[jira] [Commented] (CAMEL-11370) Problem with MTOM in Camel-CXF
[ https://issues.apache.org/jira/browse/CAMEL-11370?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16125522#comment-16125522 ] Joerg Kessler commented on CAMEL-11370: --- I did some further analysis. I am at the moment only referring to Camel 2.17.4 and CXF 3.1.9. I changed CXF so that it also accepts HybridSourceDataBinding and not just JAXBDataBinding (patch attached). I extended HybridSourceDataBinding so that createWriter() so that it also returns a writer for OutputStream (same as JAXBDataBinding). The only problem left is that the MTOM conversion seems to only work for DOMs So I added in DefaultCxfBinding a payload conversion to Document. I have added a patch for Camel-CXF. I also added a test that checks whether the incoming message contains an attachment. Without the modifications the test fails. Existing tests in Camel-CXF add this attachment as part of the test. But the problem is that HybridSourceDataBinding affects the MTOM conversion and therefore the complete processing must be tested. All existing tests are executed sucessfully with the above modifications. All in all it seems that the intrduction of HybridSourceDataBinding destroyed the ability to convert to MTOM format. What I implemented here is only a kind of repair. I am not sure whether this will have no side effects. My knowledge on this complex topic of payload conversion is rather limited. If you agree to this modification I can provide 'real' patches for the actual releases. > Problem with MTOM in Camel-CXF > -- > > Key: CAMEL-11370 > URL: https://issues.apache.org/jira/browse/CAMEL-11370 > Project: Camel > Issue Type: Bug > Components: camel-cxf >Reporter: Joerg Kessler >Priority: Minor > Attachments: > accept-also-sub-classes-of-orgapachecxfjaxbJAXBDataB.patch, > MTOM-conversion.patch, mtom.test.zip > > > I originally opened the issue on CXF: > https://issues.apache.org/jira/browse/CXF-7388 > but ther CXF guys think the problem is in camel-cxf. Please have a look at > this ticket. Basically the MTOM conversion seems not to work anymore when > using CXF in Camel. I provided a unit test that demonstrates the observed > behaviour. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (CAMEL-11370) Problem with MTOM in Camel-CXF
[ https://issues.apache.org/jira/browse/CAMEL-11370?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joerg Kessler updated CAMEL-11370: -- Attachment: MTOM-conversion.patch accept-also-sub-classes-of-orgapachecxfjaxbJAXBDataB.patch mtom.test.zip > Problem with MTOM in Camel-CXF > -- > > Key: CAMEL-11370 > URL: https://issues.apache.org/jira/browse/CAMEL-11370 > Project: Camel > Issue Type: Bug > Components: camel-cxf >Reporter: Joerg Kessler >Priority: Minor > Attachments: > accept-also-sub-classes-of-orgapachecxfjaxbJAXBDataB.patch, > MTOM-conversion.patch, mtom.test.zip > > > I originally opened the issue on CXF: > https://issues.apache.org/jira/browse/CXF-7388 > but ther CXF guys think the problem is in camel-cxf. Please have a look at > this ticket. Basically the MTOM conversion seems not to work anymore when > using CXF in Camel. I provided a unit test that demonstrates the observed > behaviour. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (CAMEL-11370) Problem with MTOM in Camel-CXF
[ https://issues.apache.org/jira/browse/CAMEL-11370?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joerg Kessler updated CAMEL-11370: -- Attachment: (was: MTOM-conversion.patch) > Problem with MTOM in Camel-CXF > -- > > Key: CAMEL-11370 > URL: https://issues.apache.org/jira/browse/CAMEL-11370 > Project: Camel > Issue Type: Bug > Components: camel-cxf >Reporter: Joerg Kessler >Priority: Minor > Attachments: > accept-also-sub-classes-of-orgapachecxfjaxbJAXBDataB.patch, > MTOM-conversion.patch, mtom.test.zip > > > I originally opened the issue on CXF: > https://issues.apache.org/jira/browse/CXF-7388 > but ther CXF guys think the problem is in camel-cxf. Please have a look at > this ticket. Basically the MTOM conversion seems not to work anymore when > using CXF in Camel. I provided a unit test that demonstrates the observed > behaviour. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (CAMEL-11370) Problem with MTOM in Camel-CXF
[ https://issues.apache.org/jira/browse/CAMEL-11370?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joerg Kessler updated CAMEL-11370: -- Attachment: MTOM-conversion.patch > Problem with MTOM in Camel-CXF > -- > > Key: CAMEL-11370 > URL: https://issues.apache.org/jira/browse/CAMEL-11370 > Project: Camel > Issue Type: Bug > Components: camel-cxf >Reporter: Joerg Kessler >Priority: Minor > Attachments: MTOM-conversion.patch > > > I originally opened the issue on CXF: > https://issues.apache.org/jira/browse/CXF-7388 > but ther CXF guys think the problem is in camel-cxf. Please have a look at > this ticket. Basically the MTOM conversion seems not to work anymore when > using CXF in Camel. I provided a unit test that demonstrates the observed > behaviour. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (CAMEL-11370) Problem with MTOM in Camel-CXF
[ https://issues.apache.org/jira/browse/CAMEL-11370?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16031058#comment-16031058 ] Joerg Kessler commented on CAMEL-11370: --- Please have a look at the ticket I posted on CXF. It contains a unit test that fails. I did some analysis and proposed a solution. But the solution leads to the next problem when I implemented it. It seems that the this Hybrid Data Binding class that is set by Camel CXF completely prevents the usage of MTOM. > Problem with MTOM in Camel-CXF > -- > > Key: CAMEL-11370 > URL: https://issues.apache.org/jira/browse/CAMEL-11370 > Project: Camel > Issue Type: Bug > Components: camel-cxf >Reporter: Joerg Kessler >Priority: Minor > > I originally opened the issue on CXF: > https://issues.apache.org/jira/browse/CXF-7388 > but ther CXF guys think the problem is in camel-cxf. Please have a look at > this ticket. Basically the MTOM conversion seems not to work anymore when > using CXF in Camel. I provided a unit test that demonstrates the observed > behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Created] (CAMEL-11370) Problem with MTOM in Camel-CXF
Joerg Kessler created CAMEL-11370: - Summary: Problem with MTOM in Camel-CXF Key: CAMEL-11370 URL: https://issues.apache.org/jira/browse/CAMEL-11370 Project: Camel Issue Type: Bug Reporter: Joerg Kessler I originally opened the issue on CXF: https://issues.apache.org/jira/browse/CXF-7388 but ther CXF guys think the problem is in camel-cxf. Please have a look at this ticket. Basically the MTOM conversion seems not to work anymore when using CXF in Camel. I provided a unit test that demonstrates the observed behaviour. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (CAMEL-9807) Blocking of CXF consumer endpoint by http GET request
[ https://issues.apache.org/jira/browse/CAMEL-9807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joerg Kessler updated CAMEL-9807: - Attachment: CXFTypeConverter.patch > Blocking of CXF consumer endpoint by http GET request > - > > Key: CAMEL-9807 > URL: https://issues.apache.org/jira/browse/CAMEL-9807 > Project: Camel > Issue Type: Bug > Components: camel-cxf >Affects Versions: 2.16.2 >Reporter: Joerg Kessler >Priority: Critical > Attachments: CXFTypeConverter.patch > > > Hi, > by chance we found a problem that can create a security risk. The scenario is > a CXF WS consumer endpoint configured without WSDL and right after that a > step, e.g. a setHeader that uses an XPath to access the CXF payload. When you > now create a http GET request on the endpoint (normally it should be POST) > then the error No type converter available to convert from type: > org.apache.camel.component.cxf.converter.CachedCxfPayload to the required > type: javax.xml.transform.sax.SAXSource with value > org.apache.camel.component.cxf.converter.CachedCxfPayload@45812dad > is thrown. > First of all it is surprising that CXF accepts the request. Second a type > conversion like that is possible. The reason for this error message is within > the type converter coding. The converter returns a null object for the not > existing payload of the GET request but this is interpreted as there is no > type converter available. One could say that this is just a bad error message > but more over the type converter is now kind of black-listed internally. That > means the next calls being correct or wrong will not look for a type > converter but return immedeately the above error. That means the endpoint is > blocked until the scenario is restarted. This seems to be more efficient than > a DOS attack (but of course one has to have access rights). I provide a > simple patch that raises a runtime exception in the CXF type converter when > there is no payload. I am not 100% sure whether this is the best way to fix > it. Maybe GET requests should be blocked already in CXF. I also could imagine > that somethin like that is also possible in other components. > We use Camel 2.16.2 and I tested it in CXF 2.16.3 and it is not fixed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (CAMEL-6514) SFTP: NPE if no private key file is supplied
Joerg Kessler created CAMEL-6514:
Summary: SFTP: NPE if no private key file is supplied
Key: CAMEL-6514
URL: https://issues.apache.org/jira/browse/CAMEL-6514
Project: Camel
Issue Type: Bug
Components: camel-ftp
Affects Versions: 2.10.4
Reporter: Joerg Kessler
Priority: Minor
Hi,
a NPE is thrown if no private key file is supplied in the configuration for
SFTP. The error is
Caused by: java.lang.NullPointerException: while trying to get the length of an
array loaded from local variable 'foo'
at com.jcraft.jsch.Buffer.putString(Buffer.java:59)
I have analysed the code a bit and found that the problem is caused
by the class SftpOperations. The method createSession sets the userInfo for the
seesion by an inline class. Here the method promptKeyboardInteractive does not
work correctly if no private key file is supplied. In that case JSCH switches
to user/pw authorization and this method is called. But since there is no
password maintained the configation object returns NULL. The present
implementation adds it to the string array causing the error in JSCH. JSCH
either wants a NULL string array or an empty string array (I have tested both).
So the code should look e.g. as follows:
public String[] promptKeyboardInteractive(String destination,
String name, String instruction, String[] prompt, boolean[] echo) {
String password = configuration.getPassword();
if (password == null) {
return new String[0];
} else {
return new String[] { password };
}
}
With that change JSCH returns
Caused by: java.io.FileNotFoundException: ./data/ssh/id_rsa (No such file or
directory)
at java.io.FileInputStream.open(Native Method)
and that is the real cause of the error
Best Regards,
Jörg
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
