-Type: text/plain
< Content-Length: 12
Content-Length: 12
<
* Connection #0 to host localhost left intact
Hello Apache* Closing connection #0
Test if CXF POST urlencode works with Auth
* About to connect() to localhost port 8080 (#0)
* Trying ::1... connected
* Connected to localhost (::1) port 8080 (#0)
* Server auth using Basic with user 'apache'
> POST /cxfbug-urlencode-basicauth/loginform HTTP/1.1
> Authorization: Basic YXBhY2hlOmFwYWNoZQ==
> User-Agent: curl/7.18.2 (i486-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g
> zlib/1.2.3.3 libidn/1.10
> Host: localhost:8080
> Accept: */*
> Content-Length: 11
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
Server: Apache-Coyote/1.1
< Date: Fri, 17 Jul 2009 18:16:35 GMT
Date: Fri, 17 Jul 2009 18:16:35 GMT
< Content-Type: text/plain
Content-Type: text/plain
< Content-Length: 10
Content-Length: 10
<
* Connection #0 to host localhost left intact
Hello null* Closing connection #0
@FormParam is giving null instead of provided "Apache".
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
