[jira] [Created] (CXF-8783) How to set "attachment-max-count" property in Apache CXF?
Eugene created CXF-8783:
---
Summary: How to set "attachment-max-count" property in Apache CXF?
Key: CXF-8783
URL: https://issues.apache.org/jira/browse/CXF-8783
Project: CXF
Issue Type: Task
Reporter: Eugene
Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message
attachments present in a given message. This leaves open the possibility of a
denial of service type attack, where a malicious user crafts a message
containing a very large number of message attachments. From the 3.3.4 and
3.2.11 releases, a default limit of 50 message attachments is enforced. This is
configurable via the message property "{*}attachment-max-count{*}".
So, how I can set this property? Via using XML config or command-line argument?
I checked official docs and I know that I can set this property via XML config.
But have no idea how to do
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (CXF-8783) How to set "attachment-max-count" property in Apache CXF?
[
https://issues.apache.org/jira/browse/CXF-8783?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eugene updated CXF-8783:
Issue Type: Bug (was: Task)
> How to set "attachment-max-count" property in Apache CXF?
> -
>
> Key: CXF-8783
> URL: https://issues.apache.org/jira/browse/CXF-8783
> Project: CXF
> Issue Type: Bug
>Reporter: Eugene
>Priority: Blocker
>
> Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message
> attachments present in a given message. This leaves open the possibility of a
> denial of service type attack, where a malicious user crafts a message
> containing a very large number of message attachments. From the 3.3.4 and
> 3.2.11 releases, a default limit of 50 message attachments is enforced. This
> is configurable via the message property "{*}attachment-max-count{*}".
> So, how I can set this property? Via using XML config or command-line
> argument?
> I checked official docs and I know that I can set this property via XML
> config. But have no idea how to do
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (CXF-8784) InaccessibleObjectException from ReflectionUtil class on JDK 17
Xilai Dai created CXF-8784:
--
Summary: InaccessibleObjectException from ReflectionUtil class on
JDK 17
Key: CXF-8784
URL: https://issues.apache.org/jira/browse/CXF-8784
Project: CXF
Issue Type: Bug
Affects Versions: 3.5.4, 3.4.4
Environment: JDK 17.
Reporter: Xilai Dai
{code}
Caused by: java.lang.reflect.InaccessibleObjectException: Unable to make field
private static volatile java.net.Authenticator
java.net.Authenticator.theAuthenticator accessible: module java.base does not
"opens java.net" to unnamed module @121f97fb
at java.lang.reflect.AccessibleObject.checkCanSetAccessible
(AccessibleObject.java:354)
at java.lang.reflect.AccessibleObject.checkCanSetAccessible
(AccessibleObject.java:297)
at java.lang.reflect.Field.checkCanSetAccessible (Field.java:178)
at java.lang.reflect.Field.setAccessible (Field.java:172)
at org.apache.cxf.common.util.ReflectionUtil$9.run (ReflectionUtil.java:161)
at org.apache.cxf.common.util.ReflectionUtil$9.run (ReflectionUtil.java:159)
at java.security.AccessController.doPrivileged (AccessController.java:318)
at org.apache.cxf.common.util.ReflectionUtil.setAccessible
(ReflectionUtil.java:159)
at org.apache.cxf.transport.http.CXFAuthenticator.addAuthenticator
(CXFAuthenticator.java:55)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit.
(URLConnectionHTTPConduit.java:70)
at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit
(HTTPTransportFactory.java:258)
at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit
(HTTPTransportFactory.java:238)
at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit
(AbstractConduitSelector.java:103)
at org.apache.cxf.endpoint.UpfrontConduitSelector.prepare
(UpfrontConduitSelector.java:63)
at org.apache.cxf.jaxrs.client.ClientConfiguration.prepareConduitSelector
(ClientConfiguration.java:108)
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (CXF-8782) Include JSONB provider in MicroProfile Rest Client by default
[
https://issues.apache.org/jira/browse/CXF-8782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andriy Redko updated CXF-8782:
--
Summary: Include JSONB provider in MicroProfile Rest Client by default
(was: Include JSONB provider in MicroProfile rest client by default)
> Include JSONB provider in MicroProfile Rest Client by default
> -
>
> Key: CXF-8782
> URL: https://issues.apache.org/jira/browse/CXF-8782
> Project: CXF
> Issue Type: Task
> Components: MicroProfile
>Affects Versions: 3.5.3
>Reporter: Jim Ma
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.0.0
>
>
> The JSONB provider missing in MP restclient implementation causes the tck
> test failure:
>
> {code:java}
> [INFO] Running
> org.eclipse.microprofile.rest.client.tck.jsonb.InvokeWithJsonBProviderTest
> [ERROR] Tests run: 2, Failures: 2, Errors: 0, Skipped: 0, Time elapsed: 2.291
> s <<< FAILURE! - in
> org.eclipse.microprofile.rest.client.tck.jsonb.InvokeWithJsonBProviderTest
> [ERROR]
> org.eclipse.microprofile.rest.client.tck.jsonb.InvokeWithJsonBProviderTest.testCanSeePrivatePropertiesViaContextResolver
> Time elapsed: 0.356 s <<< FAILURE!
> jakarta.ws.rs.client.ResponseProcessingException: No message body reader has
> been found for class
> org.eclipse.microprofile.rest.client.tck.interfaces.MyJsonBObjectWithPrivateProperties,
> ContentType: application/json
> at
> org.apache.cxf.jaxrs.impl.ResponseImpl.reportMessageHandlerProblem(ResponseImpl.java:553)
> at
> org.apache.cxf.jaxrs.impl.ResponseImpl.doReadEntity(ResponseImpl.java:506)
> at
> org.apache.cxf.jaxrs.client.AbstractClient.readBody(AbstractClient.java:559)
> at
> org.apache.cxf.jaxrs.client.ClientProxyImpl.handleResponse(ClientProxyImpl.java:1044)
> at
> org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:932)
> at
> org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:347)
> at
> org.apache.cxf.microprofile.client.proxy.MicroProfileClientProxyImpl.invokeActual(MicroProfileClientProxyImpl.java:496)
> at
> org.apache.cxf.microprofile.client.proxy.MicroProfileClientProxyImpl$Invoker.call(MicroProfileClientProxyImpl.java:515)
> at
> org.apache.cxf.microprofile.client.cdi.CDIInterceptorWrapperImpl.invoke(CDIInterceptorWrapperImpl.java:133)
> at
> org.apache.cxf.microprofile.client.proxy.MicroProfileClientProxyImpl.invoke(MicroProfileClientProxyImpl.java:492)
> at jdk.proxy2/jdk.proxy2.$Proxy64.getPrivate(Unknown Source)
> at
> org.eclipse.microprofile.rest.client.tck.jsonb.InvokeWithJsonBProviderTest.testCanSeePrivatePropertiesViaContextResolver(InvokeWithJsonBProviderTest.java:112)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:568)
> at
> org.testng.internal.invokers.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:139)
> at
> org.testng.internal.invokers.MethodInvocationHelper$1.runTestMethod(MethodInvocationHelper.java:258)
> at org.jboss.arquillian.testng.Arquillian$3.invoke(Arquillian.java:146)
> at
> org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:57)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:568)
> at
> org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86)
> at
> org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
> at
> org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:90)
> at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:133)
> at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:105)
> at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:62)
> at
> org.jboss.arquillian.container.test.impl.client.protocol.local.LocalContainerMethodExecutor.invoke(LocalContainerMethodExecutor.java:48)
> at
> org.jboss.arquillian.container.test.impl.execution.RemoteTestExecuter.execute(RemoteTestExecuter.java:103)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.ba
[jira] [Created] (CXF-8785) Make Jsonb lazy initializable in the JsrJsonbProvider
Andriy Redko created CXF-8785: - Summary: Make Jsonb lazy initializable in the JsrJsonbProvider Key: CXF-8785 URL: https://issues.apache.org/jira/browse/CXF-8785 Project: CXF Issue Type: Improvement Reporter: Andriy Redko Assignee: Andriy Redko The JsrJsonbProvider default constructor tries to initialize Jsonb eagerly, even before checking the context if the instance is provided already. It should initialize Jsonb lazily. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8785) Make Jsonb lazy initializable in the JsrJsonbProvider
[ https://issues.apache.org/jira/browse/CXF-8785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8785: -- Affects Version/s: 3.4.9 3.5.4 > Make Jsonb lazy initializable in the JsrJsonbProvider > - > > Key: CXF-8785 > URL: https://issues.apache.org/jira/browse/CXF-8785 > Project: CXF > Issue Type: Improvement >Affects Versions: 3.5.4, 3.4.9 >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > > The JsrJsonbProvider default constructor tries to initialize Jsonb eagerly, > even before checking the context if the instance is provided already. It > should initialize Jsonb lazily. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (CXF-8785) Make Jsonb lazy initializable in the JsrJsonbProvider
[ https://issues.apache.org/jira/browse/CXF-8785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andriy Redko updated CXF-8785: -- Fix Version/s: 3.6.0 3.5.5 3.4.10 > Make Jsonb lazy initializable in the JsrJsonbProvider > - > > Key: CXF-8785 > URL: https://issues.apache.org/jira/browse/CXF-8785 > Project: CXF > Issue Type: Improvement >Affects Versions: 3.5.4, 3.4.9 >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 3.6.0, 3.5.5, 3.4.10 > > > The JsrJsonbProvider default constructor tries to initialize Jsonb eagerly, > even before checking the context if the instance is provided already. It > should initialize Jsonb lazily. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CXF-8785) Make Jsonb lazy initializable in the JsrJsonbProvider
[ https://issues.apache.org/jira/browse/CXF-8785?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628300#comment-17628300 ] Andriy Redko commented on CXF-8785: --- The fix for 4.0.0 is part of https://issues.apache.org/jira/browse/CXF-8782 > Make Jsonb lazy initializable in the JsrJsonbProvider > - > > Key: CXF-8785 > URL: https://issues.apache.org/jira/browse/CXF-8785 > Project: CXF > Issue Type: Improvement >Affects Versions: 3.5.4, 3.4.9 >Reporter: Andriy Redko >Assignee: Andriy Redko >Priority: Major > Fix For: 3.6.0, 3.5.5, 3.4.10 > > > The JsrJsonbProvider default constructor tries to initialize Jsonb eagerly, > even before checking the context if the instance is provided already. It > should initialize Jsonb lazily. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (CXF-8782) Include JSONB provider in MicroProfile Rest Client by default
[
https://issues.apache.org/jira/browse/CXF-8782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andriy Redko resolved CXF-8782.
---
Resolution: Fixed
> Include JSONB provider in MicroProfile Rest Client by default
> -
>
> Key: CXF-8782
> URL: https://issues.apache.org/jira/browse/CXF-8782
> Project: CXF
> Issue Type: Task
> Components: MicroProfile
>Affects Versions: 4.0.0
>Reporter: Jim Ma
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.0.0
>
>
> The JSONB provider missing in MP restclient implementation causes the tck
> test failure:
>
> {code:java}
> [INFO] Running
> org.eclipse.microprofile.rest.client.tck.jsonb.InvokeWithJsonBProviderTest
> [ERROR] Tests run: 2, Failures: 2, Errors: 0, Skipped: 0, Time elapsed: 2.291
> s <<< FAILURE! - in
> org.eclipse.microprofile.rest.client.tck.jsonb.InvokeWithJsonBProviderTest
> [ERROR]
> org.eclipse.microprofile.rest.client.tck.jsonb.InvokeWithJsonBProviderTest.testCanSeePrivatePropertiesViaContextResolver
> Time elapsed: 0.356 s <<< FAILURE!
> jakarta.ws.rs.client.ResponseProcessingException: No message body reader has
> been found for class
> org.eclipse.microprofile.rest.client.tck.interfaces.MyJsonBObjectWithPrivateProperties,
> ContentType: application/json
> at
> org.apache.cxf.jaxrs.impl.ResponseImpl.reportMessageHandlerProblem(ResponseImpl.java:553)
> at
> org.apache.cxf.jaxrs.impl.ResponseImpl.doReadEntity(ResponseImpl.java:506)
> at
> org.apache.cxf.jaxrs.client.AbstractClient.readBody(AbstractClient.java:559)
> at
> org.apache.cxf.jaxrs.client.ClientProxyImpl.handleResponse(ClientProxyImpl.java:1044)
> at
> org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:932)
> at
> org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:347)
> at
> org.apache.cxf.microprofile.client.proxy.MicroProfileClientProxyImpl.invokeActual(MicroProfileClientProxyImpl.java:496)
> at
> org.apache.cxf.microprofile.client.proxy.MicroProfileClientProxyImpl$Invoker.call(MicroProfileClientProxyImpl.java:515)
> at
> org.apache.cxf.microprofile.client.cdi.CDIInterceptorWrapperImpl.invoke(CDIInterceptorWrapperImpl.java:133)
> at
> org.apache.cxf.microprofile.client.proxy.MicroProfileClientProxyImpl.invoke(MicroProfileClientProxyImpl.java:492)
> at jdk.proxy2/jdk.proxy2.$Proxy64.getPrivate(Unknown Source)
> at
> org.eclipse.microprofile.rest.client.tck.jsonb.InvokeWithJsonBProviderTest.testCanSeePrivatePropertiesViaContextResolver(InvokeWithJsonBProviderTest.java:112)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:568)
> at
> org.testng.internal.invokers.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:139)
> at
> org.testng.internal.invokers.MethodInvocationHelper$1.runTestMethod(MethodInvocationHelper.java:258)
> at org.jboss.arquillian.testng.Arquillian$3.invoke(Arquillian.java:146)
> at
> org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:57)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:568)
> at
> org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86)
> at
> org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
> at
> org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:90)
> at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:133)
> at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:105)
> at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:62)
> at
> org.jboss.arquillian.container.test.impl.client.protocol.local.LocalContainerMethodExecutor.invoke(LocalContainerMethodExecutor.java:48)
> at
> org.jboss.arquillian.container.test.impl.execution.RemoteTestExecuter.execute(RemoteTestExecuter.java:103)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> at
> java.base/jdk.intern
[jira] [Updated] (CXF-8782) Include JSONB provider in MicroProfile Rest Client by default
[
https://issues.apache.org/jira/browse/CXF-8782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andriy Redko updated CXF-8782:
--
Affects Version/s: 4.0.0
(was: 3.5.3)
> Include JSONB provider in MicroProfile Rest Client by default
> -
>
> Key: CXF-8782
> URL: https://issues.apache.org/jira/browse/CXF-8782
> Project: CXF
> Issue Type: Task
> Components: MicroProfile
>Affects Versions: 4.0.0
>Reporter: Jim Ma
>Assignee: Andriy Redko
>Priority: Major
> Fix For: 4.0.0
>
>
> The JSONB provider missing in MP restclient implementation causes the tck
> test failure:
>
> {code:java}
> [INFO] Running
> org.eclipse.microprofile.rest.client.tck.jsonb.InvokeWithJsonBProviderTest
> [ERROR] Tests run: 2, Failures: 2, Errors: 0, Skipped: 0, Time elapsed: 2.291
> s <<< FAILURE! - in
> org.eclipse.microprofile.rest.client.tck.jsonb.InvokeWithJsonBProviderTest
> [ERROR]
> org.eclipse.microprofile.rest.client.tck.jsonb.InvokeWithJsonBProviderTest.testCanSeePrivatePropertiesViaContextResolver
> Time elapsed: 0.356 s <<< FAILURE!
> jakarta.ws.rs.client.ResponseProcessingException: No message body reader has
> been found for class
> org.eclipse.microprofile.rest.client.tck.interfaces.MyJsonBObjectWithPrivateProperties,
> ContentType: application/json
> at
> org.apache.cxf.jaxrs.impl.ResponseImpl.reportMessageHandlerProblem(ResponseImpl.java:553)
> at
> org.apache.cxf.jaxrs.impl.ResponseImpl.doReadEntity(ResponseImpl.java:506)
> at
> org.apache.cxf.jaxrs.client.AbstractClient.readBody(AbstractClient.java:559)
> at
> org.apache.cxf.jaxrs.client.ClientProxyImpl.handleResponse(ClientProxyImpl.java:1044)
> at
> org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:932)
> at
> org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:347)
> at
> org.apache.cxf.microprofile.client.proxy.MicroProfileClientProxyImpl.invokeActual(MicroProfileClientProxyImpl.java:496)
> at
> org.apache.cxf.microprofile.client.proxy.MicroProfileClientProxyImpl$Invoker.call(MicroProfileClientProxyImpl.java:515)
> at
> org.apache.cxf.microprofile.client.cdi.CDIInterceptorWrapperImpl.invoke(CDIInterceptorWrapperImpl.java:133)
> at
> org.apache.cxf.microprofile.client.proxy.MicroProfileClientProxyImpl.invoke(MicroProfileClientProxyImpl.java:492)
> at jdk.proxy2/jdk.proxy2.$Proxy64.getPrivate(Unknown Source)
> at
> org.eclipse.microprofile.rest.client.tck.jsonb.InvokeWithJsonBProviderTest.testCanSeePrivatePropertiesViaContextResolver(InvokeWithJsonBProviderTest.java:112)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:568)
> at
> org.testng.internal.invokers.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:139)
> at
> org.testng.internal.invokers.MethodInvocationHelper$1.runTestMethod(MethodInvocationHelper.java:258)
> at org.jboss.arquillian.testng.Arquillian$3.invoke(Arquillian.java:146)
> at
> org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:57)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:568)
> at
> org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86)
> at
> org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
> at
> org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:90)
> at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:133)
> at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:105)
> at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:62)
> at
> org.jboss.arquillian.container.test.impl.client.protocol.local.LocalContainerMethodExecutor.invoke(LocalContainerMethodExecutor.java:48)
> at
> org.jboss.arquillian.container.test.impl.execution.RemoteTestExecuter.execute(RemoteTestExecuter.java:103)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorI
[jira] [Commented] (CXF-8784) InaccessibleObjectException from ReflectionUtil class on JDK 17
[
https://issues.apache.org/jira/browse/CXF-8784?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628612#comment-17628612
]
Andriy Redko commented on CXF-8784:
---
[~xldai] it looks like you are reporting bug against Apache CXF 3.1.x release
line, correct? The JDK17 is officially supported by 3.5.x release line
> InaccessibleObjectException from ReflectionUtil class on JDK 17
> ---
>
> Key: CXF-8784
> URL: https://issues.apache.org/jira/browse/CXF-8784
> Project: CXF
> Issue Type: Bug
>Affects Versions: 3.4.4, 3.5.4
> Environment: JDK 17.
>Reporter: Xilai Dai
>Priority: Major
>
> {code}
> Caused by: java.lang.reflect.InaccessibleObjectException: Unable to make
> field private static volatile java.net.Authenticator
> java.net.Authenticator.theAuthenticator accessible: module java.base does not
> "opens java.net" to unnamed module @121f97fb
> at java.lang.reflect.AccessibleObject.checkCanSetAccessible
> (AccessibleObject.java:354)
> at java.lang.reflect.AccessibleObject.checkCanSetAccessible
> (AccessibleObject.java:297)
> at java.lang.reflect.Field.checkCanSetAccessible (Field.java:178)
> at java.lang.reflect.Field.setAccessible (Field.java:172)
> at org.apache.cxf.common.util.ReflectionUtil$9.run
> (ReflectionUtil.java:161)
> at org.apache.cxf.common.util.ReflectionUtil$9.run
> (ReflectionUtil.java:159)
> at java.security.AccessController.doPrivileged (AccessController.java:318)
> at org.apache.cxf.common.util.ReflectionUtil.setAccessible
> (ReflectionUtil.java:159)
> at org.apache.cxf.transport.http.CXFAuthenticator.addAuthenticator
> (CXFAuthenticator.java:55)
> at org.apache.cxf.transport.http.URLConnectionHTTPConduit.
> (URLConnectionHTTPConduit.java:70)
> at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit
> (HTTPTransportFactory.java:258)
> at org.apache.cxf.transport.http.HTTPTransportFactory.getConduit
> (HTTPTransportFactory.java:238)
> at org.apache.cxf.endpoint.AbstractConduitSelector.getSelectedConduit
> (AbstractConduitSelector.java:103)
> at org.apache.cxf.endpoint.UpfrontConduitSelector.prepare
> (UpfrontConduitSelector.java:63)
> at org.apache.cxf.jaxrs.client.ClientConfiguration.prepareConduitSelector
> (ClientConfiguration.java:108)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (CXF-8783) How to set "attachment-max-count" property in Apache CXF?
[
https://issues.apache.org/jira/browse/CXF-8783?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andriy Redko updated CXF-8783:
--
Priority: Minor (was: Blocker)
> How to set "attachment-max-count" property in Apache CXF?
> -
>
> Key: CXF-8783
> URL: https://issues.apache.org/jira/browse/CXF-8783
> Project: CXF
> Issue Type: Bug
>Reporter: Eugene
>Priority: Minor
>
> Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message
> attachments present in a given message. This leaves open the possibility of a
> denial of service type attack, where a malicious user crafts a message
> containing a very large number of message attachments. From the 3.3.4 and
> 3.2.11 releases, a default limit of 50 message attachments is enforced. This
> is configurable via the message property "{*}attachment-max-count{*}".
> So, how I can set this property? Via using XML config or command-line
> argument?
> I checked official docs and I know that I can set this property via XML
> config. But have no idea how to do
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (CXF-8783) How to set "attachment-max-count" property in Apache CXF?
[
https://issues.apache.org/jira/browse/CXF-8783?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andriy Redko updated CXF-8783:
--
Issue Type: Improvement (was: Bug)
> How to set "attachment-max-count" property in Apache CXF?
> -
>
> Key: CXF-8783
> URL: https://issues.apache.org/jira/browse/CXF-8783
> Project: CXF
> Issue Type: Improvement
>Reporter: Eugene
>Priority: Minor
>
> Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message
> attachments present in a given message. This leaves open the possibility of a
> denial of service type attack, where a malicious user crafts a message
> containing a very large number of message attachments. From the 3.3.4 and
> 3.2.11 releases, a default limit of 50 message attachments is enforced. This
> is configurable via the message property "{*}attachment-max-count{*}".
> So, how I can set this property? Via using XML config or command-line
> argument?
> I checked official docs and I know that I can set this property via XML
> config. But have no idea how to do
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (CXF-8783) How to set "attachment-max-count" property in Apache CXF?
[
https://issues.apache.org/jira/browse/CXF-8783?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17628614#comment-17628614
]
Andriy Redko commented on CXF-8783:
---
[~privetkakdela] there are a number of ways to configure this property:
* Bus properties [https://cxf.apache.org/docs/bus-configuration.html]
*
[https://cxf.apache.org/docs/jax-rs-multiparts.html#JAXRSMultiparts-Readinglargeattachments]
*
[https://cxf.apache.org/docs/securing-cxf-services.html#SecuringCXFServices-Multiparts]
{noformat}
http://localhost/HelloWorld";>
...
{noformat}
* All of the above programmatically as well
Hope it helps.
> How to set "attachment-max-count" property in Apache CXF?
> -
>
> Key: CXF-8783
> URL: https://issues.apache.org/jira/browse/CXF-8783
> Project: CXF
> Issue Type: Improvement
>Reporter: Eugene
>Priority: Minor
>
> Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message
> attachments present in a given message. This leaves open the possibility of a
> denial of service type attack, where a malicious user crafts a message
> containing a very large number of message attachments. From the 3.3.4 and
> 3.2.11 releases, a default limit of 50 message attachments is enforced. This
> is configurable via the message property "{*}attachment-max-count{*}".
> So, how I can set this property? Via using XML config or command-line
> argument?
> I checked official docs and I know that I can set this property via XML
> config. But have no idea how to do
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
