[ https://issues.apache.org/jira/browse/SYNCOPE-418?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Francesco Chicchiriccò updated SYNCOPE-418: ------------------------------------------- Description: Some entities have String keys that are currently accepted without any specific bound (schema, resources, config parameters). When, for example, a value like as an URL is provided, nothing special happens during creation (because such value is embedded into a transfer object); however, any subsequent read or delete, which would require passing the entity key as part of the REST URL, will fail either with Spring MVC and CXF. For example, as reported in mailing list [1], a user schema with name 'http://schemas.examples.org/security/authorization/organizationUnit' can be created but will then be impossible to read or even delete since the REST URL would be something like as http://localhost:9080syncope/rest/schema/USER/read/http://schemas.examples.org/security/authorization/organizationUnit After some search, it seems that it is neither Spring MVC nor CXF problem, but instead the JEE container (like as Tomcat, for example) that needs some special configuration for handling such URLs (see CXF-4207 for more details). The most logical and straightforward solution seems to be just setting some limits for the characters admitted; at a first glance, alphanumeric plus some special characters (space, _, -, @, .) should be fine. [1] http://syncope-user.1051894.n5.nabble.com/Remove-attribute-in-user-schema-td5707312.html was: Some entities have String keys that are currently accepted without any specific bound (schema, resources, config parameters). When, for example, a value like as an URL is provided, nothing special happens during creation (because such value is embedded into a transfer object); however, any subsequent read or delete, which would require passing the entity key as part of the REST URL, will fail either with Spring MVC and CXF. For example, as [reported in mailing list|http://syncope-user.1051894.n5.nabble.com/Remove-attribute-in-user-schema-td5707312.html], a user schema with name 'http://schemas.examples.org/security/authorization/organizationUnit' can be created but will then be impossible to read or even delete since the REST URL would be something like as http://localhost:9080syncope/rest/schema/USER/read/http://schemas.examples.org/security/authorization/organizationUnit After some search, it seems that it is neither Spring MVC nor CXF problem, but instead the JEE container (like as Tomcat, for example) that needs some special configuration for handling such URLs (see CXF-4207 for more details). The most logical and straightforward solution seems to be just setting some limits for the characters admitted; at a first glance, alphanumeric plus some special characters (space, _, -, @, .) should be fine. > Special chars break REST URLs > ----------------------------- > > Key: SYNCOPE-418 > URL: https://issues.apache.org/jira/browse/SYNCOPE-418 > Project: Syncope > Issue Type: Bug > Components: core > Affects Versions: 1.1.3 > Reporter: Francesco Chicchiriccò > Assignee: Francesco Chicchiriccò > Fix For: 1.1.4, 1.2.0 > > > Some entities have String keys that are currently accepted without any > specific bound (schema, resources, config parameters). > When, for example, a value like as an URL is provided, nothing special > happens during creation (because such value is embedded into a transfer > object); however, any subsequent read or delete, which would require passing > the entity key as part of the REST URL, will fail either with Spring MVC and > CXF. > For example, as reported in mailing list [1], a user schema with name > 'http://schemas.examples.org/security/authorization/organizationUnit' can be > created but will then be impossible to read or even delete since the REST URL > would be something like as > http://localhost:9080syncope/rest/schema/USER/read/http://schemas.examples.org/security/authorization/organizationUnit > After some search, it seems that it is neither Spring MVC nor CXF problem, > but instead the JEE container (like as Tomcat, for example) that needs some > special configuration for handling such URLs (see CXF-4207 for more details). > The most logical and straightforward solution seems to be just setting some > limits for the characters admitted; at a first glance, alphanumeric plus some > special characters (space, _, -, @, .) should be fine. > [1] > http://syncope-user.1051894.n5.nabble.com/Remove-attribute-in-user-schema-td5707312.html -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira