[
https://issues.apache.org/jira/browse/CXF-6758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15118628#comment-15118628
]
Daniel Kulp commented on CXF-6758:
----------------------------------
This is working as design. The gMonth is described at:
https://www.w3.org/TR/2012/REC-xmlschema11-2-20120405/datatypes.html#gMonth
and in this case should be in the XML as "--07". Thus, the XML is invalid
according to the schema and should be rejected. IMO, the reference
implementation should also reject it as its invalid.
That said, you can turn this off in CXF by setting the
"set-jaxb-validation-event-handler" property on the endpoint to "false".
> DataReaderImpl.handleEvent is too strict in case of XMLGregorianCalendar
> parse error of severity ValidationEvent.ERROR
> ----------------------------------------------------------------------------------------------------------------------
>
> Key: CXF-6758
> URL: https://issues.apache.org/jira/browse/CXF-6758
> Project: CXF
> Issue Type: Bug
> Affects Versions: 3.1.4
> Environment: CXF 3.1.4 integrated into JBoss Wildly 10.0.0.CR5, java
> version 1.8.0_71
> Reporter: Thorsten Möller
>
> The implementation of
> {{org.apache.cxf.jaxb.io.DataReaderImpl.handleEvent(ValidationEvent event)}}
> is too strict in comparison to
> {{com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.handleEvent(ValidationEvent)}}
> and returns {{false}} (cannot recover) if the {{ValidationEvent.severity}}
> equals {{ValidationEvent.ERROR}}.
> In the following, details from a real-world Web service where we have
> encountered this issue.
> The issue can be observed when invoking the method {{GetListModel}} of this
> [Web service|http://webservices.eurotaxglass.com/wsdl/identification-v2.wsdl]
> whose reply message contains elements of the complex type {{ETGdateType}}
> that contains a field of type {{xsd:gMonth}} (and {{xsd:gYear}}). The
> following is an excerpt of the relevant part of a reply message:
> {code:xml}
> <ProductionStartDate xsi:type="ns1:ETGdateType">
> <Month xsi:type="xsd:gMonth">07</Month>
> <Year xsi:type="xsd:gYear">2010</Year>
> </ProductionStartDate>
> {code}
> If invoked by a service client class from within a Web application deployed
> to Wildfly (which uses CXF), an unmarshalling error occurs and the following
> stack trace is logged:
> {noformat}
> 16:43:46,891 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default
> task-113) Interceptor for
> {http://www.eurotax.com/Webservices/Identification/}IdentificationStub#{http://www.eurotax.com/Webservices/Identification/}GetListModel
> has thrown exception, unwinding now: org.apache.cxf.interceptor.Fault:
> Unmarshalling Error: 07
> at
> org.apache.cxf.jaxb.JAXBEncoderDecoder.unmarshall(JAXBEncoderDecoder.java:905)
> at
> org.apache.cxf.jaxb.JAXBEncoderDecoder.unmarshall(JAXBEncoderDecoder.java:712)
> at org.apache.cxf.jaxb.io.DataReaderImpl.read(DataReaderImpl.java:179)
> at
> org.apache.cxf.wsdl.interceptors.DocLiteralInInterceptor.handleMessage(DocLiteralInInterceptor.java:109)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1669)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1550)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1347)
> at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:651)
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
> at com.sun.proxy.$Proxy147.getListModel(Unknown Source)
> at
> ch.sbi.forte.ws.client.etg.IdentificationServiceImpl.getListModel(IdentificationServiceImpl.java:277)
> at
> ch.sbi.forte.services.rest.CarInsuranceResource.getListModel(CarInsuranceResource.java:302)
> at
> ch.sbi.forte.services.rest.CarInsuranceResource$Proxy$_$$_WeldClientProxy.getListModel(Unknown
> Source)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> at
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
> at
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at
> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> at
> ch.sbi.atlas.servlet.filter.ResponseHeaderFilter.doFilter(ResponseHeaderFilter.java:110)
> at
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
> org.keycloak.adapters.undertow.UndertowAuthenticatedActionsHandler.handleRequest(UndertowAuthenticatedActionsHandler.java:66)
> at
> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> at
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
> at
> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at
> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at
> io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
> at
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at
> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> at
> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
> org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
> at
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
> at
> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> at
> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: javax.xml.bind.UnmarshalException
> - with linked exception:
> [com.sun.istack.SAXParseException2; lineNumber: 0; columnNumber: 0; 07]
> at
> com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.handleStreamException(UnmarshallerImpl.java:483)
> at
> com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:417)
> at
> com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:394)
> at
> org.apache.cxf.jaxb.JAXBEncoderDecoder.doUnmarshal(JAXBEncoderDecoder.java:855)
> at
> org.apache.cxf.jaxb.JAXBEncoderDecoder.access$100(JAXBEncoderDecoder.java:102)
> at
> org.apache.cxf.jaxb.JAXBEncoderDecoder$2.run(JAXBEncoderDecoder.java:894)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.apache.cxf.jaxb.JAXBEncoderDecoder.unmarshall(JAXBEncoderDecoder.java:892)
> ... 72 more
> Caused by: com.sun.istack.SAXParseException2; lineNumber: 0; columnNumber: 0;
> 07
> at
> com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallingContext.handleEvent(UnmarshallingContext.java:740)
> at
> com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallingContext.handleError(UnmarshallingContext.java:770)
> at
> com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallingContext.handleError(UnmarshallingContext.java:766)
> at
> com.sun.xml.bind.v2.model.impl.RuntimeBuiltinLeafInfoImpl$12.parse(RuntimeBuiltinLeafInfoImpl.java:595)
> at
> com.sun.xml.bind.v2.model.impl.RuntimeBuiltinLeafInfoImpl$12.parse(RuntimeBuiltinLeafInfoImpl.java:568)
> at
> com.sun.xml.bind.v2.runtime.FilterTransducer.parse(FilterTransducer.java:84)
> at
> com.sun.xml.bind.v2.runtime.reflect.TransducedAccessor$CompositeTransducedAccessorImpl.parse(TransducedAccessor.java:245)
> at
> com.sun.xml.bind.v2.runtime.unmarshaller.LeafPropertyLoader.text(LeafPropertyLoader.java:65)
> at
> com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallingContext.text(UnmarshallingContext.java:589)
> at
> com.sun.xml.bind.v2.runtime.unmarshaller.InterningXmlVisitor.text(InterningXmlVisitor.java:93)
> at
> com.sun.xml.bind.v2.runtime.unmarshaller.StAXStreamConnector.processText(StAXStreamConnector.java:338)
> at
> com.sun.xml.bind.v2.runtime.unmarshaller.StAXStreamConnector.handleEndElement(StAXStreamConnector.java:216)
> at
> com.sun.xml.bind.v2.runtime.unmarshaller.StAXStreamConnector.bridge(StAXStreamConnector.java:185)
> at
> com.sun.xml.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:415)
> ... 78 more
> Caused by: javax.xml.bind.UnmarshalException: 07
> - with linked exception:
> [java.lang.IllegalArgumentException: 07]
> ... 92 more
> Caused by: java.lang.IllegalArgumentException: 07
> at
> org.apache.xerces.jaxp.datatype.XMLGregorianCalendarImpl$Parser.parseYear(XMLGregorianCalendarImpl.java:2952)
> at
> org.apache.xerces.jaxp.datatype.XMLGregorianCalendarImpl$Parser.parse(XMLGregorianCalendarImpl.java:2862)
> at
> org.apache.xerces.jaxp.datatype.XMLGregorianCalendarImpl.<init>(XMLGregorianCalendarImpl.java:478)
> at
> org.apache.xerces.jaxp.datatype.DatatypeFactoryImpl.newXMLGregorianCalendar(DatatypeFactoryImpl.java:230)
> at
> __redirected.__DatatypeFactory.newXMLGregorianCalendar(__DatatypeFactory.java:180)
> at
> com.sun.xml.bind.v2.model.impl.RuntimeBuiltinLeafInfoImpl$12.parse(RuntimeBuiltinLeafInfoImpl.java:592)
> ... 88 more
> {noformat}
> This is due to the following code in
> {{org.apache.cxf.jaxb.io.DataReaderImpl.WSUIDValidationHandler.handleEvent(ValidationEvent)}},
> line 71 to 86 as released for version 3.1.4 for CXF:
> {code}
> public boolean handleEvent(ValidationEvent event) {
> // if the original handler has already handled the event, no need
> for us
> // to do anything, otherwise if not yet handled, then do this
> 'hack'
> if (origHandler != null && origHandler.handleEvent(event)) {
> return true;
> } else {
> // hack for CXF-3453
> String msg = event.getMessage();
> return msg != null
> && msg.contains(":Id")
> && (msg.startsWith("cvc-type.3.1.1: ")
> || msg.startsWith("cvc-type.3.2.2: ")
> || msg.startsWith("cvc-complex-type.3.1.1: ")
> || msg.startsWith("cvc-complex-type.3.2.2: "));
> }
> }
> {code}
> At runtime, while debugging, {{origHandler}} is {{null}}, {{msg}} equals
> {{07}}, and {{event.severity}} is {{1}}, the latter of which will become
> relevant in a second. Hence, this method returns {{false}}, which ultimately
> leads to aborting parsing the reply further above in the stack.
> In contrast, invoking the same Web service method in Glassfish 4 works (same
> Web service method, same Java client stubs generated using same version of
> wsimport). This has also been debugged in detail. Interestingly, also in
> Glassfish parsing of the {{xsd:gMonth}} value '07' leads to an
> {{IllegalArgumentException}} in {{XMLGregorianCalendarImpl}} (though the
> implementation that is actually used in this case is
> {{com.sun.org.apache.xerces.internal.jaxp.datatype.XMLGregorianCalendarImpl}}).
> Also, there is a {{ValidationEvent}} object created and its {{severity}} is
> {{1}} ({{ValidationEvent.ERROR}}). However, another
> {{ValidationEventHandler}} implementation is used in this case, which is
> {{com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.handleEvent(ValidationEvent)}},
> the source code being:
> {code}
> public boolean handleEvent(ValidationEvent event) {
> return event.getSeverity()!=ValidationEvent.FATAL_ERROR;
> }
> {code}
> As can be seen, every event whose severity is not a {{FATAL_ERROR}} results
> in returning {{true}} (recoverable), which explains why the invocation works
> with Glassfish.
> I'm not an expert on lexical representations of XSD types, and in particular,
> I do not know whether the string '07' is a syntactically correct
> representation of a {{xsd:gMonth}}, but I think also CXF should handle this
> parse error as recoverable; i.e., return {{true}} from {{handleEvent}} as the
> reference implementation does. More importantly, I think this issue should be
> fixed somehow such that invoking the Web service does not abort when the
> reply is parsed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
