[ https://issues.apache.org/jira/browse/OFBIZ-3699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nicolas Malin closed OFBIZ-3699. -------------------------------- Fix Version/s: Upcoming Branch Resolution: Done This issue is include on STORE-7113 > ServiceDispatcher.checkAuth modifies the context if the invocation service > has a permissionServiceName > ------------------------------------------------------------------------------------------------------ > > Key: OFBIZ-3699 > URL: https://issues.apache.org/jira/browse/OFBIZ-3699 > Project: OFBiz > Issue Type: Bug > Components: framework > Affects Versions: Trunk > Reporter: Bob Morley > Assignee: Nicolas Malin > Priority: Major > Fix For: Upcoming Branch > > > Created as a result of thread: > http://n4.nabble.com/Magically-converted-types-from-simpleTypeConvert-td1838891.html > The follow code in the ServiceDispatcher ... > if (UtilValidate.isNotEmpty(origService.permissionServiceName)) { > ... > if (hasPermission.booleanValue()) { > context.putAll(permResp); > context = origService.makeValid(context, > ModelService.IN_PARAM); > ... causes the incoming context to be modified both by adding values from the > results of the permission service but also by converting any datatypes to > match those in the service definition. This hides any invalid service > invocations (from a data type pov) and if the permisionServiceName is > removed, the code would start failing with the incorrect data types. > Suggest is to change this to something like ... > Map<String, Object> permRespContext = ServiceUtil.setServiceFields(dctx, > serviceName, permResp); > context.putAll(permRespContext); > The concern is that by doing this there may be some services that were > relying on the data type conversion (because they were invalid requests) > which would start to fail. Appropriate impact analysis of services that > define "permissionServiceName" and appropriate resolutions need to be > included with this change. -- This message was sent by Atlassian Jira (v8.3.4#803005)