[
https://issues.apache.org/jira/browse/SYNCOPE-418?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francesco Chicchiriccò updated SYNCOPE-418:
-------------------------------------------
Description:
Some entities have String keys that are currently accepted without any specific
bound (schema, resources, config parameters).
When, for example, a value like as an URL is provided, nothing special happens
during creation (because such value is embedded into a transfer object);
however, any subsequent read or delete, which would require passing the entity
key as part of the REST URL, will fail either with Spring MVC and CXF.
For example, as reported in mailing list [1], a user schema with name
'http://schemas.examples.org/security/authorization/organizationUnit' can be
created but will then be impossible to read or even delete since the REST URL
would be something like as
http://localhost:9080syncope/rest/schema/USER/read/http://schemas.examples.org/security/authorization/organizationUnit
After some search, it seems that it is neither Spring MVC nor CXF problem, but
instead the JEE container (like as Tomcat, for example) that needs some special
configuration for handling such URLs (see CXF-4207 for more details).
The most logical and straightforward solution seems to be just setting some
limits for the characters admitted; at a first glance, alphanumeric plus some
special characters (space, _, -, @, .) should be fine.
[1]
http://syncope-user.1051894.n5.nabble.com/Remove-attribute-in-user-schema-td5707312.html
was:
Some entities have String keys that are currently accepted without any specific
bound (schema, resources, config parameters).
When, for example, a value like as an URL is provided, nothing special happens
during creation (because such value is embedded into a transfer object);
however, any subsequent read or delete, which would require passing the entity
key as part of the REST URL, will fail either with Spring MVC and CXF.
For example, as [reported in mailing
list|http://syncope-user.1051894.n5.nabble.com/Remove-attribute-in-user-schema-td5707312.html],
a user schema with name
'http://schemas.examples.org/security/authorization/organizationUnit' can be
created but will then be impossible to read or even delete since the REST URL
would be something like as
http://localhost:9080syncope/rest/schema/USER/read/http://schemas.examples.org/security/authorization/organizationUnit
After some search, it seems that it is neither Spring MVC nor CXF problem, but
instead the JEE container (like as Tomcat, for example) that needs some special
configuration for handling such URLs (see CXF-4207 for more details).
The most logical and straightforward solution seems to be just setting some
limits for the characters admitted; at a first glance, alphanumeric plus some
special characters (space, _, -, @, .) should be fine.
> Special chars break REST URLs
> -----------------------------
>
> Key: SYNCOPE-418
> URL: https://issues.apache.org/jira/browse/SYNCOPE-418
> Project: Syncope
> Issue Type: Bug
> Components: core
> Affects Versions: 1.1.3
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Fix For: 1.1.4, 1.2.0
>
>
> Some entities have String keys that are currently accepted without any
> specific bound (schema, resources, config parameters).
> When, for example, a value like as an URL is provided, nothing special
> happens during creation (because such value is embedded into a transfer
> object); however, any subsequent read or delete, which would require passing
> the entity key as part of the REST URL, will fail either with Spring MVC and
> CXF.
> For example, as reported in mailing list [1], a user schema with name
> 'http://schemas.examples.org/security/authorization/organizationUnit' can be
> created but will then be impossible to read or even delete since the REST URL
> would be something like as
> http://localhost:9080syncope/rest/schema/USER/read/http://schemas.examples.org/security/authorization/organizationUnit
> After some search, it seems that it is neither Spring MVC nor CXF problem,
> but instead the JEE container (like as Tomcat, for example) that needs some
> special configuration for handling such URLs (see CXF-4207 for more details).
> The most logical and straightforward solution seems to be just setting some
> limits for the characters admitted; at a first glance, alphanumeric plus some
> special characters (space, _, -, @, .) should be fine.
> [1]
> http://syncope-user.1051894.n5.nabble.com/Remove-attribute-in-user-schema-td5707312.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
