Bug 1031590
Summary: | missing validation of wsdl-host attribute | ||||||
---|---|---|---|---|---|---|---|
Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Petr Sakař <psakar> | ||||
Component: | Web Services | Assignee: | Alessio Soldano <asoldano> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Rostislav Svoboda <rsvoboda> | ||||
Severity: | high | Docs Contact: | Russell Dickenson <rdickens> | ||||
Priority: | medium | ||||||
Version: | 6.2.0 | CC: | kkhan, nobody | ||||
Target Milestone: | DR0 | ||||||
Target Release: | EAP 6.3.0 | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | 1007484 | Environment: | |||||
Last Closed: | 2014-06-28 15:30:17 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1007484 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Comment 1
Petr Sakař
2013-11-18 11:06:43 UTC
CLI command: jboss-eap-6.3/bin/jboss-cli.sh -c 'deploy ' jboss-eap-6.3/bin/jboss-cli.sh -c '/subsystem=webservices/:write-attribute(name=wsdl-host,value="1.1.1.1.1")' Result: { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } } Reload is successful but retrieval of WSDL from url http://localhost:8080/CLIWebservicesWsdlPortIT/AnnotatedSecurityService results in returned <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <soap:Fault> <faultcode>soap:Server</faultcode> <faultstring>Fault occurred while processing.</faultstring> </soap:Fault> </soap:Body> </soap:Envelope> and server side exception 12:41:38,727 INFO [org.jboss.as.server] (Controller Boot Thread) JBAS018559: Deployed "CLIWebservicesWsdlPortIT.war" (runtime-name : "CLIWebservicesWsdlPortIT.war") 12:41:38,730 INFO [org.jboss.as] (Controller Boot Thread) JBAS015961: Http management interface listening on http://127.0.0.1:9990/management 12:41:38,730 INFO [org.jboss.as] (Controller Boot Thread) JBAS015951: Admin console listening on http://127.0.0.1:9990 12:41:38,730 INFO [org.jboss.as] (Controller Boot Thread) JBAS015874: JBoss EAP 6.3.0.Alpha1 (AS 7.4.0.Final-redhat-0) started in 297ms - Started 180 of 240 services (59 services are passive or on-demand) 12:43:57,682 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-/127.0.0.1:8080-1) Interceptor for {http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy}AnnotatedSecurityService has thrown exception, unwinding now: java.lang.NullPointerException at org.apache.cxf.service.factory.SimpleMethodDispatcher.getMethod(SimpleMethodDispatcher.java:97) at org.jboss.wsf.stack.cxf.JBossWSInvoker.invoke(JBossWSInvoker.java:129) at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:57) [cxf-api-2.7.7.redhat-1.jar:2.7.7.redhat-1] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [rt.jar:1.7.0_51] at java.util.concurrent.FutureTask.run(FutureTask.java:262) [rt.jar:1.7.0_51] at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37) [cxf-api-2.7.7.redhat-1.jar:2.7.7.redhat-1] at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:106) [cxf-api-2.7.7.redhat-1.jar:2.7.7.redhat-1] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) [cxf-api-2.7.7.redhat-1.jar:2.7.7.redhat-1] at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-api-2.7.7.redhat-1.jar:2.7.7.redhat-1] at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239) at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:92) at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:143) at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:211) at javax.servlet.http.HttpServlet.service(HttpServlet.java:734) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1] at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135) at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.2.2.Final-redhat-1.jar:2.2.2.Final-redhat-1] Created attachment 864070 [details]
deployment (war with webservice)
comment#4 is not correct. Correct description is: 1. User is able to set invalid IPv4/v6 address (eg. 1.1.1.1.1, ::, 1::) 2. WSDL is correctly produced using http://localhost:8080/CLIWebservicesWsdlPortIT/AnnotatedSecurityService?wsdl 3. Accessing url http://localhost:8080/CLIWebservicesWsdlPortIT/AnnotatedSecurityService results in returned <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <soap:Fault> <faultcode>soap:Server</faultcode> <faultstring>Fault occurred while processing.</faultstring> </soap:Fault> </soap:Body> </soap:Envelope> and server side exception 12:41:38,727 INFO [org.jboss.as.server] (Controller Boot Thread) JBAS018559: Deployed "CLIWebservicesWsdlPortIT.war" (runtime-name : "CLIWebservicesWsdlPortIT.war") 12:41:38,730 INFO [org.jboss.as] (Controller Boot Thread) JBAS015961: Http management interface listening on http://127.0.0.1:9990/management 12:41:38,730 INFO [org.jboss.as] (Controller Boot Thread) JBAS015951: Admin console listening on http://127.0.0.1:9990 12:41:38,730 INFO [org.jboss.as] (Controller Boot Thread) JBAS015874: JBoss EAP 6.3.0.Alpha1 (AS 7.4.0.Final-redhat-0) started in 297ms - Started 180 of 240 services (59 services are passive or on-demand) 12:43:57,682 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-/127.0.0.1:8080-1) Interceptor for {http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy}AnnotatedSecurityService has thrown exception, unwinding now: java.lang.NullPointerException at org.apache.cxf.service.factory.SimpleMethodDispatcher.getMethod(SimpleMethodDispatcher.java:97) at org.jboss.wsf.stack.cxf.JBossWSInvoker.invoke(JBossWSInvoker.java:129) at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:57) [cxf-api-2.7.7.redhat-1.jar:2.7.7.redhat-1] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [rt.jar:1.7.0_51] at java.util.concurrent.FutureTask.run(FutureTask.java:262) [rt.jar:1.7.0_51] at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37) [cxf-api-2.7.7.redhat-1.jar:2.7.7.redhat-1] at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:106) [cxf-api-2.7.7.redhat-1.jar:2.7.7.redhat-1] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) [cxf-api-2.7.7.redhat-1.jar:2.7.7.redhat-1] at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-api-2.7.7.redhat-1.jar:2.7.7.redhat-1] at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239) at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:92) at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:143) at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:87) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:211) at javax.servlet.http.HttpServlet.service(HttpServlet.java:734) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1] at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:135) at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi-2.2.2.Final-redhat-1.jar:2.2.2.Final-redhat-1] Another correction: Validation of 1.1.1.1.1 is successfull as it is considered as hostname. 1:: and :: are valid IPv6 addresses So the only problem is NPE As mentioned to Petr on IRC, the NPE is really a side issue here, related to sending a HTTP GET request to the endpoint location which is meant to process POST requests only. It's not really a problem besides for the possibly misleading error in the log. In any case this NPE thing is being solved in next EAP 6.3 DR1. So this BZ is solved from my point of view. verified NPE not thrown any more verified validation in CLI verified validation in CLI GUI (beware of current bug in GUI when value is not enclosed in quotes) |