Repository: cxf Updated Branches: refs/heads/2.7.x-fixes a583f5e78 -> 9d387a1e4
systests/jaxrs/src/test/resources/jaxrs/WEB-INF/beans.xml conflict resolved Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9d387a1e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9d387a1e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9d387a1e Branch: refs/heads/2.7.x-fixes Commit: 9d387a1e4ba26857d94ba1d381c1e778851f22ca Parents: a583f5e Author: Sergey Beryozkin <sberyoz...@talend.com> Authored: Fri Feb 28 14:11:06 2014 +0000 Committer: Sergey Beryozkin <sberyoz...@talend.com> Committed: Fri Feb 28 15:43:07 2014 +0000 ---------------------------------------------------------------------- .../apache/cxf/common/util/PropertyUtils.java | 26 ++++++++++++++ .../cxf/interceptor/StaxInInterceptor.java | 37 ++------------------ .../org/apache/cxf/staxutils/StaxUtils.java | 15 ++++++++ .../jaxrs/provider/AbstractJAXBProvider.java | 29 ++++++++++++--- .../cxf/jaxrs/provider/JAXBElementProvider.java | 6 ++-- .../cxf/jaxrs/provider/SourceProvider.java | 30 ++++++++++++++-- .../apache/cxf/jaxrs/utils/ExceptionUtils.java | 2 +- .../cxf/systest/jaxrs/BookStoreSpring.java | 7 ++-- .../jaxrs/JAXRSClientServerSpringBookTest.java | 29 ++++++++++++++- .../src/test/resources/jaxrs/WEB-INF/beans.xml | 9 +++++ 10 files changed, 141 insertions(+), 49 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/9d387a1e/api/src/main/java/org/apache/cxf/common/util/PropertyUtils.java ---------------------------------------------------------------------- diff --git a/api/src/main/java/org/apache/cxf/common/util/PropertyUtils.java b/api/src/main/java/org/apache/cxf/common/util/PropertyUtils.java index a7eca4e..ec09abb 100644 --- a/api/src/main/java/org/apache/cxf/common/util/PropertyUtils.java +++ b/api/src/main/java/org/apache/cxf/common/util/PropertyUtils.java @@ -21,6 +21,8 @@ package org.apache.cxf.common.util; import java.util.Map; +import org.apache.cxf.message.Message; + /** * Holder of generic property related methods */ @@ -89,4 +91,28 @@ public final class PropertyUtils { return false; } + + public static Long getLong(Message message, String key) { + Object o = message.getContextualProperty(key); + if (o instanceof Long) { + return (Long)o; + } else if (o instanceof Number) { + return ((Number)o).longValue(); + } else if (o instanceof String) { + return Long.valueOf(o.toString()); + } + return null; + } + + public static Integer getInteger(Message message, String key) { + Object o = message.getContextualProperty(key); + if (o instanceof Integer) { + return (Integer)o; + } else if (o instanceof Number) { + return ((Number)o).intValue(); + } else if (o instanceof String) { + return Integer.valueOf((String)o); + } + return null; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/9d387a1e/api/src/main/java/org/apache/cxf/interceptor/StaxInInterceptor.java ---------------------------------------------------------------------- diff --git a/api/src/main/java/org/apache/cxf/interceptor/StaxInInterceptor.java b/api/src/main/java/org/apache/cxf/interceptor/StaxInInterceptor.java index 9bb2a52..2a8682d 100644 --- a/api/src/main/java/org/apache/cxf/interceptor/StaxInInterceptor.java +++ b/api/src/main/java/org/apache/cxf/interceptor/StaxInInterceptor.java @@ -131,7 +131,7 @@ public class StaxInInterceptor extends AbstractPhaseInterceptor<Message> { } } } - xreader = configureRestrictions(xreader, message); + xreader = StaxUtils.configureReader(xreader, message); } catch (XMLStreamException e) { throw new Fault(new org.apache.cxf.common.i18n.Message("STREAM_CREATE_EXC", LOG, @@ -141,40 +141,7 @@ public class StaxInInterceptor extends AbstractPhaseInterceptor<Message> { message.getInterceptorChain().add(StaxInEndingInterceptor.INSTANCE); } - private XMLStreamReader configureRestrictions(XMLStreamReader xreader, Message message) throws XMLStreamException { - Integer maxChildElements = getInteger(message, StaxUtils.MAX_CHILD_ELEMENTS); - Integer maxElementDepth = getInteger(message, StaxUtils.MAX_ELEMENT_DEPTH); - Integer maxAttributeCount = getInteger(message, StaxUtils.MAX_ATTRIBUTE_COUNT); - Integer maxAttributeSize = getInteger(message, StaxUtils.MAX_ATTRIBUTE_SIZE); - Integer maxTextLength = getInteger(message, StaxUtils.MAX_TEXT_LENGTH); - Long maxElementCount = getLong(message, StaxUtils.MAX_ELEMENT_COUNT); - Long maxXMLCharacters = getLong(message, StaxUtils.MAX_XML_CHARACTERS); - return StaxUtils.configureReader(xreader, maxChildElements, maxElementDepth, - maxAttributeCount, maxAttributeSize, maxTextLength, - maxElementCount, maxXMLCharacters); - } - private Long getLong(Message message, String key) { - Object o = message.getContextualProperty(key); - if (o instanceof Long) { - return (Long)o; - } else if (o instanceof Number) { - return ((Number)o).longValue(); - } else if (o instanceof String) { - return Long.valueOf(o.toString()); - } - return null; - } - private Integer getInteger(Message message, String key) { - Object o = message.getContextualProperty(key); - if (o instanceof Integer) { - return (Integer)o; - } else if (o instanceof Number) { - return ((Number)o).intValue(); - } else if (o instanceof String) { - return Integer.valueOf((String)o); - } - return null; - } + public static XMLInputFactory getXMLInputFactory(Message m) throws Fault { Object o = m.getContextualProperty(XMLInputFactory.class.getName()); if (o instanceof XMLInputFactory) { http://git-wip-us.apache.org/repos/asf/cxf/blob/9d387a1e/api/src/main/java/org/apache/cxf/staxutils/StaxUtils.java ---------------------------------------------------------------------- diff --git a/api/src/main/java/org/apache/cxf/staxutils/StaxUtils.java b/api/src/main/java/org/apache/cxf/staxutils/StaxUtils.java index 01fa1ce..a636224 100644 --- a/api/src/main/java/org/apache/cxf/staxutils/StaxUtils.java +++ b/api/src/main/java/org/apache/cxf/staxutils/StaxUtils.java @@ -84,10 +84,12 @@ import org.xml.sax.XMLReader; import org.apache.cxf.common.classloader.ClassLoaderUtils; import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.common.util.PropertyUtils; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.common.util.SystemPropertyAction; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.message.Message; public final class StaxUtils { // System properies for defaults, but also contextual properties usable @@ -1843,6 +1845,19 @@ public final class StaxUtils { } } + public static XMLStreamReader configureReader(XMLStreamReader xreader, Message message) throws XMLStreamException { + Integer messageMaxChildElements = PropertyUtils.getInteger(message, MAX_CHILD_ELEMENTS); + Integer messageMaxElementDepth = PropertyUtils.getInteger(message, MAX_ELEMENT_DEPTH); + Integer messageMaxAttributeCount = PropertyUtils.getInteger(message, MAX_ATTRIBUTE_COUNT); + Integer messageMaxAttributeSize = PropertyUtils.getInteger(message, MAX_ATTRIBUTE_SIZE); + Integer messageMaxTextLength = PropertyUtils.getInteger(message, MAX_TEXT_LENGTH); + Long messageMaxElementCount = PropertyUtils.getLong(message, MAX_ELEMENT_COUNT); + Long messageMaxXMLCharacters = PropertyUtils.getLong(message, MAX_XML_CHARACTERS); + return configureReader(xreader, messageMaxChildElements, messageMaxElementDepth, + messageMaxAttributeCount, messageMaxAttributeSize, messageMaxTextLength, + messageMaxElementCount, messageMaxXMLCharacters); + } + //CHECKSTYLE:OFF - lots of params to configure public static XMLStreamReader configureReader(XMLStreamReader reader, Integer maxChildElements, Integer maxElementDepth, Integer maxAttributeCount, http://git-wip-us.apache.org/repos/asf/cxf/blob/9d387a1e/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/AbstractJAXBProvider.java ---------------------------------------------------------------------- diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/AbstractJAXBProvider.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/AbstractJAXBProvider.java index c0beaec..4105dff 100644 --- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/AbstractJAXBProvider.java +++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/AbstractJAXBProvider.java @@ -80,6 +80,7 @@ import org.apache.cxf.phase.PhaseInterceptorChain; import org.apache.cxf.staxutils.DepthRestrictingStreamReader; import org.apache.cxf.staxutils.DepthXMLStreamReader; import org.apache.cxf.staxutils.DocumentDepthProperties; +import org.apache.cxf.staxutils.StaxUtils; import org.apache.cxf.staxutils.transform.TransformUtils; public abstract class AbstractJAXBProvider<T> extends AbstractConfigurableProvider @@ -691,11 +692,14 @@ public abstract class AbstractJAXBProvider<T> extends AbstractConfigurableProvid protected void handleJAXBException(JAXBException e, boolean read) { StringBuilder sb = handleExceptionStart(e); - if (e.getLinkedException() != null && e.getLinkedException().getMessage() != null) { - sb.append(e.getLinkedException().getMessage()).append(". "); + Throwable linked = e.getLinkedException(); + if (linked != null && linked.getMessage() != null) { + if (read && linked instanceof XMLStreamException && linked.getMessage().startsWith("Maximum Number")) { + throw ExceptionUtils.toWebApplicationException(null, JAXRSUtils.toResponse(413)); + } + sb.append(linked.getMessage()).append(". "); } - Throwable t = e.getLinkedException() != null - ? e.getLinkedException() : e.getCause() != null ? e.getCause() : e; + Throwable t = linked != null ? linked : e.getCause() != null ? e.getCause() : e; String message = new org.apache.cxf.common.i18n.Message("JAXB_EXCEPTION", BUNDLE, sb.toString()).toString(); handleExceptionEnd(t, message, read); @@ -765,11 +769,26 @@ public abstract class AbstractJAXBProvider<T> extends AbstractConfigurableProvid DocumentDepthProperties props = getDepthProperties(); if (props != null && props.isEffective()) { reader = TransformUtils.createNewReaderIfNeeded(reader, is); - return new DepthRestrictingStreamReader(reader, props); + reader = new DepthRestrictingStreamReader(reader, props); + } else if (reader != null) { + reader = configureReaderRestrictions(reader); } return reader; } + protected XMLStreamReader configureReaderRestrictions(XMLStreamReader reader) { + Message message = PhaseInterceptorChain.getCurrentMessage(); + if (message != null) { + try { + return StaxUtils.configureReader(reader, message); + } catch (XMLStreamException ex) { + throw ExceptionUtils.toInternalServerErrorException(ex, null); + } + } else { + return reader; + } + } + protected DocumentDepthProperties getDepthProperties() { if (depthProperties != null) { return depthProperties; http://git-wip-us.apache.org/repos/asf/cxf/blob/9d387a1e/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/JAXBElementProvider.java ---------------------------------------------------------------------- diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/JAXBElementProvider.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/JAXBElementProvider.java index 67e011e..6aa395d 100644 --- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/JAXBElementProvider.java +++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/JAXBElementProvider.java @@ -69,6 +69,7 @@ import org.apache.cxf.jaxrs.utils.ExceptionUtils; import org.apache.cxf.jaxrs.utils.HttpUtils; import org.apache.cxf.jaxrs.utils.InjectionUtils; import org.apache.cxf.jaxrs.utils.JAXBUtils; +import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.message.Attachment; import org.apache.cxf.message.Message; import org.apache.cxf.staxutils.DepthExceededStaxException; @@ -202,7 +203,7 @@ public class JAXBElementProvider<T> extends AbstractJAXBProvider<T> { } catch (JAXBException e) { handleJAXBException(e, true); } catch (DepthExceededStaxException e) { - throw new WebApplicationException(413); + throw ExceptionUtils.toWebApplicationException(null, JAXRSUtils.toResponse(413)); } catch (WebApplicationException e) { throw e; } catch (Exception e) { @@ -274,12 +275,13 @@ public class JAXBElementProvider<T> extends AbstractJAXBProvider<T> { } else { xmlReader = StaxUtils.createXMLStreamReader(is); } + configureReaderRestrictions(xmlReader); return unmarshaller.unmarshal(xmlReader); } finally { StaxUtils.close(xmlReader); } } - + protected Object unmarshalFromReader(Unmarshaller unmarshaller, XMLStreamReader reader, MediaType mt) throws JAXBException { return unmarshaller.unmarshal(reader); http://git-wip-us.apache.org/repos/asf/cxf/blob/9d387a1e/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java ---------------------------------------------------------------------- diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java index 4a72e2a..ab3a6e2 100644 --- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java +++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java @@ -27,7 +27,6 @@ import java.lang.reflect.Type; import javax.ws.rs.Consumes; import javax.ws.rs.Produces; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; @@ -49,6 +48,9 @@ import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.jaxrs.ext.xml.XMLSource; import org.apache.cxf.jaxrs.utils.ExceptionUtils; import org.apache.cxf.jaxrs.utils.HttpUtils; +import org.apache.cxf.jaxrs.utils.JAXRSUtils; +import org.apache.cxf.message.Message; +import org.apache.cxf.phase.PhaseInterceptorChain; import org.apache.cxf.staxutils.DepthExceededStaxException; import org.apache.cxf.staxutils.StaxSource; import org.apache.cxf.staxutils.StaxUtils; @@ -95,7 +97,13 @@ public class SourceProvider<T> extends AbstractConfigurableProvider implements Document doc = StaxUtils.read(reader); return source.cast(docRequired ? doc : new DOMSource(doc)); } catch (DepthExceededStaxException e) { - throw new WebApplicationException(413); + throw ExceptionUtils.toWebApplicationException(null, JAXRSUtils.toResponse(413)); + } catch (XMLStreamException e) { + if (e.getMessage() != null && e.getMessage().startsWith("Maximum Number")) { + throw ExceptionUtils.toWebApplicationException(null, JAXRSUtils.toResponse(413)); + } else { + throw ExceptionUtils.toBadRequestException(e, null); + } } catch (Exception e) { IOException ioex = new IOException("Problem creating a Source object"); ioex.setStackTrace(e.getStackTrace()); @@ -122,7 +130,23 @@ public class SourceProvider<T> extends AbstractConfigurableProvider implements protected XMLStreamReader getReader(InputStream is) { XMLStreamReader reader = getReaderFromMessage(); - return reader == null ? StaxUtils.createXMLStreamReader(is) : reader; + if (reader == null) { + reader = StaxUtils.createXMLStreamReader(is); + } + return configureReaderRestrictions(reader); + } + + protected XMLStreamReader configureReaderRestrictions(XMLStreamReader reader) { + Message message = PhaseInterceptorChain.getCurrentMessage(); + if (message != null) { + try { + return StaxUtils.configureReader(reader, message); + } catch (XMLStreamException ex) { + throw ExceptionUtils.toInternalServerErrorException(ex, null); + } + } else { + return reader; + } } protected InputStream getRealStream(InputStream is) throws IOException { http://git-wip-us.apache.org/repos/asf/cxf/blob/9d387a1e/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/ExceptionUtils.java ---------------------------------------------------------------------- diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/ExceptionUtils.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/ExceptionUtils.java index 8acbc3a..4768d53 100644 --- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/ExceptionUtils.java +++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/ExceptionUtils.java @@ -91,7 +91,7 @@ public final class ExceptionUtils { } public static WebApplicationException toWebApplicationException(Throwable cause, Response response) { - return new WebApplicationException(cause); + return new WebApplicationException(cause, response); } //TODO: we can simply use the reflection, investigate http://git-wip-us.apache.org/repos/asf/cxf/blob/9d387a1e/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStoreSpring.java ---------------------------------------------------------------------- diff --git a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStoreSpring.java b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStoreSpring.java index 649c9a9..6d062b3 100644 --- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStoreSpring.java +++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStoreSpring.java @@ -43,6 +43,7 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.UriInfo; +import javax.xml.stream.XMLStreamException; import javax.xml.transform.Source; import javax.xml.transform.dom.DOMSource; @@ -232,8 +233,10 @@ public class BookStoreSpring { StaxUtils.copy(source, new ByteArrayOutputStream()); } catch (DepthExceededStaxException ex) { throw new WebApplicationException(413); - } catch (Exception ex) { - // ignore for now + } catch (XMLStreamException ex) { + if (ex.getMessage().startsWith("Maximum Number")) { + throw new WebApplicationException(413); + } } throw new WebApplicationException(500); } http://git-wip-us.apache.org/repos/asf/cxf/blob/9d387a1e/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerSpringBookTest.java ---------------------------------------------------------------------- diff --git a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerSpringBookTest.java b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerSpringBookTest.java index 9cf49a5..41f7f50 100644 --- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerSpringBookTest.java +++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerSpringBookTest.java @@ -302,10 +302,29 @@ public class JAXRSClientServerSpringBookTest extends AbstractBusClientServerTest } @Test + public void testBookDepthExceededXMLStax() throws Exception { + String endpointAddress = + "http://localhost:" + PORT + "/the/thebooks9stax/depth"; + WebClient wc = WebClient.create(endpointAddress); + Response r = wc.post(new Book("CXF", 123L)); + assertEquals(413, r.getStatus()); + } + + @Test public void testBookDepthExceededXMLSource() throws Exception { String endpointAddress = "http://localhost:" + PORT + "/the/thebooks9/depth-source"; WebClient wc = WebClient.create(endpointAddress); + WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(1000000L); + Response r = wc.post(new Book("CXF", 123L)); + assertEquals(413, r.getStatus()); + } + + @Test + public void testBookDepthExceededXMLSourceStax() throws Exception { + String endpointAddress = + "http://localhost:" + PORT + "/the/thebooks9stax/depth-source"; + WebClient wc = WebClient.create(endpointAddress); Response r = wc.post(new Book("CXF", 123L)); assertEquals(413, r.getStatus()); } @@ -315,7 +334,15 @@ public class JAXRSClientServerSpringBookTest extends AbstractBusClientServerTest String endpointAddress = "http://localhost:" + PORT + "/the/thebooks9/depth-dom"; WebClient wc = WebClient.create(endpointAddress); - WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(1000000L); + Response r = wc.post(new Book("CXF", 123L)); + assertEquals(413, r.getStatus()); + } + + @Test + public void testBookDepthExceededXMLDomStax() throws Exception { + String endpointAddress = + "http://localhost:" + PORT + "/the/thebooks9stax/depth-dom"; + WebClient wc = WebClient.create(endpointAddress); Response r = wc.post(new Book("CXF", 123L)); assertEquals(413, r.getStatus()); } http://git-wip-us.apache.org/repos/asf/cxf/blob/9d387a1e/systests/jaxrs/src/test/resources/jaxrs/WEB-INF/beans.xml ---------------------------------------------------------------------- diff --git a/systests/jaxrs/src/test/resources/jaxrs/WEB-INF/beans.xml b/systests/jaxrs/src/test/resources/jaxrs/WEB-INF/beans.xml index 577e0f4..52e3613 100644 --- a/systests/jaxrs/src/test/resources/jaxrs/WEB-INF/beans.xml +++ b/systests/jaxrs/src/test/resources/jaxrs/WEB-INF/beans.xml @@ -233,6 +233,15 @@ http://cxf.apache.org/schemas/core.xsd"> </jaxrs:properties> </jaxrs:server> + + <jaxrs:server id="bookservice9stax" address="/thebooks9stax"> + <jaxrs:serviceBeans> + <ref bean="serviceBean"/> + </jaxrs:serviceBeans> + <jaxrs:properties> + <entry key="org.apache.cxf.stax.maxChildElements" value="1"/> + </jaxrs:properties> + </jaxrs:server> <jaxrs:server id="bookservice10" address="/thebooks10">