[cxf] branch 3.1.x-fixes updated: [CXF-7584] Restricting the proxies (by default) from accidentally supplying empty path template values, an updated patch from Alexey Markevich applied, This closes #354

Mon, 11 Dec 2017 02:45:57 -0800 

This is an automated email from the ASF dual-hosted git repository.

sergeyb pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/3.1.x-fixes by this push:
     new 91b525e  [CXF-7584] Restricting the proxies (by default) from 
accidentally supplying empty path template values, an updated patch from Alexey 
Markevich applied, This closes #354
91b525e is described below

commit 91b525e2657015e6de6079577c5b393bd89188b7
Author: Sergey Beryozkin <sberyoz...@gmail.com>
AuthorDate: Mon Dec 11 10:23:59 2017 +0000

    [CXF-7584] Restricting the proxies (by default) from accidentally supplying 
empty path template values, an updated patch from Alexey Markevich applied, 
This closes #354
---
 .../apache/cxf/jaxrs/client/AbstractClient.java    | 16 +++++++++-
 .../jaxrs/client/JAXRSClientFactoryBeanTest.java   | 36 +++++++++++++++++++++-
 2 files changed, 50 insertions(+), 2 deletions(-)

diff --git 
a/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/AbstractClient.java 
b/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/AbstractClient.java
index d3360af..53666d0 100644
--- a/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/AbstractClient.java
+++ b/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/AbstractClient.java
@@ -43,6 +43,7 @@ import java.util.Set;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.logging.Logger;
 
+import javax.ws.rs.PathParam;
 import javax.ws.rs.ProcessingException;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.client.InvocationCallback;
@@ -62,6 +63,7 @@ import javax.xml.stream.XMLStreamWriter;
 import org.apache.cxf.Bus;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.PropertyUtils;
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.endpoint.ClientLifeCycleManager;
 import org.apache.cxf.endpoint.ConduitSelector;
 import org.apache.cxf.endpoint.Endpoint;
@@ -80,6 +82,7 @@ import org.apache.cxf.jaxrs.impl.UriBuilderImpl;
 import org.apache.cxf.jaxrs.model.ParameterType;
 import org.apache.cxf.jaxrs.model.URITemplate;
 import org.apache.cxf.jaxrs.provider.ProviderFactory;
+import org.apache.cxf.jaxrs.utils.AnnotationUtils;
 import org.apache.cxf.jaxrs.utils.ExceptionUtils;
 import org.apache.cxf.jaxrs.utils.HttpUtils;
 import org.apache.cxf.jaxrs.utils.InjectionUtils;
@@ -109,6 +112,7 @@ public abstract class AbstractClient implements Client {
     protected static final String KEEP_CONDUIT_ALIVE = "KeepConduitAlive";
     protected static final String HTTP_SCHEME = "http";
     
+    private static final String ALLOW_EMPTY_PATH_VALUES = 
"allow.empty.path.template.value";
     private static final String PROXY_PROPERTY = "jaxrs.proxy";
     private static final String HEADER_SPLIT_PROPERTY = 
"org.apache.cxf.http.header.split";
     private static final String SERVICE_NOT_AVAIL_PROPERTY = 
"org.apache.cxf.transport.service_not_available";
@@ -805,7 +809,17 @@ public abstract class AbstractClient implements Client {
                 }
             }
         }
-        return pValue == null ? null : pValue.toString();
+        final String v = pValue == null ? null : pValue.toString();
+        if (anns != null && StringUtils.isEmpty(v)) {
+            final PathParam pp = AnnotationUtils.getAnnotation(anns, 
PathParam.class);
+            if (null != pp) {
+                Object allowEmptyProp = 
getConfiguration().getBus().getProperty(ALLOW_EMPTY_PATH_VALUES);
+                if (!PropertyUtils.isTrue(allowEmptyProp)) {
+                    throw new IllegalArgumentException("Value for " + 
pp.value() + " is not specified");
+                }
+            }
+        }
+        return v;
     }
     
     protected static void reportMessageHandlerProblem(String name, Class<?> 
cls, MediaType ct, Throwable ex) {
diff --git 
a/rt/rs/client/src/test/java/org/apache/cxf/jaxrs/client/JAXRSClientFactoryBeanTest.java
 
b/rt/rs/client/src/test/java/org/apache/cxf/jaxrs/client/JAXRSClientFactoryBeanTest.java
index a8a266d..6f186f2 100644
--- 
a/rt/rs/client/src/test/java/org/apache/cxf/jaxrs/client/JAXRSClientFactoryBeanTest.java
+++ 
b/rt/rs/client/src/test/java/org/apache/cxf/jaxrs/client/JAXRSClientFactoryBeanTest.java
@@ -27,6 +27,7 @@ import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 
 import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
 import org.apache.cxf.common.util.ProxyClassLoader;
 import org.apache.cxf.feature.AbstractFeature;
 import org.apache.cxf.feature.Feature;
@@ -35,6 +36,7 @@ import org.apache.cxf.interceptor.InterceptorProvider;
 import org.apache.cxf.jaxrs.model.UserOperation;
 import org.apache.cxf.jaxrs.model.UserResource;
 import org.apache.cxf.jaxrs.resources.Book;
+import org.apache.cxf.jaxrs.resources.BookInterface;
 import org.apache.cxf.jaxrs.resources.BookStore;
 import org.apache.cxf.jaxrs.resources.BookStoreSubresourcesOnly;
 import org.apache.cxf.message.Message;
@@ -42,6 +44,7 @@ import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.transport.Conduit;
 import org.apache.cxf.transport.http.HTTPConduit;
+
 import org.junit.Assert;
 import org.junit.Test;
 
@@ -194,6 +197,37 @@ public class JAXRSClientFactoryBeanTest extends Assert {
         assertNotNull(productResourceElement);
     }
     
+    @Test(expected = IllegalArgumentException.class)
+    public void testInvokePathNull() throws Exception {
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        bean.setAddress("http://bar";);
+        bean.setResourceClass(BookInterface.class);
+        BookInterface store = bean.create(BookInterface.class);
+        store.getBook(null);
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testInvokePathEmpty() throws Exception {
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        bean.setAddress("http://bar";);
+        bean.setResourceClass(BookInterface.class);
+        BookInterface store = bean.create(BookInterface.class);
+        store.getBook("");
+    }
+    
+    @Test
+    public void testInvokePathEmptyAllowed() throws Exception {
+        Bus bus = BusFactory.newInstance().createBus();
+        bus.setProperty("allow.empty.path.template.value", true);
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        bean.setBus(bus);
+        bean.setAddress("http://bar";);
+        bean.setResourceClass(BookInterface.class);
+        BookInterface store = bean.create(BookInterface.class);
+        assertNotNull(store.getBook(""));
+    }
+
+
     private class TestFeature extends AbstractFeature {
         private TestInterceptor testInterceptor;
 
@@ -242,4 +276,4 @@ public class JAXRSClientFactoryBeanTest extends Assert {
         String get();
     }
     
-}
\ No newline at end of file
+}

-- 
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <commits@cxf.apache.org>'].

Reply via email to