[jira] [Commented] (AXIS2-5827) axis2-wsdl2code-maven-plugin shouldn't use Log4j
[ https://issues.apache.org/jira/browse/AXIS2-5827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16506153#comment-16506153 ] Petr Dvorak commented on AXIS2-5827: Is there any roadmap for 1.8.0 release? We are postponing our issue that depends on this one for several releases... > axis2-wsdl2code-maven-plugin shouldn't use Log4j > > > Key: AXIS2-5827 > URL: https://issues.apache.org/jira/browse/AXIS2-5827 > Project: Axis2 > Issue Type: Bug > Components: Tools >Affects Versions: 1.7.4 >Reporter: Petr Dvorak >Assignee: Andreas Veithen >Priority: Minor > Fix For: 1.8.0 > > > I am using axis2-wsdl2code-maven-plugin to generate my SOAP service client. > The plugin itself works correctly and it generates a correct SOAP client, but > I get following warning in console with every build: > {code} > log4j:WARN No appenders could be found for logger > (org.apache.axiom.locator.DefaultOMMetaFactoryLocator). > log4j:WARN Please initialize the log4j system properly. > {code} > I know I need to configure Log4j properties, but I haven't found any > documentation / help on how to do this for {{axis2-wsdl2code-maven-plugin}}... > This is my {{pom.xml}} file: > {code:xml} > http://maven.apache.org/POM/4.0.0; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > http://maven.apache.org/xsd/maven-4.0.0.xsd;> > 4.0.0 > powerauth-java-client-axis > 0.13.0 > powerauth-java-client-axis > PowerAuth 2.0 Service Client - Axis > > io.getlime.security > powerauth-parent > 0.13.0 > ../pom.xml > > > > org.apache.axis2 > axis2 > 1.6.3 > > > org.apache.axis2 > axis2-adb > 1.6.3 > > > org.apache.axis2 > axis2-transport-http > 1.6.3 > > > org.apache.axis2 > axis2-transport-local > 1.6.3 > > > org.apache.ws.commons.axiom > axiom-api > 1.2.20 > > > org.apache.ws.commons.axiom > axiom-impl > 1.2.20 > > > org.apache.ws.security > wss4j > 1.6.19 > > > wsdl4j > wsdl4j > > > > > > > org.apache.axis2 > axis2-wsdl2code-maven-plugin > 1.6.4 > > > > wsdl2code > > > > io.getlime.powerauth.soap > > ${basedir}/src/main/resources/soap/wsdl/service.wsdl > > > > > > > > > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Closed] (AXIS2-5863) Possible null dereference in ServiceStub class
[ https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Petr Dvorak closed AXIS2-5863. -- Confirming fix in 1.7.6. > Possible null dereference in ServiceStub class > -- > > Key: AXIS2-5863 > URL: https://issues.apache.org/jira/browse/AXIS2-5863 > Project: Axis2 > Issue Type: Bug > Components: codegen >Affects Versions: 1.7.5 >Reporter: Petr Dvorak >Priority: Minor > Labels: security > Fix For: 1.7.6 > > Attachments: diff.patch > > > We use Coverity Scan tool to audit our open-source code against security > vulnerabilities. Possible NullPointerException was detected in Axis2 > generated ServiceStub class code. The issue occurs in following generated > code: > {code:java} > } finally { > if (_messageContext.getTransportOut() != null) { > _messageContext.getTransportOut().getSender() > .cleanup(_messageContext); > } > } > {code} > In case "_messageContext" is set to null, the if condition throws NPE. Also, > we can see the path on how this variable value actually may become null, so > we believe the issue is valid and null check should be present... > Here are possible implications of the issue from the security perspective: > http://cwe.mitre.org/data/definitions/476.html -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Resolved] (AXIS2-5863) Possible null dereference in ServiceStub class
[ https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Petr Dvorak resolved AXIS2-5863. Resolution: Fixed > Possible null dereference in ServiceStub class > -- > > Key: AXIS2-5863 > URL: https://issues.apache.org/jira/browse/AXIS2-5863 > Project: Axis2 > Issue Type: Bug > Components: codegen >Affects Versions: 1.7.5 >Reporter: Petr Dvorak >Priority: Minor > Labels: security > Fix For: 1.7.6 > > Attachments: diff.patch > > > We use Coverity Scan tool to audit our open-source code against security > vulnerabilities. Possible NullPointerException was detected in Axis2 > generated ServiceStub class code. The issue occurs in following generated > code: > {code:java} > } finally { > if (_messageContext.getTransportOut() != null) { > _messageContext.getTransportOut().getSender() > .cleanup(_messageContext); > } > } > {code} > In case "_messageContext" is set to null, the if condition throws NPE. Also, > we can see the path on how this variable value actually may become null, so > we believe the issue is valid and null check should be present... > Here are possible implications of the issue from the security perspective: > http://cwe.mitre.org/data/definitions/476.html -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Commented] (AXIS2-5863) Possible null dereference in ServiceStub class
[ https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16118962#comment-16118962 ] Petr Dvorak commented on AXIS2-5863: You are right - I have run the static code analyzer and there are no issues. Sorry for the confusion, I was eagerly checking the generated code and acted too soon... > Possible null dereference in ServiceStub class > -- > > Key: AXIS2-5863 > URL: https://issues.apache.org/jira/browse/AXIS2-5863 > Project: Axis2 > Issue Type: Bug > Components: codegen >Affects Versions: 1.7.5 >Reporter: Petr Dvorak >Priority: Minor > Labels: security > Fix For: 1.7.6 > > Attachments: diff.patch > > > We use Coverity Scan tool to audit our open-source code against security > vulnerabilities. Possible NullPointerException was detected in Axis2 > generated ServiceStub class code. The issue occurs in following generated > code: > {code:java} > } finally { > if (_messageContext.getTransportOut() != null) { > _messageContext.getTransportOut().getSender() > .cleanup(_messageContext); > } > } > {code} > In case "_messageContext" is set to null, the if condition throws NPE. Also, > we can see the path on how this variable value actually may become null, so > we believe the issue is valid and null check should be present... > Here are possible implications of the issue from the security perspective: > http://cwe.mitre.org/data/definitions/476.html -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Reopened] (AXIS2-5863) Possible null dereference in ServiceStub class
[ https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Petr Dvorak reopened AXIS2-5863: Universe is broken: The diff patch was not correctly applied. I can still see the old code in 'trunk' and the issue is still present in 1.7.6. > Possible null dereference in ServiceStub class > -- > > Key: AXIS2-5863 > URL: https://issues.apache.org/jira/browse/AXIS2-5863 > Project: Axis2 > Issue Type: Bug > Components: codegen >Affects Versions: 1.7.5 >Reporter: Petr Dvorak >Priority: Minor > Labels: security > Fix For: 1.7.6 > > Attachments: diff.patch > > > We use Coverity Scan tool to audit our open-source code against security > vulnerabilities. Possible NullPointerException was detected in Axis2 > generated ServiceStub class code. The issue occurs in following generated > code: > {code:java} > } finally { > if (_messageContext.getTransportOut() != null) { > _messageContext.getTransportOut().getSender() > .cleanup(_messageContext); > } > } > {code} > In case "_messageContext" is set to null, the if condition throws NPE. Also, > we can see the path on how this variable value actually may become null, so > we believe the issue is valid and null check should be present... > Here are possible implications of the issue from the security perspective: > http://cwe.mitre.org/data/definitions/476.html -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Updated] (AXIS2-5863) Possible null dereference in ServiceStub class
[ https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Petr Dvorak updated AXIS2-5863: --- Attachment: diff.patch I'm attaching a patch file. The change seems very non-intrusive to me, I would love if we could see it in 1.7.6! :-) > Possible null dereference in ServiceStub class > -- > > Key: AXIS2-5863 > URL: https://issues.apache.org/jira/browse/AXIS2-5863 > Project: Axis2 > Issue Type: Bug > Components: codegen >Affects Versions: 1.7.5 >Reporter: Petr Dvorak > Labels: security > Attachments: diff.patch > > > We use Coverity Scan tool to audit our open-source code against security > vulnerabilities. Possible NullPointerException was detected in Axis2 > generated ServiceStub class code. The issue occurs in following generated > code: > {code:java} > } finally { > if (_messageContext.getTransportOut() != null) { > _messageContext.getTransportOut().getSender() > .cleanup(_messageContext); > } > } > {code} > In case "_messageContext" is set to null, the if condition throws NPE. Also, > we can see the path on how this variable value actually may become null, so > we believe the issue is valid and null check should be present... > Here are possible implications of the issue from the security perspective: > http://cwe.mitre.org/data/definitions/476.html -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Created] (AXIS2-5829) JavaDoc warnings when using Axis2 (adl) to generate client
Petr Dvorak created AXIS2-5829: -- Summary: JavaDoc warnings when using Axis2 (adl) to generate client Key: AXIS2-5829 URL: https://issues.apache.org/jira/browse/AXIS2-5829 Project: Axis2 Issue Type: Bug Reporter: Petr Dvorak Priority: Trivial Attachments: pom.xml, service.wsdl I use {{axis2-wsdl2code-maven-plugin}} to generate a SOAP service client (using default ADB). However, the plugin generates JavaDoc warnings, like these (many more instances): {code:ActionScript} [WARNING] Javadoc Warnings [WARNING] /private/tmp/lime-security-powerauth/powerauth-java-client-axis/target/generated-sources/axis2/wsdl2code/src/io/getlime/powerauth/soap/PowerAuthPortServiceStub.java:331: warning - Tag @see: reference not found: io.getlime.powerauth.soap.PowerAuthPortService#blockActivation [WARNING] /private/tmp/lime-security-powerauth/powerauth-java-client-axis/target/generated-sources/axis2/wsdl2code/src/io/getlime/powerauth/soap/PowerAuthPortServiceStub.java:447: warning - Tag @see: reference not found: io.getlime.powerauth.soap.PowerAuthPortService#startblockActivation [WARNING] /private/tmp/lime-security-powerauth/powerauth-java-client-axis/target/generated-sources/axis2/wsdl2code/src/io/getlime/powerauth/soap/PowerAuthPortServiceStub.java:599: warning - Tag @see: reference not found: io.getlime.powerauth.soap.PowerAuthPortService#getCallbackUrlList [WARNING] /private/tmp/lime-security-powerauth/powerauth-java-client-axis/target/generated-sources/axis2/wsdl2code/src/io/getlime/powerauth/soap/PowerAuthPortServiceStub.java:715: warning - Tag @see: reference not found: io.getlime.powerauth.soap.PowerAuthPortService#startgetCallbackUrlList {code} After looking into the JavaDoc, I noticed that while the JavaDoc refers to {{PowerAuthPortService}} class, the actual generated class name is {{PowerAuthPortServiceStub}}. I assume I am probably supposed to implement my own {{PowerAuthPortService}} that extends / encapsulates the {{PowerAuthPortServiceStub}} class (?). But this should IMO be mentioned in the documentation more explicitly (the implicit naming convention), or I should be able to specify the final client class name to be referred in JavaDoc, since mine is {{PowerAuthServiceClient}} at the moment... -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Created] (AXIS2-5827) Missing documentation on axis2-wsdl2code-maven-plugin configuration of Log4j
Petr Dvorak created AXIS2-5827: -- Summary: Missing documentation on axis2-wsdl2code-maven-plugin configuration of Log4j Key: AXIS2-5827 URL: https://issues.apache.org/jira/browse/AXIS2-5827 Project: Axis2 Issue Type: Bug Components: codegen Reporter: Petr Dvorak I am using axis2-wsdl2code-maven-plugin to generate my SOAP service client. The plugin itself works correctly and it generates a correct SOAP client, but I get following warning in console with every build: {code} log4j:WARN No appenders could be found for logger (org.apache.axiom.locator.DefaultOMMetaFactoryLocator). log4j:WARN Please initialize the log4j system properly. {code} I know I need to configure Log4j properties, but I haven't found any documentation / help on how to do this for {{axis2-wsdl2code-maven-plugin}}... This is my {{pom.xml}} file: {code:xml} http://maven.apache.org/POM/4.0.0; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd;> 4.0.0 powerauth-java-client-axis 0.13.0 powerauth-java-client-axis PowerAuth 2.0 Service Client - Axis io.getlime.security powerauth-parent 0.13.0 ../pom.xml org.apache.axis2 axis2 1.6.3 org.apache.axis2 axis2-adb 1.6.3 org.apache.axis2 axis2-transport-http 1.6.3 org.apache.axis2 axis2-transport-local 1.6.3 org.apache.ws.commons.axiom axiom-api 1.2.20 org.apache.ws.commons.axiom axiom-impl 1.2.20 org.apache.ws.security wss4j 1.6.19 wsdl4j wsdl4j org.apache.axis2 axis2-wsdl2code-maven-plugin 1.6.4 wsdl2code io.getlime.powerauth.soap ${basedir}/src/main/resources/soap/wsdl/service.wsdl {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org