date:20210718

[axis-axis2-java-core] branch master updated: JSON, make sure the messageName that starts the JSON String passed in via the client matches the Axis2 server operation name defined in the service class

2021-07-18 Thread robertlazarski

This is an automated email from the ASF dual-hosted git repository.

robertlazarski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-core.git


The following commit(s) were added to refs/heads/master by this push:
 new 620d35f  JSON, make sure the messageName that starts the JSON String 
passed in via the client matches the Axis2 server operation name defined in the 
service class
620d35f is described below

commit 620d35fd7e6e5926a2089212b189de7cfd325f2b
Author: Robert Lazarski 
AuthorDate: Sun Jul 18 17:12:03 2021 -0400

JSON, make sure the messageName that starts the JSON String passed in via 
the client matches the Axis2 server operation name defined in the service class
---
 .../src/org/apache/axis2/json/gson/GsonXMLStreamReader.java |  1 +
 .../src/org/apache/axis2/json/gson/GsonXMLStreamWriter.java |  5 +
 .../src/org/apache/axis2/json/gson/JSONMessageHandler.java  | 13 ++---
 .../json/src/org/apache/axis2/json/gson/JsonBuilder.java|  1 +
 .../json/src/org/apache/axis2/json/gson/JsonFormatter.java  |  1 +
 .../axis2/json/gson/rpc/JsonInOnlyRPCMessageReceiver.java   |  1 +
 .../json/src/org/apache/axis2/json/gson/rpc/JsonUtils.java  |  7 +++
 .../src/org/apache/axis2/json/moshi/JSONMessageHandler.java | 11 ---
 .../json/src/org/apache/axis2/json/moshi/JsonBuilder.java   |  1 +
 .../json/src/org/apache/axis2/json/moshi/JsonFormatter.java |  1 +
 .../org/apache/axis2/json/moshi/MoshiXMLStreamReader.java   |  1 +
 .../org/apache/axis2/json/moshi/MoshiXMLStreamWriter.java   |  1 +
 .../axis2/json/moshi/rpc/JsonInOnlyRPCMessageReceiver.java  |  1 +
 .../json/src/org/apache/axis2/json/moshi/rpc/JsonUtils.java |  4 
 .../dispatchers/RequestURIBasedOperationDispatcher.java |  2 +-
 15 files changed, 36 insertions(+), 15 deletions(-)

diff --git 
a/modules/json/src/org/apache/axis2/json/gson/GsonXMLStreamReader.java 
b/modules/json/src/org/apache/axis2/json/gson/GsonXMLStreamReader.java
index 3823546..9184ce6 100644
--- a/modules/json/src/org/apache/axis2/json/gson/GsonXMLStreamReader.java
+++ b/modules/json/src/org/apache/axis2/json/gson/GsonXMLStreamReader.java
@@ -133,6 +133,7 @@ public class GsonXMLStreamReader implements XMLStreamReader 
{
 newNodeMap.put(elementQname, mainXmlNode);
 configContext.setProperty(JsonConstant.XMLNODES, newNodeMap);
 }
+log.debug("GsonXMLStreamReader.process() completed");
 isProcessed = true;
 }
 
diff --git 
a/modules/json/src/org/apache/axis2/json/gson/GsonXMLStreamWriter.java 
b/modules/json/src/org/apache/axis2/json/gson/GsonXMLStreamWriter.java
index 95646b1..2890a90 100644
--- a/modules/json/src/org/apache/axis2/json/gson/GsonXMLStreamWriter.java
+++ b/modules/json/src/org/apache/axis2/json/gson/GsonXMLStreamWriter.java
@@ -26,6 +26,8 @@ import org.apache.axis2.json.factory.JsonConstant;
 import org.apache.axis2.json.factory.JsonObject;
 import org.apache.axis2.json.factory.XmlNode;
 import org.apache.axis2.json.factory.XmlNodeGenerator;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.apache.ws.commons.schema.XmlSchema;
 
 import javax.xml.namespace.NamespaceContext;
@@ -43,6 +45,8 @@ import java.util.Stack;
 
 public class GsonXMLStreamWriter implements XMLStreamWriter {
 
+private static final Log log = 
LogFactory.getLog(GsonXMLStreamWriter.class);
+
 private JsonWriter jsonWriter;
 
 /**
@@ -125,6 +129,7 @@ public class GsonXMLStreamWriter implements XMLStreamWriter 
{
 }
 isProcessed = true;
 this.jsonWriter.beginObject();
+log.debug("GsonXMLStreamWriter.process() completed");
 }
 
 
diff --git 
a/modules/json/src/org/apache/axis2/json/gson/JSONMessageHandler.java 
b/modules/json/src/org/apache/axis2/json/gson/JSONMessageHandler.java
index 4a75d95..7cee12a 100644
--- a/modules/json/src/org/apache/axis2/json/gson/JSONMessageHandler.java
+++ b/modules/json/src/org/apache/axis2/json/gson/JSONMessageHandler.java
@@ -65,12 +65,15 @@ public class JSONMessageHandler extends AbstractHandler {
 public InvocationResponse invoke(MessageContext msgContext) throws 
AxisFault {
 AxisOperation axisOperation = msgContext.getAxisOperation();
 if (axisOperation != null) {
+log.debug("Axis operation has been found from the MessageContext, 
proceeding with the JSON request");
 MessageReceiver messageReceiver = 
axisOperation.getMessageReceiver();
 if (messageReceiver instanceof JsonRpcMessageReceiver || 
messageReceiver instanceof JsonInOnlyRPCMessageReceiver) {
 // do not need to parse XMLSchema list, as  this message 
receiver will not use GsonXMLStreamReader  to read the inputStream.
 } else {
+log.debug("JSON MessageReceiver found, proceeding with the 
JSON request");
 Object tempObj = 
msgContext.getProperty(JsonConstant.IS_

[axis-axis2-java-core] branch master updated: use HTML encoding on JSON return strings ... starting with the GSON implementation

2021-07-18 Thread robertlazarski

This is an automated email from the ASF dual-hosted git repository.

robertlazarski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-core.git


The following commit(s) were added to refs/heads/master by this push:
 new f767197  use HTML encoding on JSON return strings ... starting with 
the GSON implementation
f767197 is described below

commit f767197673a67d3355ed2a4f856e52b26c1d82ec
Author: Robert Lazarski 
AuthorDate: Sun Jul 18 17:37:51 2021 -0400

use HTML encoding on JSON return strings ... starting with the GSON 
implementation
---
 .../axis2/json/gson/JsonHtmlXssSerializer.java | 39 ++
 1 file changed, 39 insertions(+)

diff --git 
a/modules/json/src/org/apache/axis2/json/gson/JsonHtmlXssSerializer.java 
b/modules/json/src/org/apache/axis2/json/gson/JsonHtmlXssSerializer.java
new file mode 100644
index 000..619c1ae
--- /dev/null
+++ b/modules/json/src/org/apache/axis2/json/gson/JsonHtmlXssSerializer.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.axis2.json.gson;
+
+import org.owasp.encoder.Encode;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonPrimitive;
+import com.google.gson.JsonSerializationContext;
+import com.google.gson.JsonSerializer;
+import java.lang.reflect.Type;
+
+public class JsonHtmlXssSerializer implements JsonSerializer {
+
+   @Override
+   public JsonElement serialize(String src, Type typeOfSrc,
+   JsonSerializationContext context) {
+
+   return new JsonPrimitive(Encode.forHtmlContent(src));
+
+   }
+}

[axis-axis2-java-core] branch master updated: use HTML encoding on JSON return strings, with the Moshi implementation also

2021-07-18 Thread robertlazarski

This is an automated email from the ASF dual-hosted git repository.

robertlazarski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-core.git


The following commit(s) were added to refs/heads/master by this push:
 new a0c5e60  use HTML encoding on JSON return strings, with the Moshi 
implementation also
a0c5e60 is described below

commit a0c5e6040ef9e87d050da6237852e034548d5cb4
Author: Robert Lazarski 
AuthorDate: Sun Jul 18 18:30:43 2021 -0400

use HTML encoding on JSON return strings, with the Moshi implementation also
---
 .../org/apache/axis2/json/moshi/JsonFormatter.java |  2 +-
 .../axis2/json/moshi/JsonHtmlXssSerializer.java| 48 ++
 2 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/modules/json/src/org/apache/axis2/json/moshi/JsonFormatter.java 
b/modules/json/src/org/apache/axis2/json/moshi/JsonFormatter.java
index 5785849..941451e 100644
--- a/modules/json/src/org/apache/axis2/json/moshi/JsonFormatter.java
+++ b/modules/json/src/org/apache/axis2/json/moshi/JsonFormatter.java
@@ -60,7 +60,7 @@ public class JsonFormatter implements MessageFormatter {
 String msg;
 
 try {
-Moshi moshi = new Moshi.Builder().add(Date.class, new 
Rfc3339DateJsonAdapter()).build();
+Moshi moshi = new Moshi.Builder().add(String.class, new 
JsonHtmlXssSerializer()).add(Date.class, new Rfc3339DateJsonAdapter()).build();
 JsonAdapter adapter = moshi.adapter(Object.class);
 BufferedSink sink = Okio.buffer(Okio.sink(outputStream));
 jsonWriter = JsonWriter.of(sink);
diff --git 
a/modules/json/src/org/apache/axis2/json/moshi/JsonHtmlXssSerializer.java 
b/modules/json/src/org/apache/axis2/json/moshi/JsonHtmlXssSerializer.java
new file mode 100644
index 000..241a96e
--- /dev/null
+++ b/modules/json/src/org/apache/axis2/json/moshi/JsonHtmlXssSerializer.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.axis2.json.moshi;
+
+import com.squareup.moshi.JsonAdapter;
+import com.squareup.moshi.JsonReader;
+import com.squareup.moshi.JsonWriter;
+import java.io.IOException;
+
+import org.owasp.encoder.Encode;
+
+public final class JsonHtmlXssSerializer extends JsonAdapter {
+
+@Override
+public synchronized String fromJson(JsonReader reader) throws IOException {
+if (reader.peek() == JsonReader.Token.NULL) {
+return reader.nextNull();
+}
+String string = reader.nextString();
+return string;
+}
+  
+@Override
+public synchronized void toJson(JsonWriter writer, String value) throws 
IOException {
+if (value == null) {
+writer.nullValue();
+} else {
+writer.value(Encode.forHtmlContent(value));
+}
+}
+}

[axis-axis2-java-core] branch master updated: JSON, make sure the messageName that starts the JSON String passed in via the client matches the Axis2 server operation name defined in the service class

[axis-axis2-java-core] branch master updated: use HTML encoding on JSON return strings ... starting with the GSON implementation

[axis-axis2-java-core] branch master updated: use HTML encoding on JSON return strings, with the Moshi implementation also

3 matches

Site Navigation

Mail list logo

Footer information