Skip to content
Permalink
Browse files
- Moved the integration tests to the remoting module as they require …
…remoting to run (not ideal solution)

- Enabled the integation tests again
- Implemented a new serialization option "allow-xml" which is disabled per default which completely disables deserialization of xml documents.
  • Loading branch information
chrisdutz committed Feb 17, 2017
1 parent 94728dd commit a09196c2c4c425cbc9bd46bdf849cd9d0518dfc1
Showing 15 changed files with 135 additions and 35 deletions.
@@ -59,20 +59,6 @@ limitations under the License.
<scope>provided</scope>
</dependency>

<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<version>9.1.0.v20131115</version>
<scope>test</scope>
</dependency>

<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlet</artifactId>
<version>9.1.0.v20131115</version>
<scope>test</scope>
</dependency>

<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
@@ -109,6 +109,7 @@ public abstract class AbstractEndpoint extends ManageableComponent
private static final String LEGACY_THROWABLE = "legacy-throwable";
private static final String LEGACY_BIG_NUMBERS = "legacy-big-numbers";
private static final String LEGACY_EXTERNALIZABLE = "legacy-externalizable";
private static final String ALLOW_XML = "allow-xml";
private static final String ALLOW_XML_DOCTYPE_DECLARATION = "allow-xml-doctype-declaration";
private static final String ALLOW_XML_EXTERNAL_ENTITY_EXPANSION = "allow-xml-external-entity-expansion";

@@ -279,6 +280,7 @@ public void initialize(String id, ConfigMap properties)
serializationContext.legacyThrowable = serialization.getPropertyAsBoolean(LEGACY_THROWABLE, false);
serializationContext.legacyBigNumbers = serialization.getPropertyAsBoolean(LEGACY_BIG_NUMBERS, false);
serializationContext.legacyExternalizable = serialization.getPropertyAsBoolean(LEGACY_EXTERNALIZABLE, false);
serializationContext.allowXml = serialization.getPropertyAsBoolean(ALLOW_XML, false);
serializationContext.allowXmlDoctypeDeclaration = serialization.getPropertyAsBoolean(ALLOW_XML_DOCTYPE_DECLARATION, false);
serializationContext.allowXmlExternalEntityExpansion = serialization.getPropertyAsBoolean(ALLOW_XML_EXTERNAL_ENTITY_EXPANSION, false);
serializationContext.maxObjectNestLevel = (int)serialization.getPropertyAsLong(MAX_OBJECT_NEST_LEVEL, 512);
@@ -80,6 +80,7 @@ public class SerializationContext implements Serializable, Cloneable
// Similarly like how many dimensional matrix that we support for serialization.
public int maxCollectionNestLevel = 15;

public boolean allowXml = false;
public boolean allowXmlDoctypeDeclaration = false;
public boolean allowXmlExternalEntityExpansion = false;

@@ -228,6 +229,7 @@ public Object clone()
context.deserializationValidator = deserializationValidator;
context.maxObjectNestLevel = maxObjectNestLevel;
context.maxCollectionNestLevel = maxCollectionNestLevel;
context.allowXml = allowXml;
context.allowXmlDoctypeDeclaration = allowXmlDoctypeDeclaration;
context.allowXmlExternalEntityExpansion = allowXmlExternalEntityExpansion;
context.preferVectors = preferVectors;
@@ -29,6 +29,8 @@
import flex.messaging.io.SerializationContext;
import flex.messaging.io.SerializationException;
import flex.messaging.io.UnknownTypeException;
import flex.messaging.log.Log;
import flex.messaging.log.LogCategories;
import flex.messaging.util.ClassUtil;

/**
@@ -510,10 +512,18 @@ protected Object readXml() throws IOException
{
String xml = readLongUTF();

if (isDebug)
if (isDebug) {
trace.write(xml);
}

return stringToDocument(xml);
// Only deserialize xml if this is enabled.
if (context.allowXml) {
return stringToDocument(xml);
} else {
Log.getLogger(LogCategories.CONFIGURATION).warn(
"Xml deserialization is disabled, please enable by setting allowXml to 'true'");
return null;
}
}


@@ -33,6 +33,8 @@
import flex.messaging.io.SerializationException;
import flex.messaging.io.UnknownTypeException;
import flex.messaging.io.amf.AmfTrace.VectorType;
import flex.messaging.log.Log;
import flex.messaging.log.LogCategories;
import flex.messaging.util.ClassUtil;
import flex.messaging.util.Trace;

@@ -982,7 +984,14 @@ protected Object readXml() throws IOException
trace.write(xml);
}

return stringToDocument(xml);
// Only deserialize xml if this is enabled.
if (context.allowXml) {
return stringToDocument(xml);
} else {
Log.getLogger(LogCategories.CONFIGURATION).warn(
"Xml deserialization is disabled, please enable by setting allowXml to 'true'");
return null;
}
}

/**
@@ -564,6 +564,27 @@ public void close()
* @throws ClientStatusException If there is a client side exception.
*/
public void connect(String connectUrl) throws ClientStatusException
{
SerializationContext serializationContext = new SerializationContext();
serializationContext.createASObjectForMissingType = true;
// Make sure collections are written out as Arrays (vs. ArrayCollection),
// in case the server does not recognize ArrayCollections.
serializationContext.legacyCollection = true;
// When legacyMap is true, Java Maps are serialized as ECMA arrays
// instead of anonymous Object.
serializationContext.legacyMap = true;
connect(connectUrl, serializationContext);
}

/**
* Connects to the URL provided. Any previous connections are closed.
*
* @param connectUrl The url to connect to.
* @param serializationContext The serialization context used to configure the serialization.
*
* @throws ClientStatusException If there is a client side exception.
*/
public void connect(String connectUrl, SerializationContext serializationContext) throws ClientStatusException
{
if (connected)
close();
@@ -586,15 +607,7 @@ public void connect(String connectUrl) throws ClientStatusException
try
{
urlObject = new URL(encodedUrl != null? encodedUrl : url);

serializationContext = new SerializationContext();
serializationContext.createASObjectForMissingType = true;
// Make sure collections are written out as Arrays (vs. ArrayCollection),
// in case the server does not recognize ArrayCollections.
serializationContext.legacyCollection = true;
// When legacyMap is true, Java Maps are serialized as ECMA arrays
// instead of anonymous Object.
serializationContext.legacyMap = true;
this.serializationContext = serializationContext;
internalConnect();
}
catch (IOException e)
@@ -181,8 +181,7 @@
</configuration>
</plugin>

<!-- FIXME: Disabled the integrationtests for now -->
<!--plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId>
<executions>
@@ -193,7 +192,7 @@
</goals>
</execution>
</executions>
</plugin-->
</plugin>

<!-- Turned off till the JavaDoc tags are all correctly set -->
<plugin>
@@ -36,6 +36,20 @@ limitations under the License.
<version>${project.version}</version>
</dependency>

<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<version>9.1.0.v20131115</version>
<scope>test</scope>
</dependency>

<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlet</artifactId>
<version>9.1.0.v20131115</version>
<scope>test</scope>
</dependency>

<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
@@ -19,6 +19,7 @@
import java.util.Date;
import java.util.List;

import flex.messaging.io.SerializationContext;
import flex.messaging.util.TestServerWrapper;
import junit.extensions.TestSetup;
import org.w3c.dom.Document;
@@ -49,6 +50,7 @@ public class AMFDataTypeIT extends TestCase

private static TestServerWrapper serverWrapper;
private static int serverPort;
private static SerializationContext serializationContext;

/**
* Given a remote method name, returns the AMF connection call needed using
@@ -88,7 +90,9 @@ public static Test suite()
suite.addTest(new AMFDataTypeIT("testCallDoubleArgDoubleReturn"));
suite.addTest(new AMFDataTypeIT("testCallIntArrayArgIntArrayReturn"));
suite.addTest(new AMFDataTypeIT("testCallObjectArrayArgObjectArrayReturn"));
suite.addTest(new AMFDataTypeIT("testXMLDocument"));
suite.addTest(new AMFDataTypeIT("testXMLDocumentEnabledXml"));
suite.addTest(new AMFDataTypeIT("testXMLDocumentDisabledXml"));


return new TestSetup(suite) {
protected void setUp() throws Exception {
@@ -100,6 +104,17 @@ protected void setUp() throws Exception {
AMFConnection.registerAlias(
"remoting.amfclient.ServerCustomType" /* server type */,
"amfclient.ClientCustomType" /* client type */);

serializationContext = new SerializationContext();
serializationContext.createASObjectForMissingType = true;
// Make sure collections are written out as Arrays (vs. ArrayCollection),
// in case the server does not recognize ArrayCollections.
serializationContext.legacyCollection = true;
// When legacyMap is true, Java Maps are serialized as ECMA arrays
// instead of anonymous Object.
serializationContext.legacyMap = true;
// Disable serialization of xml documents.
serializationContext.allowXml = false;
}
protected void tearDown() throws Exception {
serverWrapper.stopServer();
@@ -421,11 +436,14 @@ public void onResult(Object result)
}
}

public void testXMLDocument()

public void testXMLDocumentEnabledXml()
{
try
{
// Temporarily enable xml serialization/deserialization.
serializationContext.allowXml = true;

String method = "echoObject1";
final StringBuffer xml = new StringBuffer(512);
xml.append("<test> <item id=\"1\"> <sweet/> </item></test>");
@@ -452,6 +470,43 @@ public void onResult(Object result)
{
fail(UNEXPECTED_EXCEPTION_STRING + e);
}
finally {
// Disable xml serialization/deserialization again.
serializationContext.allowXml = false;
}
}


public void testXMLDocumentDisabledXml()
{
try
{
String method = "echoObject1";
final StringBuffer xml = new StringBuffer(512);
xml.append("<test> <item id=\"1\"> <sweet/> </item></test>");

Document xmlDoc = XMLUtil.stringToDocument(xml.toString());
final Object methodArg = xmlDoc;
internalTestCall(getOperationCall(method), methodArg, new CallResultHandler(){
public void onResult(Object result)
{
try
{
Document retXmlDoc = (Document)result;
String retXML = XMLUtil.documentToString(retXmlDoc);
Assert.assertEquals("", retXML);
}
catch (Exception e)
{
fail(UNEXPECTED_EXCEPTION_STRING + e);
}
}
});
}
catch (Exception e)
{
fail(UNEXPECTED_EXCEPTION_STRING + e);
}
}

// A simple interface to handle AMF call results.
@@ -466,7 +521,7 @@ private void internalTestCall(String operation, Object methodArg, CallResultHand
{
AMFConnection amfConnection = new AMFConnection();
// Connect.
amfConnection.connect(getConnectionUrl());
amfConnection.connect(getConnectionUrl(), serializationContext);
// Make a remoting call and retrieve the result.
Object result;
if (methodArg == null)
@@ -45,7 +45,12 @@ public static void main(String args[]) throws Exception {
servlet.setInitParameter("services.configuration.file", configPath);
context.addServlet(servlet, "/messagebroker/amf/*");
server.setHandler(context);
server.start();
server.setDumpAfterStart(true);
try {
server.start();
} catch(Exception e) {
e.printStackTrace();
}

int port = ((ServerConnector) server.getConnectors()[0]).getLocalPort();
System.out.println("Port:" + port);
@@ -39,7 +39,7 @@ public int startServer(String configPath) {
final String path = System.getProperty("java.home") + separator + "bin" + separator + "java";
System.out.print("Starting test-server");
final ProcessBuilder processBuilder = new ProcessBuilder(path,
/*"-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=5005",*/
"-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=5005",
"-cp", /*"\"" +*/ classpath /*+ "\""*/,
TestServer.class.getCanonicalName(), /*"\"" +*/ configPath /*+ "\""*/);
processBuilder.redirectErrorStream(true);
@@ -26,6 +26,11 @@
<channels>
<channel-definition id="amf" class="mx.messaging.channels.AMFChannel">
<endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/amf" class="flex.messaging.endpoints.AMFEndpoint"/>
<properties>
<serialization>
<allow-xml>true</allow-xml>
</serialization>
</properties>
</channel-definition>
</channels>

0 comments on commit a09196c

Please sign in to comment.