abhiishek26 commented on code in PR #984:
URL: https://github.com/apache/ranger/pull/984#discussion_r3333741296
##########
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java:
##########
@@ -734,6 +734,26 @@ public RangerService createService(RangerService service) {
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.UPDATE_SERVICE + "\")")
public RangerService updateService(RangerService service, @Context
HttpServletRequest request) {
LOG.debug("==> ServiceREST.updateService(): {}", service);
+ // if service.id and param 'id' are specified, service.id should be
same as the param 'id'
+ // if service.id is null, then set param 'id' into service Object
+ if (request != null) {
+ String requestURI = request.getRequestURI();
+ if (requestURI != null) {
+ String[] parts = requestURI.split("/");
Review Comment:
> Can this result in parts being null? Please check
Since the condition is if (requestURI != null). it will check that the
request url is not null . if it is null it will not allow to enter in the if
block and will not allow to do the split and form array .
and if we consider the case like this
http://localhost:6080/service/plugins/services/. where no id is passed in url
although a blank "" will be present in the String[] parts array but it will
throw NumberFormatException which has been handled .
To test the above cases I had created a build with these changes so if there
no id provided which leads to null it throws status 405 .
and when there is mismatch it throws status 400 .
Are my these right or some change is required ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
