Re: [PR] Bump github/codeql-action from 3.27.0 to 3.27.1 [cxf-fediz]
dependabot[bot] commented on PR #305: URL: https://github.com/apache/cxf-fediz/pull/305#issuecomment-2482911011 Superseded by #306. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump github/codeql-action from 3.27.1 to 3.27.4 [cxf]
reta merged PR #2154: URL: https://github.com/apache/cxf/pull/2154 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.owasp:dependency-check-maven from 10.0.4 to 11.1.0 [cxf]
reta merged PR #2153: URL: https://github.com/apache/cxf/pull/2153 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] CXF-9076: Exception message is not unmarshalled with JDK17+ (limit the fix to JDK standard library exceptions) [cxf]
reta merged PR #2148: URL: https://github.com/apache/cxf/pull/2148 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] CXF-9082: Allow to modify sensitive header list [cxf]
dmytro-sylaiev commented on code in PR #2150:
URL: https://github.com/apache/cxf/pull/2150#discussion_r1846812859
##
rt/transports/http/src/main/java/org/apache/cxf/transport/http/Headers.java:
##
@@ -580,4 +580,8 @@ public static String toHttpDate(Date date) {
public static String toHttpLanguage(Locale locale) {
return locale.toString().replace('_', '-');
}
+
+public static List getSensitiveHeaderList() {
Review Comment:
Hello @reta
Both `toString()` and `logProtocolHeaders` methods (who are the only users
of `SENSITIVE_HEADERS` list) are static and don't use `message` to print
headers.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] CXF-9082: Allow to modify sensitive header list [cxf]
reta commented on code in PR #2150:
URL: https://github.com/apache/cxf/pull/2150#discussion_r1846824254
##
rt/transports/http/src/main/java/org/apache/cxf/transport/http/Headers.java:
##
@@ -580,4 +580,8 @@ public static String toHttpDate(Date date) {
public static String toHttpLanguage(Locale locale) {
return locale.toString().replace('_', '-');
}
+
+public static List getSensitiveHeaderList() {
Review Comment:
Hello @dmytro-sylaiev , that is right, those are internal APIs (package
protected) and has to be changed to instance methods (or accept message as an
argument), thanks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: CXF JAX-RS: working with multipart form-data
Hi Jean,
I would expect the bean validation to work, I will take a look closely into it
this week.
Regarding JAXRSClientFactoryBean / Proxy and WebClient, these serve two
different purposes: WebClient is generic HTTP client whereas
JAXRSClientFactoryBean
creates a typed proxy with the contract (interface). WebClient does not
introspect
anything and could only use base address (from client proxy), as far as I know.
Thanks.
Best Regards,
Andriy Redko
> If I deactivate the bean validation feature in createMagdadocServer(...)
> it works.
> Some further questions:
> 1. Setting the target address when using WebClient directly
>
> Currently I create my client using JAXRSClientFactoryBean refereincing my
> service class as follows ( is either my service interface class or
> some interface extending on it):
> protected synchronized PT getApiProxy() {
> if (apiProxy == null) {
> //Get the base address of the service endpoint
> String baseAddress =
> Configuration.getInstance().getItem("magdadocumentendienst.service.base.ur
> i");
> apiProxy = getThreadsafeProxy(baseAddress);
> }
> return apiProxy;
> }
> private PT getThreadsafeProxy(String baseAddress) {
> JacksonJsonProvider jjProvider = new
> JacksonJsonProvider(new CustomObjectMapper());
> List providers = Arrays.asList(new
> MultipartProvider(), jjProvider);
>
> final JAXRSClientFactoryBean factory = new
> JAXRSClientFactoryBean();
> factory.setAddress(baseAddress);
>
> factory.setServiceClass(getPTClass());
> factory.setProviders(providers);
> factory.setThreadSafe(true);
>
> //only for testing the sending of attachments as
> multipart/form-data
> LoggingFeature feature = new LoggingFeature();
> feature.setLogMultipart(true);
> feature.setLogBinary(true);
> feature.setLimit(128*1000);
>
> feature.addBinaryContentMediaTypes(MediaType.APPLICATION_OCTET_STREAM);
> feature.addBinaryContentMediaTypes("application/pdf");
> factory.setFeatures(Arrays.asList(feature));
> PT api = (PT) factory.create(getPTClass());
> ClientConfiguration config = WebClient.getConfig(api);
> addTLSClientParameters(config.getHttpConduit());
> return api;
> }
> When invoking a method on it (e.g. getApiProxy().createMessage(...)) it is
> handled by cxf the class ClientProxyImpl. This uses the method signature
> and all annotated 'path' declarations to determine the target address.
> This doesn't happen when I invoke the call through a WebClient, e.g. (as
> to your suggestion):
> MultipartBody body = new
> MultipartBody(attachments,MediaType.MULTIPART_FORM_DATA_TYPE,false);
> WebClient wc = WebClient.fromClient(client)
> .path("/messages")
> .accept(MediaType.APPLICATION_JSON_TYPE);
> return
> wc.post(Entity.entity(body,MediaType.MULTIPART_FORM_DATA_TYPE));
> Here I have to set the path manually. Is there a way to construct it
> similar to what ClientProxyImpl does?
> 2.Bean validation
> ==
> I guess there are different bean validation frameworks/libraries. I'd like
> to keep bean validation active any suggestions on how to
> resolve/circumvent this issue, e.g.:
> - using another bean validation library
> - disabling validation for a specific method (is this possible?)
> -
> Regards,
> J.P. Urkens
> -Oorspronkelijk bericht-
> Van: Jean Pierre URKENS
> Verzonden: maandag 18 november 2024 10:20
> Aan: 'Andriy Redko' ; 'dev@cxf.apache.org'
>
> Onderwerp: RE: CXF JAX-RS: working with multipart form-data
> Validation is done using apache library bval-jsr-2.0.5.jar. So this might
> be well out-of-scope of CXF.
> -Oorspronkelijk bericht-
> Van: Jean Pierre URKENS
> Verzonden: maandag 18 november 2024 10:02
> Aan: 'Andriy Redko' ; 'dev@cxf.apache.org'
>
> Onderwerp: RE: CXF JAX-RS: working with multipart form-data
> Hi Andriy,
> Thanks for the example. I tried something similar last week but since my
> method was annotated with @Parameter(required=true,schema =
> @Schema(implementation=MessageToSend.class)) request parameter validation
> failed on the server side (see server trace below).
> I have a JAXRSBeanValidationInInterceptor provider active at the server
> side and somehow matching the multipart request body to the method
> signature fails.
> So does it mean that validating request parameters takes place before
> handling the multipart body translating each part to a
[PR] Bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.0 to 3.8.1 [cxf]
dependabot[bot] opened a new pull request, #2155: URL: https://github.com/apache/cxf/pull/2155 Bumps [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.8.0 to 3.8.1. Release notes Sourced from https://github.com/apache/maven-dependency-plugin/releases";>org.apache.maven.plugins:maven-dependency-plugin's releases. 3.8.1 What's Changed Bump org.apache.maven.doxia:doxia-sink-api from 2.0.0-M12 to 2.0.0 by https://github.com/dependabot";>@dependabot in https://redirect.github.com/apache/maven-dependency-plugin/pull/432";>apache/maven-dependency-plugin#432 [MDEP-956][MDEP-932] Silence artifact copying by https://github.com/elharo";>@elharo in https://redirect.github.com/apache/maven-dependency-plugin/pull/436";>apache/maven-dependency-plugin#436 Minor copy editing by https://github.com/elharo";>@elharo in https://redirect.github.com/apache/maven-dependency-plugin/pull/437";>apache/maven-dependency-plugin#437 [MDEP-958] Bump org.apache.maven.shared:maven-dependency-analyzer from 1.14.1 to 1.15.0 by https://github.com/dependabot";>@dependabot in https://redirect.github.com/apache/maven-dependency-plugin/pull/434";>apache/maven-dependency-plugin#434 Bump org.apache.maven.reporting:maven-reporting-api from 4.0.0-M12 to 4.0.0 by https://github.com/dependabot";>@dependabot in https://redirect.github.com/apache/maven-dependency-plugin/pull/435";>apache/maven-dependency-plugin#435 [MNGSITE-393] Cleanup and correct usage docs by https://github.com/elharo";>@elharo in https://redirect.github.com/apache/maven-dependency-plugin/pull/440";>apache/maven-dependency-plugin#440 Replace old workaround for Maven 3.2.5 bug by https://github.com/elharo";>@elharo in https://redirect.github.com/apache/maven-dependency-plugin/pull/438";>apache/maven-dependency-plugin#438 Delete obsolete commented code by https://github.com/elharo";>@elharo in https://redirect.github.com/apache/maven-dependency-plugin/pull/446";>apache/maven-dependency-plugin#446 [MDEP-930] Make test robust against platform default character sets by https://github.com/elharo";>@elharo in https://redirect.github.com/apache/maven-dependency-plugin/pull/448";>apache/maven-dependency-plugin#448 ... (truncated) Commits https://github.com/apache/maven-dependency-plugin/commit/954e44a6f6bdb9f827cef95cff8a9509f86a7ed2";>954e44a [maven-release-plugin] prepare release maven-dependency-plugin-3.8.1 https://github.com/apache/maven-dependency-plugin/commit/842075d72d371459450db3a854b013a0a946c23d";>842075d Bump org.apache.maven.reporting:maven-reporting-impl https://github.com/apache/maven-dependency-plugin/commit/7e1aadcd74bc9b48b96d3c3f9e450d69f7552894";>7e1aadc Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0 https://github.com/apache/maven-dependency-plugin/commit/188531ca74cbb80225d4d470c99039ee2dbc8911";>188531c Fix SCM tag https://github.com/apache/maven-dependency-plugin/commit/361058e3c235f0524d91efa006b1b2f2d59efbe8";>361058e Bump jettyVersion from 9.4.55.v20240627 to 9.4.56.v20240826 https://github.com/apache/maven-dependency-plugin/commit/38ab10076724a01ed7e51d1a665019b1e0b67fff";>38ab100 Bump org.codehaus.plexus:plexus-io from 3.5.0 to 3.5.1 https://github.com/apache/maven-dependency-plugin/commit/cbac4a785843953cb8408b0eb75b16ad38d5574d";>cbac4a7 Bump commons-io:commons-io from 2.16.1 to 2.17.0 https://github.com/apache/maven-dependency-plugin/commit/b19b7e027085fb215f8f510d7bef8033ecbd4d48";>b19b7e0 [MDEP-930] Make test robust against platform default character sets (https://redirect.github.com/apache/maven-dependency-plugin/issues/448";>#448) https://github.com/apache/maven-dependency-plugin/commit/e347ef7298c9064be7f0774a4e00f94d7d407fcc";>e347ef7 Delete obsolete commented code for issue that was won't fixed 10 years ago (#... https://github.com/apache/maven-dependency-plugin/commit/7b137a17cc71b001e79992b755471a3fbb9702c8";>7b137a1 [MDEP-946] Add analyze exclusions to list of goals Additional commits viewable in https://github.com/apache/maven-dependency-plugin/compare/maven-dependency-plugin-3.8.0...maven-dependency-plugin-3.8.1";>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options
[PR] Bump github/codeql-action from 3.27.0 to 3.27.4 [cxf-fediz]
dependabot[bot] opened a new pull request, #306: URL: https://github.com/apache/cxf-fediz/pull/306 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.0 to 3.27.4. Release notes Sourced from https://github.com/github/codeql-action/releases";>github/codeql-action's releases. v3.27.4 CodeQL Action Changelog See the https://github.com/github/codeql-action/releases";>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. 3.27.4 - 14 Nov 2024 No user facing changes. See the full https://github.com/github/codeql-action/blob/v3.27.4/CHANGELOG.md";>CHANGELOG.md for more information. v3.27.3 CodeQL Action Changelog See the https://github.com/github/codeql-action/releases";>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. 3.27.3 - 12 Nov 2024 No user facing changes. See the full https://github.com/github/codeql-action/blob/v3.27.3/CHANGELOG.md";>CHANGELOG.md for more information. v3.27.2 CodeQL Action Changelog See the https://github.com/github/codeql-action/releases";>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. 3.27.2 - 12 Nov 2024 Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". https://redirect.github.com/github/codeql-action/pull/2590";>#2590 See the full https://github.com/github/codeql-action/blob/v3.27.2/CHANGELOG.md";>CHANGELOG.md for more information. v3.27.1 CodeQL Action Changelog See the https://github.com/github/codeql-action/releases";>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. 3.27.1 - 08 Nov 2024 The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. https://redirect.github.com/github/codeql-action/pull/2573";>#2573 Update default CodeQL bundle version to 2.19.3. https://redirect.github.com/github/codeql-action/pull/2576";>#2576 ... (truncated) Changelog Sourced from https://github.com/github/codeql-action/blob/main/CHANGELOG.md";>github/codeql-action's changelog. CodeQL Action Changelog See the https://github.com/github/codeql-action/releases";>releases page for the relevant changes to the CodeQL CLI and language packs. Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. [UNRELEASED] No user facing changes. 3.27.4 - 14 Nov 2024 No user facing changes. 3.27.3 - 12 Nov 2024 No user facing changes. 3.27.2 - 12 Nov 2024 Fixed an issue where setting up the CodeQL tools would sometimes fail with
RE: CXF JAX-RS: working with multipart form-data
If I deactivate the bean validation feature in createMagdadocServer(...)
it works.
Some further questions:
1. Setting the target address when using WebClient directly
Currently I create my client using JAXRSClientFactoryBean refereincing my
service class as follows ( is either my service interface class or
some interface extending on it):
protected synchronized PT getApiProxy() {
if (apiProxy == null) {
//Get the base address of the service endpoint
String baseAddress =
Configuration.getInstance().getItem("magdadocumentendienst.service.base.ur
i");
apiProxy = getThreadsafeProxy(baseAddress);
}
return apiProxy;
}
private PT getThreadsafeProxy(String baseAddress) {
JacksonJsonProvider jjProvider = new
JacksonJsonProvider(new CustomObjectMapper());
List providers = Arrays.asList(new
MultipartProvider(), jjProvider);
final JAXRSClientFactoryBean factory = new
JAXRSClientFactoryBean();
factory.setAddress(baseAddress);
factory.setServiceClass(getPTClass());
factory.setProviders(providers);
factory.setThreadSafe(true);
//only for testing the sending of attachments as
multipart/form-data
LoggingFeature feature = new LoggingFeature();
feature.setLogMultipart(true);
feature.setLogBinary(true);
feature.setLimit(128*1000);
feature.addBinaryContentMediaTypes(MediaType.APPLICATION_OCTET_STREAM);
feature.addBinaryContentMediaTypes("application/pdf");
factory.setFeatures(Arrays.asList(feature));
PT api = (PT) factory.create(getPTClass());
ClientConfiguration config = WebClient.getConfig(api);
addTLSClientParameters(config.getHttpConduit());
return api;
}
When invoking a method on it (e.g. getApiProxy().createMessage(...)) it is
handled by cxf the class ClientProxyImpl. This uses the method signature
and all annotated 'path' declarations to determine the target address.
This doesn't happen when I invoke the call through a WebClient, e.g. (as
to your suggestion):
MultipartBody body = new
MultipartBody(attachments,MediaType.MULTIPART_FORM_DATA_TYPE,false);
WebClient wc = WebClient.fromClient(client)
.path("/messages")
.accept(MediaType.APPLICATION_JSON_TYPE);
return
wc.post(Entity.entity(body,MediaType.MULTIPART_FORM_DATA_TYPE));
Here I have to set the path manually. Is there a way to construct it
similar to what ClientProxyImpl does?
2.Bean validation
==
I guess there are different bean validation frameworks/libraries. I'd like
to keep bean validation active any suggestions on how to
resolve/circumvent this issue, e.g.:
- using another bean validation library
- disabling validation for a specific method (is this possible?)
-
Regards,
J.P. Urkens
-Oorspronkelijk bericht-
Van: Jean Pierre URKENS
Verzonden: maandag 18 november 2024 10:20
Aan: 'Andriy Redko' ; 'dev@cxf.apache.org'
Onderwerp: RE: CXF JAX-RS: working with multipart form-data
Validation is done using apache library bval-jsr-2.0.5.jar. So this might
be well out-of-scope of CXF.
-Oorspronkelijk bericht-
Van: Jean Pierre URKENS
Verzonden: maandag 18 november 2024 10:02
Aan: 'Andriy Redko' ; 'dev@cxf.apache.org'
Onderwerp: RE: CXF JAX-RS: working with multipart form-data
Hi Andriy,
Thanks for the example. I tried something similar last week but since my
method was annotated with @Parameter(required=true,schema =
@Schema(implementation=MessageToSend.class)) request parameter validation
failed on the server side (see server trace below).
I have a JAXRSBeanValidationInInterceptor provider active at the server
side and somehow matching the multipart request body to the method
signature fails.
So does it mean that validating request parameters takes place before
handling the multipart body translating each part to a method parameter?
My actual method signature looked like:
Response createMessage(
@HeaderParam("x-correlation-id") @NotNull
@Size(min = 10, max = 36) @Parameter(description="ID of the transaction.
Use this ID for log tracing and incident handling.") String
xCorrelationId,
@HeaderParam("Idempotency-Key") @NotNull @Size(min
= 10, max = 36) @Parameter(description="When retrying a failed call, the
retry call should have the same Idempotency Key.") String idempotencyKey,
@FormDataParam(value="messageToSend")
@Parameter(required=true,schema =
@Schema(implementation=MessageToSend.clas
RE: CXF JAX-RS: working with multipart form-data
Hi Andriy,
Thanks for the example. I tried something similar last week but since my
method was annotated with @Parameter(required=true,schema =
@Schema(implementation=MessageToSend.class)) request parameter validation
failed on the server side (see server trace below).
I have a JAXRSBeanValidationInInterceptor provider active at the server
side and somehow matching the multipart request body to the method
signature fails.
So does it mean that validating request parameters takes place before
handling the multipart body translating each part to a method parameter?
My actual method signature looked like:
Response createMessage(
@HeaderParam("x-correlation-id") @NotNull
@Size(min = 10, max = 36) @Parameter(description="ID of the transaction.
Use this ID for log tracing and incident handling.") String
xCorrelationId,
@HeaderParam("Idempotency-Key") @NotNull @Size(min
= 10, max = 36) @Parameter(description="When retrying a failed call, the
retry call should have the same Idempotency Key.") String idempotencyKey,
@FormDataParam(value="messageToSend")
@Parameter(required=true,schema =
@Schema(implementation=MessageToSend.class)) @Multipart(value =
"messageToSend", type="application/json", required= true) MessageToSend
messageToSend,
@FormDataParam(value="upfile1") @Parameter(schema
= @Schema(type = "string", format = "binary")) @Multipart(value =
"upfile1", type="application/pdf", required = false) InputStream
upfile1Detail,
@FormDataParam(value="upfile2") @Parameter(schema
= @Schema(type = "string", format = "binary")) @Multipart(value =
"upfile2", type="application/pdf", required = false) InputStream
upfile2Detail,
@FormDataParam(value="upfile3") @Parameter(schema
= @Schema(type = "string", format = "binary")) @Multipart(value =
"upfile3", type="application/pdf", required = false) InputStream
upfile3Detail)
throws GeneralSecurityException, AuthorizationException;
Even if I reduce the method signature to:
Response createMessage(
@HeaderParam("x-correlation-id") @NotNull
@Size(min = 10, max = 36) @Parameter(description="ID of the transaction.
Use this ID for log tracing and incident handling.") String
xCorrelationId,
@HeaderParam("Idempotency-Key") @NotNull @Size(min
= 10, max = 36) @Parameter(description="When retrying a failed call, the
retry call should have the same Idempotency Key.") String idempotencyKey,
@Multipart(value = "messageToSend",
type="application/json", required= true) MessageToSend messageToSend,
@Multipart(value = "upfile1",
type="application/pdf", required = false) InputStream upfile1Detail,
@Multipart(value = "upfile2",
type="application/pdf", required = false) InputStream upfile2Detail,
@Multipart(value = "upfile3",
type="application/pdf", required = false) InputStream upfile3Detail)
throws GeneralSecurityException, AuthorizationException;
I am still getting a '500 server error' saying that arg0 of createMessage
may not be null.
Here are some extracts from the code:
1.API interface (only createMessage shown)
@POST
@Path("/messages")
@Consumes("multipart/form-data")
@Produces({ "application/json" })
@Operation(
summary = "Send a message, using a channel (email,
paper mail, ebox) and delivery method (registered or normal) of your
choice. More than 6 upfiles only supported for PAPER delivery.",
tags = {"messages" },
operationId="createMessage",
security=@SecurityRequirement(name="BearerAuthentication"))
@ApiResponses({
@ApiResponse(
responseCode = "201",
description = "Created",
content =
@Content(mediaType=MediaType.APPLICATION_JSON,array=@ArraySchema(schema=@S
chema(implementation=SendStatusMessage.class))),
headers = {@Header(
name="X-Magda-Exceptions",
required=false,
description="Only used in the context of EBOX delivery and if there was a
problem with the consent of the receiver's ebox.",
schema=@Schema(implementation=MagdaExceptionList.class))
}),
@ApiResponse(
responseCode = "400",
description = "Invalid data
supplied",
content =
@Content(mediaType=MediaType.APPLICATION_JSON,schema=@Schema(implementatio
n=ErrorMessage.class))),
@ApiResponse(
responseCode = "401",
Re: [PR] Bump github/codeql-action from 3.27.0 to 3.27.1 [cxf-fediz]
dependabot[bot] closed pull request #305: Bump github/codeql-action from 3.27.0 to 3.27.1 URL: https://github.com/apache/cxf-fediz/pull/305 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
RE: CXF JAX-RS: working with multipart form-data
Validation is done using apache library bval-jsr-2.0.5.jar. So this might
be well out-of-scope of CXF.
-Oorspronkelijk bericht-
Van: Jean Pierre URKENS
Verzonden: maandag 18 november 2024 10:02
Aan: 'Andriy Redko' ; 'dev@cxf.apache.org'
Onderwerp: RE: CXF JAX-RS: working with multipart form-data
Hi Andriy,
Thanks for the example. I tried something similar last week but since my
method was annotated with @Parameter(required=true,schema =
@Schema(implementation=MessageToSend.class)) request parameter validation
failed on the server side (see server trace below).
I have a JAXRSBeanValidationInInterceptor provider active at the server
side and somehow matching the multipart request body to the method
signature fails.
So does it mean that validating request parameters takes place before
handling the multipart body translating each part to a method parameter?
My actual method signature looked like:
Response createMessage(
@HeaderParam("x-correlation-id") @NotNull
@Size(min = 10, max = 36) @Parameter(description="ID of the transaction.
Use this ID for log tracing and incident handling.") String
xCorrelationId,
@HeaderParam("Idempotency-Key") @NotNull @Size(min
= 10, max = 36) @Parameter(description="When retrying a failed call, the
retry call should have the same Idempotency Key.") String idempotencyKey,
@FormDataParam(value="messageToSend")
@Parameter(required=true,schema =
@Schema(implementation=MessageToSend.class)) @Multipart(value =
"messageToSend", type="application/json", required= true) MessageToSend
messageToSend,
@FormDataParam(value="upfile1") @Parameter(schema
= @Schema(type = "string", format = "binary")) @Multipart(value =
"upfile1", type="application/pdf", required = false) InputStream
upfile1Detail,
@FormDataParam(value="upfile2") @Parameter(schema
= @Schema(type = "string", format = "binary")) @Multipart(value =
"upfile2", type="application/pdf", required = false) InputStream
upfile2Detail,
@FormDataParam(value="upfile3") @Parameter(schema
= @Schema(type = "string", format = "binary")) @Multipart(value =
"upfile3", type="application/pdf", required = false) InputStream
upfile3Detail)
throws GeneralSecurityException, AuthorizationException;
Even if I reduce the method signature to:
Response createMessage(
@HeaderParam("x-correlation-id") @NotNull
@Size(min = 10, max = 36) @Parameter(description="ID of the transaction.
Use this ID for log tracing and incident handling.") String
xCorrelationId,
@HeaderParam("Idempotency-Key") @NotNull @Size(min
= 10, max = 36) @Parameter(description="When retrying a failed call, the
retry call should have the same Idempotency Key.") String idempotencyKey,
@Multipart(value = "messageToSend",
type="application/json", required= true) MessageToSend messageToSend,
@Multipart(value = "upfile1",
type="application/pdf", required = false) InputStream upfile1Detail,
@Multipart(value = "upfile2",
type="application/pdf", required = false) InputStream upfile2Detail,
@Multipart(value = "upfile3",
type="application/pdf", required = false) InputStream upfile3Detail)
throws GeneralSecurityException, AuthorizationException;
I am still getting a '500 server error' saying that arg0 of createMessage
may not be null.
Here are some extracts from the code:
1.API interface (only createMessage shown)
@POST
@Path("/messages")
@Consumes("multipart/form-data")
@Produces({ "application/json" })
@Operation(
summary = "Send a message, using a channel (email,
paper mail, ebox) and delivery method (registered or normal) of your
choice. More than 6 upfiles only supported for PAPER delivery.",
tags = {"messages" },
operationId="createMessage",
security=@SecurityRequirement(name="BearerAuthentication"))
@ApiResponses({
@ApiResponse(
responseCode = "201",
description = "Created",
content =
@Content(mediaType=MediaType.APPLICATION_JSON,array=@ArraySchema(schema=@S
chema(implementation=SendStatusMessage.class))),
headers = {@Header(
name="X-Magda-Exceptions",
required=false,
description="Only used in the context of EBOX delivery and if there was a
problem with the consent of the receiver's ebox.",
schema=@Schema(implementation=MagdaExceptionList.class))
}),
@ApiResponse(
responseCode = "400",
