[
http://jira.jboss.com/jira/browse/JBREM-809?page=comments#action_12398876 ]
Ron Sigal commented on JBREM-809:
---------------------------------
org.jboss.remoting.marshal.http.HTTPUnMarshaller can optionally preserve line feed /
carriage return characters.
To do so, the configuration parameter HTTPUnMarshaller.PRESERVE_LINES (actual value
"preserveLines") must have a value of "true" in the metadata map
passed to HTTPUnMarshaller.read().
On the server side, org.jboss.remoting.transport.coyote.CoyoteInvoker may be configured
with the PRESERVE_LINES parameter by
1. putting it in the org.jboss.remoting.ServerConfiguration object to be injected by the
Microcontainer (when running in the Application Server)
2. putting it in the configuration map passed to the
org.jboss.remoting.transport.Connector
3. adding it to the org.jboss.remoting.InvokerLocator
CoyoteInvoker will then pass the configured value to the HTTPUnMarshaller.
On the client side, org.jboss.remoting.transport.http.HTTPClientInvoker may be configured
with the PRESERVE_LINES parameter by
1. putting it in the configuration map passed to the org.jboss.remoting.Client
constructor
2. adding it to the org.jboss.remoting.InvokerLocator
3. putting it in the metadata map passed to org.jboss.remoting.Client.invoke().
HTTPClientInvoker will then pass the configured value to the HTTPUnMarshaller.
Unit tests:
org.jboss.test.remoting.transport.http.lines.HttpLinePreservationTestCase
org.jboss.test.remoting.transport.http.ssl.lines.HttpsLinePreservationTestCase
Waiting for hudson results.
Verify that the behavior of the HTTPUnMarshaller re stripping CR and
LF characters is correct
---------------------------------------------------------------------------------------------
Key: JBREM-809
URL:
http://jira.jboss.com/jira/browse/JBREM-809
Project: JBoss Remoting
Issue Type: Task
Security Level: Public(Everyone can see)
Components: marshall
Affects Versions: 2.4.0.Beta1 (Pinto), 2.2.2.SP1
Reporter: Tom Fennelly
Assigned To: Ron Sigal
Fix For: 2.4.0.CR1 (Pinto)
At the moment, the HTTPUnMarshaller uses a BufferedReader to read a HTTP char stream.
This causes it to modify the message payload by removing the CR and LF characters. This
causes a problem for us on the ESB because it means that signature checks fail on signed
SOAP messages since the sig was generated from the message containing the CR and LF chars.
It's even worse than that... it actually corrupts the signature within the message
because the canonical form of the sig contains CRLF chars.
We got around this in the ESB (in the short term) by setting our own modified version of
the HTTPUnMarshaller - one that doesn't use a BufferedReader.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira