[jira] [Created] (WW-5029) The content allowed-methods tag of the XML configuration is sometimes truncated

Thu, 04 Apr 2019 06:04:17 -0700 

Maxime Clement created WW-5029:
----------------------------------

             Summary: The content allowed-methods tag of the XML configuration 
is sometimes truncated
                 Key: WW-5029
                 URL: https://issues.apache.org/jira/browse/WW-5029
             Project: Struts 2
          Issue Type: Bug
          Components: XML Configuration
    Affects Versions: 2.5.18
            Reporter: Maxime Clement


Under WebSphere 8.5, the SAX parser sometimes create multiple text elements to 
represent the value of the "allowed-methods" tag found in the struts.xml 
configuration file. This happens when the text is read in chunks as stated 
here: 
[https://docs.oracle.com/javase/8/docs/api/org/xml/sax/ContentHandler.html#characters-char:A-int-int-].

This case is not handled in class XmlConfigurationProvider, which only reads 
the first child of the org.w3c.dom.Node returned by the parser (see 
[https://github.com/apache/struts/blob/struts-2-5-x/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java#L879]).

 

This means that with this configuration:
{code:java}
<allowed-methods>method1,method2</allowed-methods>
{code}
The node instance almost always contains a single child [ "method1,method2" ], 
but randomly the node instance can contain two children: [ "method1,me", 
"thod2" ]. As only the first child is considered, the retrieved text is 
truncated and the configuration doesn't work.

 

It happens randomly and cannot be reproduced easily, but we can see in the 
XmlConfigurationProvider class that this case has been taken into account for 
the "result" tag:
{code:java}
<result>something</result>
{code}
 See: 
[https://github.com/apache/struts/blob/struts-2-5-x/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java#L767]
 where all node children of type Node.TEXT_NODE are concatenated to retrieve 
the text value, so even if the SAX parser returns multiple chunks, the word is 
correctly reconstructed.

 

As a workaround I created a custom configuration provider that overrides 
StrutsXmlConfigurationProvider and redefines the method "buildAllowedMethods" 
in order to parse all children of the node object, as done in method 
"buildResults". Note that the same problem applies for "global-allowed-methods" 
as the XmlConfigurationProvider also considers the first child only.

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to