This is an automated email from the ASF dual-hosted git repository. jungm pushed a commit to branch tomee-10.x in repository https://gitbox.apache.org/repos/asf/tomee.git
commit c7e00587776796e95005d63667aab538b017ce43 Author: Markus Jung <[email protected]> AuthorDate: Fri Mar 6 07:33:28 2026 +0100 safe fallbacks when deserializing old SavedRequest (cherry picked from commit 02cd5947daaaad94ff8d09c0a2e4f25503eb5b3c) --- .../apache/tomee/security/http/SavedRequest.java | 8 ++++---- .../tomee/security/http/SavedRequestTest.java | 23 ++++++++++++++++++++++ 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/SavedRequest.java b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/SavedRequest.java index f6451e4349..9e6c95df00 100644 --- a/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/SavedRequest.java +++ b/tomee/tomee-security/src/main/java/org/apache/tomee/security/http/SavedRequest.java @@ -133,23 +133,23 @@ public class SavedRequest implements Serializable { @Override public Enumeration<String> getParameterNames() { - return Collections.enumeration(parameterMap.keySet()); + return Collections.enumeration(getParameterMap().keySet()); } @Override public String[] getParameterValues(String name) { - return parameterMap.get(name); + return getParameterMap().get(name); } @Override public String getParameter(String name) { - String[] values = parameterMap.get(name); + String[] values = getParameterValues(name); return values == null || values.length == 0 ? null : values[0]; } @Override public Map<String, String[]> getParameterMap() { - return parameterMap; + return parameterMap != null ? parameterMap : Collections.emptyMap(); } }; } diff --git a/tomee/tomee-security/src/test/java/org/apache/tomee/security/http/SavedRequestTest.java b/tomee/tomee-security/src/test/java/org/apache/tomee/security/http/SavedRequestTest.java index 4873536330..44e256a0bb 100644 --- a/tomee/tomee-security/src/test/java/org/apache/tomee/security/http/SavedRequestTest.java +++ b/tomee/tomee-security/src/test/java/org/apache/tomee/security/http/SavedRequestTest.java @@ -79,6 +79,29 @@ public class SavedRequestTest { assertEquals("bar", request.getParameterMap().get("foo")[0]); } + @Test + public void deserializationWithoutParameterMap() throws Exception { + // JSON produced by older versions that did not include the parameterMap field + String json = "{\"cookies\":[{\"name\":\"first\",\"value\":\"val1\",\"attributes\":{}},{\"name\":\"second\",\"value\":\"val2\",\"attributes\":{}}],\"headers\":{\"header1\":[\"h1val1\",\"h1val2\"],\"header2\":[\"h2val1\"]},\"method\":\"PATCH\",\"queryString\":\"foo=bar\",\"url\":\"http://example.com/foo\"}";; + SavedRequest request = SavedRequest.fromJson(json); + + assertNotNull(request); + assertEquals(2, request.getCookies().length); + assertEquals("first", request.getCookies()[0].getName()); + assertEquals("val1", request.getCookies()[0].getValue()); + assertEquals("second", request.getCookies()[1].getName()); + assertEquals("val2", request.getCookies()[1].getValue()); + assertEquals(2, request.getHeaders().size()); + assertEquals(List.of("h1val1", "h1val2"), request.getHeaders().get("header1")); + assertEquals(List.of("h2val1"), request.getHeaders().get("header2")); + assertEquals("PATCH", request.getMethod()); + assertEquals("foo=bar", request.getQueryString()); + assertEquals("http://example.com/foo";, request.getUrl()); + // parameterMap should be initialized to a safe default (e.g., empty map) rather than null + assertNotNull(request.getParameterMap()); + assertTrue(request.getParameterMap().isEmpty()); + } + @Test public void cookieSerialization() throws Exception { JsonbConfig config = new JsonbConfig()
