[jira] Commented: (CXF-2346) CXF with Spring AOP-based Auth makes JAX-RS POST urlencode gives @FormParam=null

[Sergey Beryozkin (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CXF-2346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12733026#action_12733026
 ] 

Sergey Beryozkin commented on CXF-2346:
---------------------------------------

It was a tricky issue to sort out, mainly because it was tricky to reproduce. 
As it happens in some cases servlet filters may consume the form request body, 
Spring security filters in this case, and when they do they make name/value 
pairs available as HttpServletRequest parameters.

thanks for helping me to get to the bottom of it - I think you deserve a solid 
patch point.
cheers, Sergey

> CXF with Spring AOP-based Auth makes JAX-RS POST urlencode gives 
> @FormParam=null 
> ---------------------------------------------------------------------------------
>
>                 Key: CXF-2346
>                 URL: https://issues.apache.org/jira/browse/CXF-2346
>             Project: CXF
>          Issue Type: Bug
>          Components: REST
>    Affects Versions: 2.2.2
>         Environment: CXF 2.2.2, JAX-RS, Servlet Edition running under Tomcat 
> 6.0, in combination with Spring and Spring AOP 2.5.6SEC01, Spring Security 
> 2.0, JSR-250 @RolesAllowed, and CGLIB 2.2
>            Reporter: Hendy Irawan
>
> It's much accurate to illustrate this with a real project sample, since it 
> takes quite an effort to setup the integrated environment to reproduce this 
> bug. (yet I have to say, this integration setup is a good 'standard setup' 
> for my general JAX-RS purposes)
> The sample project is at: 
> http://scm.ops4j.org/repos/ops4j/laboratory/users/ceefour/cxfbug-urlencode-basicauth
> Given a project with the setup of CXF, JAX-RS, Servlet, Spring Security, 
> Spring AOP, CGLIB, and JSR-250 annotation, doing a POST with urlencode on 
> JAX-RS resource with @FormParam is not working.
> Here's the script used to test:
>     #!/bin/sh
>     # Environment: CXF 2.2.2, JAX-RS, Servlet Edition running under Tomcat 
> 6.0, in combination with Spring and Spring AOP 2.5.6SEC01, Spring Security 
> 2.0, JSR-250 @RolesAllowed, and CGLIB 2.2
>     # Description: CXF with Spring AOP-based Auth makes JAX-RS POST urlencode 
> gives @FormParam=null 
>     echo 'Test if CXF just works'
>     curl -D - -v http://localhost:8080/cxfbug-urlencode-basicauth/
>     echo
>     echo 'Test if CXF POST works'
>     curl -D - -v -X POST 
> http://localhost:8080/cxfbug-urlencode-basicauth/guestquery?name=Apache
>     echo
>     echo 'Test if CXF POST urlencode works'
>     curl -D - -v -X POST --data-urlencode name=Apache 
> http://localhost:8080/cxfbug-urlencode-basicauth/guestform
>     echo
>     echo 'Test if CXF Auth with Spring AOP + Spring Security + JSR-250 works'
>     curl -D - -v -u apache:apache 
> http://localhost:8080/cxfbug-urlencode-basicauth/loginget
>     echo
>     echo 'Test if CXF POST works'
>     curl -D - -v -u apache:apache -X POST 
> http://localhost:8080/cxfbug-urlencode-basicauth/loginquery?name=Apache
>     echo
>     echo 'Test if CXF POST urlencode works with Auth'
>     curl -D - -v -u apache:apache -X POST --data-urlencode name=Apache 
> http://localhost:8080/cxfbug-urlencode-basicauth/loginform
> Only the last one is failing, here's the result of the last two tests in my 
> setup:
> Test if CXF POST works
> * About to connect() to localhost port 8080 (#0)
> *   Trying ::1... connected
> * Connected to localhost (::1) port 8080 (#0)
> * Server auth using Basic with user 'apache'
> > POST /cxfbug-urlencode-basicauth/loginquery?name=Apache HTTP/1.1
> > Authorization: Basic YXBhY2hlOmFwYWNoZQ==
> > User-Agent: curl/7.18.2 (i486-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g 
> > zlib/1.2.3.3 libidn/1.10
> > Host: localhost:8080
> > Accept: */*
> > 
> < HTTP/1.1 200 OK
> HTTP/1.1 200 OK
> < Server: Apache-Coyote/1.1
> Server: Apache-Coyote/1.1
> < Date: Fri, 17 Jul 2009 18:16:35 GMT
> Date: Fri, 17 Jul 2009 18:16:35 GMT
> < Content-Type: text/plain
> Content-Type: text/plain
> < Content-Length: 12
> Content-Length: 12
> < 
> * Connection #0 to host localhost left intact
> Hello Apache* Closing connection #0
> Test if CXF POST urlencode works with Auth
> * About to connect() to localhost port 8080 (#0)
> *   Trying ::1... connected
> * Connected to localhost (::1) port 8080 (#0)
> * Server auth using Basic with user 'apache'
> > POST /cxfbug-urlencode-basicauth/loginform HTTP/1.1
> > Authorization: Basic YXBhY2hlOmFwYWNoZQ==
> > User-Agent: curl/7.18.2 (i486-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g 
> > zlib/1.2.3.3 libidn/1.10
> > Host: localhost:8080
> > Accept: */*
> > Content-Length: 11
> > Content-Type: application/x-www-form-urlencoded
> > 
> < HTTP/1.1 200 OK
> HTTP/1.1 200 OK
> < Server: Apache-Coyote/1.1
> Server: Apache-Coyote/1.1
> < Date: Fri, 17 Jul 2009 18:16:35 GMT
> Date: Fri, 17 Jul 2009 18:16:35 GMT
> < Content-Type: text/plain
> Content-Type: text/plain
> < Content-Length: 10
> Content-Length: 10
> < 
> * Connection #0 to host localhost left intact
> Hello null* Closing connection #0
> @FormParam is giving null instead of provided "Apache".

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.