svn commit: r1836141 - /ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/XmlRpcEventHandler.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1836141 - /ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/XmlRpcEventHandler.java

Taher Alkhateeb
Author: taher
Date: Wed Jul 18 06:30:15 2018
New Revision: 1836141

URL: http://svn.apache.org/viewvc?rev=1836141&view=rev
Log:
Improved: sanitized the output of XML-RPC when errors are reported.
(OFBIZ-10848)

This is implemented by overriding the parent "execute" method with a more
sanitized output for clarity and enhanced security.

Modified:
    ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/XmlRpcEventHandler.java

Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/XmlRpcEventHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/XmlRpcEventHandler.java?rev=1836141&r1=1836140&r2=1836141&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/XmlRpcEventHandler.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/XmlRpcEventHandler.java Wed Jul 18 06:30:15 2018
@@ -22,6 +22,7 @@ package org.apache.ofbiz.webapp.event;
 import static org.apache.ofbiz.base.util.UtilGenerics.checkMap;
 
 import java.io.BufferedReader;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
@@ -54,6 +55,7 @@ import org.apache.xmlrpc.XmlRpcRequest;
 import org.apache.xmlrpc.common.ServerStreamConnection;
 import org.apache.xmlrpc.common.XmlRpcHttpRequestConfig;
 import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;
+import org.apache.xmlrpc.common.XmlRpcStreamRequestConfig;
 import org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping;
 import org.apache.xmlrpc.server.XmlRpcHttpServer;
 import org.apache.xmlrpc.server.XmlRpcHttpServerConfig;
@@ -209,6 +211,60 @@ public class XmlRpcEventHandler extends
         }
     }
 
+    @Override
+    public void execute(XmlRpcStreamRequestConfig pConfig,
+            ServerStreamConnection pConnection) throws XmlRpcException {
+        try {
+            Object result = null;
+            boolean foundError = false;
+
+            try (InputStream istream = getInputStream(pConfig, pConnection)) {
+                XmlRpcRequest request = getRequest(pConfig, istream);
+                result = execute(request);
+            } catch (Exception e) {
+                Debug.logError(e, module);
+                foundError = true;
+            }
+
+            ByteArrayOutputStream baos;
+            OutputStream initialStream;
+            if (isContentLengthRequired(pConfig)) {
+                baos = new ByteArrayOutputStream();
+                initialStream = baos;
+            } else {
+                baos = null;
+                initialStream = pConnection.newOutputStream();
+            }
+
+            try (OutputStream ostream = getOutputStream(pConnection, pConfig, initialStream)) {
+                if (!foundError) {
+                    writeResponse(pConfig, ostream, result);
+                } else {
+                    writeError(pConfig, ostream, new Exception("Failed to read XML-RPC request. Please check logs for more information"));
+                }
+            }
+
+            if (baos != null) {
+                try (OutputStream dest = getOutputStream(pConfig, pConnection, baos.size())) {
+                    baos.writeTo(dest);
+                }
+            }
+
+            pConnection.close();
+            pConnection = null;
+        } catch (IOException e) {
+            throw new XmlRpcException("I/O error while processing request: " + e.getMessage(), e);
+        } finally {
+            if (pConnection != null) {
+                try {
+                    pConnection.close();
+                } catch (IOException e) {
+                    Debug.logError(e, "Unable to close stream connection");
+                }
+            }
+        }
+    }
+
     class ServiceRpcHandler extends AbstractReflectiveHandlerMapping implements XmlRpcHandler {
 
         public ServiceRpcHandler() {


Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r1836141 - /ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/XmlRpcEventHandler.java

Jacques Le Roux
Administrator

Hi Taher,

It's actually OFBIZ-10484 ;)

Jacques


Le 18/07/2018 à 08:30, [hidden email] a écrit :
Author: taher
Date: Wed Jul 18 06:30:15 2018
New Revision: 1836141

URL: http://svn.apache.org/viewvc?rev=1836141&view=rev
Log:
Improved: sanitized the output of XML-RPC when errors are reported.
(OFBIZ-10848)

This is implemented by overriding the parent "execute" method with a more
sanitized output for clarity and enhanced security.

Modified:
    ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/XmlRpcEventHandler.java

Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/XmlRpcEventHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/XmlRpcEventHandler.java?rev=1836141&r1=1836140&r2=1836141&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/XmlRpcEventHandler.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/XmlRpcEventHandler.java Wed Jul 18 06:30:15 2018
@@ -22,6 +22,7 @@ package org.apache.ofbiz.webapp.event;
 import static org.apache.ofbiz.base.util.UtilGenerics.checkMap;
 
 import java.io.BufferedReader;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
@@ -54,6 +55,7 @@ import org.apache.xmlrpc.XmlRpcRequest;
 import org.apache.xmlrpc.common.ServerStreamConnection;
 import org.apache.xmlrpc.common.XmlRpcHttpRequestConfig;
 import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;
+import org.apache.xmlrpc.common.XmlRpcStreamRequestConfig;
 import org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping;
 import org.apache.xmlrpc.server.XmlRpcHttpServer;
 import org.apache.xmlrpc.server.XmlRpcHttpServerConfig;
@@ -209,6 +211,60 @@ public class XmlRpcEventHandler extends
         }
     }
 
+    @Override
+    public void execute(XmlRpcStreamRequestConfig pConfig,
+            ServerStreamConnection pConnection) throws XmlRpcException {
+        try {
+            Object result = null;
+            boolean foundError = false;
+
+            try (InputStream istream = getInputStream(pConfig, pConnection)) {
+                XmlRpcRequest request = getRequest(pConfig, istream);
+                result = execute(request);
+            } catch (Exception e) {
+                Debug.logError(e, module);
+                foundError = true;
+            }
+
+            ByteArrayOutputStream baos;
+            OutputStream initialStream;
+            if (isContentLengthRequired(pConfig)) {
+                baos = new ByteArrayOutputStream();
+                initialStream = baos;
+            } else {
+                baos = null;
+                initialStream = pConnection.newOutputStream();
+            }
+
+            try (OutputStream ostream = getOutputStream(pConnection, pConfig, initialStream)) {
+                if (!foundError) {
+                    writeResponse(pConfig, ostream, result);
+                } else {
+                    writeError(pConfig, ostream, new Exception("Failed to read XML-RPC request. Please check logs for more information"));
+                }
+            }
+
+            if (baos != null) {
+                try (OutputStream dest = getOutputStream(pConfig, pConnection, baos.size())) {
+                    baos.writeTo(dest);
+                }
+            }
+
+            pConnection.close();
+            pConnection = null;
+        } catch (IOException e) {
+            throw new XmlRpcException("I/O error while processing request: " + e.getMessage(), e);
+        } finally {
+            if (pConnection != null) {
+                try {
+                    pConnection.close();
+                } catch (IOException e) {
+                    Debug.logError(e, "Unable to close stream connection");
+                }
+            }
+        }
+    }
+
     class ServiceRpcHandler extends AbstractReflectiveHandlerMapping implements XmlRpcHandler {
 
         public ServiceRpcHandler() {