[
https://issues.apache.org/jira/browse/AXIS2-4764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15305581#comment-15305581
]
Hudson commented on AXIS2-4764:
-------------------------------
SUCCESS: Integrated in Axis2 #3534 (See
[https://builds.apache.org/job/Axis2/3534/])
AXIS2-4764: Enforce POST for all mutating actions. (veithen: rev 1745924)
* axis2/modules/webapp/src/main/java/org/apache/axis2/webapp/Action.java
* axis2/modules/webapp/src/main/java/org/apache/axis2/webapp/ActionHandler.java
* axis2/modules/webapp/src/main/java/org/apache/axis2/webapp/AdminActions.java
*
axis2/modules/webapp/src/main/java/org/apache/axis2/webapp/AxisAdminServlet.java
* axis2/modules/webapp/src/main/webapp/WEB-INF/views/admin/activateService.jsp
* axis2/modules/webapp/src/main/webapp/WEB-INF/views/admin/deactivateService.jsp
*
axis2/modules/webapp/src/main/webapp/WEB-INF/views/admin/editServiceParameters.jsp
* axis2/modules/webapp/src/main/webapp/WEB-INF/views/admin/engageGlobally.jsp
* axis2/modules/webapp/src/main/webapp/WEB-INF/views/admin/engageToOperation.jsp
* axis2/modules/webapp/src/main/webapp/WEB-INF/views/admin/engageToService.jsp
*
axis2/modules/webapp/src/main/webapp/WEB-INF/views/admin/engageToServiceGroup.jsp
* axis2/modules/webapp/src/main/webapp/WEB-INF/views/admin/listServices.jsp
> Axis 2 Admin Console generates HTTP 414 Request Too Large
> ---------------------------------------------------------
>
> Key: AXIS2-4764
> URL: https://issues.apache.org/jira/browse/AXIS2-4764
> Project: Axis2
> Issue Type: Bug
> Components: admin console
> Affects Versions: 1.5.1
> Reporter: Olivier Vanekem
> Assignee: Andreas Veithen
> Attachments: ServiceParaEdit.jsp
>
>
> We are using Axis 2 and the Admin console to edit some application specific
> parameters.
> However we found out that when the console is located behind a reverse proxy
> server such as Apache HTTP server, we receive a HTTP 414 Request Too Large
> error when trying to modify the parameters.
> This is due to the following :
> Our Web service uses WSDL2Java generated classes (including the skeleton) and
> the console shows a generated parameter called wsdl4jDefinition which is very
> large (up to 12000 characters for one of our services).
> When clicking on the button 'Change' in the console Edit parameters form, the
> actual HTML form method is a GET. This means that all attributes on the form
> will end on the URL and passed by to the axis2-admin/editServicepara servlet.
> This is also not good from a security point of view since all parameters will
> appear appended to the browser url.
> The correct solution is to change the GET into a POST. Attached is the
> ServiceParaEdit.jsp that contains this patch.
> Rgds
> Olivier
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
