[ https://issues.apache.org/jira/browse/OFBIZ-3699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nicolas Malin reassigned OFBIZ-3699: ------------------------------------ Assignee: Nicolas Malin > ServiceDispatcher.checkAuth modifies the context if the invocation service > has a permissionServiceName > ------------------------------------------------------------------------------------------------------ > > Key: OFBIZ-3699 > URL: https://issues.apache.org/jira/browse/OFBIZ-3699 > Project: OFBiz > Issue Type: Bug > Components: framework > Affects Versions: Trunk > Reporter: Bob Morley > Assignee: Nicolas Malin > > Created as a result of thread: > http://n4.nabble.com/Magically-converted-types-from-simpleTypeConvert-td1838891.html > The follow code in the ServiceDispatcher ... > if (UtilValidate.isNotEmpty(origService.permissionServiceName)) { > ... > if (hasPermission.booleanValue()) { > context.putAll(permResp); > context = origService.makeValid(context, > ModelService.IN_PARAM); > ... causes the incoming context to be modified both by adding values from the > results of the permission service but also by converting any datatypes to > match those in the service definition. This hides any invalid service > invocations (from a data type pov) and if the permisionServiceName is > removed, the code would start failing with the incorrect data types. > Suggest is to change this to something like ... > Map<String, Object> permRespContext = ServiceUtil.setServiceFields(dctx, > serviceName, permResp); > context.putAll(permRespContext); > The concern is that by doing this there may be some services that were > relying on the data type conversion (because they were invalid requests) > which would start to fail. Appropriate impact analysis of services that > define "permissionServiceName" and appropriate resolutions need to be > included with this change. -- This message was sent by Atlassian JIRA (v6.3.4#6332)