- Moved the integration tests to the remoting module as they require …

…remoting to run (not ideal solution)

- Enabled the integation tests again
- Implemented a new serialization option "allow-xml" which is disabled per default which completely disables deserialization of xml documents.

core/pom.xml

@@ -59,20 +59,6 @@ limitations under the License.
       <scope>provided</scope>
     </dependency>
 
-    <dependency>
-      <groupId>org.eclipse.jetty</groupId>
-      <artifactId>jetty-server</artifactId>
-      <version>9.1.0.v20131115</version>
-      <scope>test</scope>
-    </dependency>
-
-    <dependency>
-      <groupId>org.eclipse.jetty</groupId>
-      <artifactId>jetty-servlet</artifactId>
-      <version>9.1.0.v20131115</version>
-      <scope>test</scope>
-    </dependency>
-
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>

core/src/main/java/flex/messaging/endpoints/AbstractEndpoint.java

@@ -109,6 +109,7 @@ public abstract class AbstractEndpoint extends ManageableComponent
     private static final String LEGACY_THROWABLE = "legacy-throwable";
     private static final String LEGACY_BIG_NUMBERS = "legacy-big-numbers";
     private static final String LEGACY_EXTERNALIZABLE = "legacy-externalizable";
+    private static final String ALLOW_XML = "allow-xml";
     private static final String ALLOW_XML_DOCTYPE_DECLARATION = "allow-xml-doctype-declaration";
     private static final String ALLOW_XML_EXTERNAL_ENTITY_EXPANSION = "allow-xml-external-entity-expansion";
 
@@ -279,6 +280,7 @@ public void initialize(String id, ConfigMap properties)
             serializationContext.legacyThrowable = serialization.getPropertyAsBoolean(LEGACY_THROWABLE, false);
             serializationContext.legacyBigNumbers = serialization.getPropertyAsBoolean(LEGACY_BIG_NUMBERS, false);
             serializationContext.legacyExternalizable = serialization.getPropertyAsBoolean(LEGACY_EXTERNALIZABLE, false);
+            serializationContext.allowXml = serialization.getPropertyAsBoolean(ALLOW_XML, false);
             serializationContext.allowXmlDoctypeDeclaration = serialization.getPropertyAsBoolean(ALLOW_XML_DOCTYPE_DECLARATION, false);
             serializationContext.allowXmlExternalEntityExpansion = serialization.getPropertyAsBoolean(ALLOW_XML_EXTERNAL_ENTITY_EXPANSION, false);
             serializationContext.maxObjectNestLevel = (int)serialization.getPropertyAsLong(MAX_OBJECT_NEST_LEVEL, 512);

core/src/main/java/flex/messaging/io/SerializationContext.java

@@ -80,6 +80,7 @@ public class SerializationContext implements Serializable, Cloneable
     // Similarly like how many dimensional matrix that we support for serialization.
     public int maxCollectionNestLevel = 15;
 
+    public boolean allowXml = false;
     public boolean allowXmlDoctypeDeclaration = false;
     public boolean allowXmlExternalEntityExpansion = false;
 
@@ -228,6 +229,7 @@ public Object clone()
             context.deserializationValidator = deserializationValidator;
             context.maxObjectNestLevel = maxObjectNestLevel;
             context.maxCollectionNestLevel = maxCollectionNestLevel;
+            context.allowXml = allowXml;
             context.allowXmlDoctypeDeclaration = allowXmlDoctypeDeclaration;
             context.allowXmlExternalEntityExpansion = allowXmlExternalEntityExpansion;
             context.preferVectors = preferVectors;

core/src/main/java/flex/messaging/io/amf/Amf0Input.java

@@ -29,6 +29,8 @@
 import flex.messaging.io.SerializationContext;
 import flex.messaging.io.SerializationException;
 import flex.messaging.io.UnknownTypeException;
+import flex.messaging.log.Log;
+import flex.messaging.log.LogCategories;
 import flex.messaging.util.ClassUtil;
 
 /**
@@ -510,10 +512,18 @@ protected Object readXml() throws IOException
     {
         String xml = readLongUTF();
 
-        if (isDebug)
+        if (isDebug) {
             trace.write(xml);
+        }
 
-        return stringToDocument(xml);
+        // Only deserialize xml if this is enabled.
+        if (context.allowXml) {
+            return stringToDocument(xml);
+        } else {
+            Log.getLogger(LogCategories.CONFIGURATION).warn(
+                    "Xml deserialization is disabled, please enable by setting allowXml to 'true'");
+            return null;
+        }
     }
 
 

core/src/main/java/flex/messaging/io/amf/Amf3Input.java

@@ -33,6 +33,8 @@
 import flex.messaging.io.SerializationException;
 import flex.messaging.io.UnknownTypeException;
 import flex.messaging.io.amf.AmfTrace.VectorType;
+import flex.messaging.log.Log;
+import flex.messaging.log.LogCategories;
 import flex.messaging.util.ClassUtil;
 import flex.messaging.util.Trace;
 
@@ -982,7 +984,14 @@ protected Object readXml() throws IOException
                 trace.write(xml);
         }
 
-        return stringToDocument(xml);
+        // Only deserialize xml if this is enabled.
+        if (context.allowXml) {
+            return stringToDocument(xml);
+        } else {
+            Log.getLogger(LogCategories.CONFIGURATION).warn(
+                    "Xml deserialization is disabled, please enable by setting allowXml to 'true'");
+            return null;
+        }
     }
 
     /**

core/src/main/java/flex/messaging/io/amf/client/AMFConnection.java

@@ -564,6 +564,27 @@ public void close()
      * @throws ClientStatusException If there is a client side exception.
      */
     public void connect(String connectUrl) throws ClientStatusException
+    {
+        SerializationContext serializationContext = new SerializationContext();
+        serializationContext.createASObjectForMissingType = true;
+        // Make sure collections are written out as Arrays (vs. ArrayCollection),
+        // in case the server does not recognize ArrayCollections.
+        serializationContext.legacyCollection = true;
+        // When legacyMap is true, Java Maps are serialized as ECMA arrays
+        // instead of anonymous Object.
+        serializationContext.legacyMap = true;
+        connect(connectUrl, serializationContext);
+    }
+
+    /**
+     * Connects to the URL provided. Any previous connections are closed.
+     *
+     * @param connectUrl The url to connect to.
+     * @param serializationContext The serialization context used to configure the serialization.
+     *
+     * @throws ClientStatusException If there is a client side exception.
+     */
+    public void connect(String connectUrl, SerializationContext serializationContext) throws ClientStatusException
     {
         if (connected)
             close();
@@ -586,15 +607,7 @@ public void connect(String connectUrl) throws ClientStatusException
         try
         {
             urlObject = new URL(encodedUrl != null? encodedUrl : url);
-
-            serializationContext = new SerializationContext();
-            serializationContext.createASObjectForMissingType = true;
-            // Make sure collections are written out as Arrays (vs. ArrayCollection),
-            // in case the server does not recognize ArrayCollections.
-            serializationContext.legacyCollection = true;
-            // When legacyMap is true, Java Maps are serialized as ECMA arrays
-            // instead of anonymous Object.
-            serializationContext.legacyMap = true;
+            this.serializationContext = serializationContext;
             internalConnect();
         }
         catch (IOException e)

pom.xml

@@ -181,8 +181,7 @@
         </configuration>
       </plugin>
 
-      <!-- FIXME: Disabled the integrationtests for now -->
-      <!--plugin>
+      <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-failsafe-plugin</artifactId>
         <executions>
@@ -193,7 +192,7 @@
             </goals>
           </execution>
         </executions>
-      </plugin-->
+      </plugin>
 
       <!-- Turned off till the JavaDoc tags are all correctly set -->
       <plugin>

remoting/pom.xml

@@ -36,6 +36,20 @@ limitations under the License.
       <version>${project.version}</version>
     </dependency>
 
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-server</artifactId>
+      <version>9.1.0.v20131115</version>
+      <scope>test</scope>
+    </dependency>
+
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-servlet</artifactId>
+      <version>9.1.0.v20131115</version>
+      <scope>test</scope>
+    </dependency>
+
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>

core/src/test/java/flex/messaging/io/amf/client/AMFDataTypeIT.java → remoting/src/test/java/flex/messaging/io/amf/client/AMFDataTypeIT.java

@@ -19,6 +19,7 @@
 import java.util.Date;
 import java.util.List;
 
+import flex.messaging.io.SerializationContext;
 import flex.messaging.util.TestServerWrapper;
 import junit.extensions.TestSetup;
 import org.w3c.dom.Document;
@@ -49,6 +50,7 @@ public class AMFDataTypeIT extends TestCase
 
     private static TestServerWrapper serverWrapper;
     private static int serverPort;
+    private static SerializationContext serializationContext;
 
     /**
      * Given a remote method name, returns the AMF connection call needed using
@@ -88,7 +90,9 @@ public static Test suite()
         suite.addTest(new AMFDataTypeIT("testCallDoubleArgDoubleReturn"));
         suite.addTest(new AMFDataTypeIT("testCallIntArrayArgIntArrayReturn"));
         suite.addTest(new AMFDataTypeIT("testCallObjectArrayArgObjectArrayReturn"));
-        suite.addTest(new AMFDataTypeIT("testXMLDocument"));
+        suite.addTest(new AMFDataTypeIT("testXMLDocumentEnabledXml"));
+        suite.addTest(new AMFDataTypeIT("testXMLDocumentDisabledXml"));
+
 
         return new TestSetup(suite) {
             protected void setUp() throws Exception {
@@ -100,6 +104,17 @@ protected void setUp() throws Exception {
                 AMFConnection.registerAlias(
                         "remoting.amfclient.ServerCustomType" /* server type */,
                         "amfclient.ClientCustomType" /* client type */);
+
+                serializationContext = new SerializationContext();
+                serializationContext.createASObjectForMissingType = true;
+                // Make sure collections are written out as Arrays (vs. ArrayCollection),
+                // in case the server does not recognize ArrayCollections.
+                serializationContext.legacyCollection = true;
+                // When legacyMap is true, Java Maps are serialized as ECMA arrays
+                // instead of anonymous Object.
+                serializationContext.legacyMap = true;
+                // Disable serialization of xml documents.
+                serializationContext.allowXml = false;
             }
             protected void tearDown() throws Exception {
                 serverWrapper.stopServer();
@@ -421,11 +436,14 @@ public void onResult(Object result)
         }
     }
 
-  
-    public void testXMLDocument()
+
+    public void testXMLDocumentEnabledXml()
     {
         try
         {
+            // Temporarily enable xml serialization/deserialization.
+            serializationContext.allowXml = true;
+
             String method = "echoObject1";
             final StringBuffer xml = new StringBuffer(512);
             xml.append("<test>    <item id=\"1\">        <sweet/>    </item></test>");
@@ -452,6 +470,43 @@ public void onResult(Object result)
         {
             fail(UNEXPECTED_EXCEPTION_STRING + e);
         }
+        finally {
+            // Disable xml serialization/deserialization again.
+            serializationContext.allowXml = false;
+        }
+    }
+
+
+    public void testXMLDocumentDisabledXml()
+    {
+        try
+        {
+            String method = "echoObject1";
+            final StringBuffer xml = new StringBuffer(512);
+            xml.append("<test>    <item id=\"1\">        <sweet/>    </item></test>");
+
+            Document xmlDoc = XMLUtil.stringToDocument(xml.toString());
+            final Object methodArg = xmlDoc;
+            internalTestCall(getOperationCall(method), methodArg, new CallResultHandler(){
+                public void onResult(Object result)
+                {
+                    try
+                    {
+                        Document retXmlDoc = (Document)result;
+                        String retXML = XMLUtil.documentToString(retXmlDoc);
+                        Assert.assertEquals("", retXML);
+                    }
+                    catch (Exception e)
+                    {
+                        fail(UNEXPECTED_EXCEPTION_STRING + e);
+                    }
+                }
+            });
+        }
+        catch (Exception e)
+        {
+            fail(UNEXPECTED_EXCEPTION_STRING + e);
+        }
     }
 
     // A simple interface to handle AMF call results.
@@ -466,7 +521,7 @@ private void internalTestCall(String operation, Object methodArg, CallResultHand
     {
         AMFConnection amfConnection = new AMFConnection();
         // Connect.
-        amfConnection.connect(getConnectionUrl());
+        amfConnection.connect(getConnectionUrl(), serializationContext);
         // Make a remoting call and retrieve the result.
         Object result;
         if (methodArg == null)

core/src/test/java/flex/messaging/util/TestServer.java → remoting/src/test/java/flex/messaging/util/TestServer.java

@@ -45,7 +45,12 @@ public static void main(String args[]) throws Exception {
         servlet.setInitParameter("services.configuration.file", configPath);
         context.addServlet(servlet, "/messagebroker/amf/*");
         server.setHandler(context);
-        server.start();
+        server.setDumpAfterStart(true);
+        try {
+            server.start();
+        } catch(Exception e) {
+            e.printStackTrace();
+        }
 
         int port = ((ServerConnector) server.getConnectors()[0]).getLocalPort();
         System.out.println("Port:" + port);

core/src/test/java/flex/messaging/util/TestServerWrapper.java → remoting/src/test/java/flex/messaging/util/TestServerWrapper.java

@@ -39,7 +39,7 @@ public int startServer(String configPath) {
         final String path = System.getProperty("java.home") + separator + "bin" + separator + "java";
         System.out.print("Starting test-server");
         final ProcessBuilder processBuilder = new ProcessBuilder(path,
-                /*"-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=5005",*/
+                "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=5005",
                 "-cp", /*"\"" +*/ classpath /*+ "\""*/,
                 TestServer.class.getCanonicalName(), /*"\"" +*/ configPath /*+ "\""*/);
         processBuilder.redirectErrorStream(true);

core/src/test/resources/WEB-INF/flex/services-config.xml → remoting/src/test/resources/WEB-INF/flex/services-config.xml

@@ -26,6 +26,11 @@
     <channels>
         <channel-definition id="amf" class="mx.messaging.channels.AMFChannel">
             <endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/amf" class="flex.messaging.endpoints.AMFEndpoint"/>
+            <properties>
+                <serialization>
+                    <allow-xml>true</allow-xml>
+                </serialization>
+            </properties>
         </channel-definition>
     </channels>