axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Veithen (JIRA)" <j...@apache.org>
Subject [jira] Assigned: (AXIS2-4229) org.apache.axis2.transport.http.AxisServlet.doGet() mishandles URLs with the word "policy" in them.
Date Tue, 03 Feb 2009 09:05:59 GMT

     [ https://issues.apache.org/jira/browse/AXIS2-4229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Andreas Veithen reassigned AXIS2-4229:
--------------------------------------

    Assignee: Andreas Veithen

> org.apache.axis2.transport.http.AxisServlet.doGet() mishandles URLs with the word "policy"
in them.
> ---------------------------------------------------------------------------------------------------
>
>                 Key: AXIS2-4229
>                 URL: https://issues.apache.org/jira/browse/AXIS2-4229
>             Project: Axis 2.0 (Axis2)
>          Issue Type: Bug
>          Components: transports
>    Affects Versions: 1.4.1, 1.4, 1.3, 1.2
>         Environment: Linux, but clearly affects all OSes.
>            Reporter: John G
>            Assignee: Andreas Veithen
>
> I have a simple web service that happens to involve policies.  Guess what happens when
doGet() sees my URL?
>     https://myserver/mywebapp/services/PolicyService/executePolicy?policyId=123
> // From org.apache.axis2.transport.http.AxisServlet ...
>     protected void doGet(HttpServletRequest request,
>                          HttpServletResponse response) throws ServletException, IOException
{
>         if ((query != null) && (query.indexOf("wsdl2") >= 0 ||
>                 query.indexOf("wsdl") >= 0 || query.indexOf("xsd") >= 0 ||
>                 query.indexOf("policy") >= 0)) {   <=== BUG ====
>             // handling meta data exchange stuff
>             agent.processListService(request, response);
>     ....
> I can rename my parameter, but the fact that you are searching for an English word ANYWHERE
in the query is just wrong, IMHO.  
> Now I am just worried a customer will use my web service and happen to name something
"policy-xyz".  
> Are there any other reserved words I need to know about?!?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message