Description
When the Content-Type header is not specified in the HttpServletRequest, a null pointer is possible when calling Headers.copyFromRequest(...) followed by Headers.determineContentType(). This scenario is possible when using non-traditional clients like curl.
Here is an example (snippet) of the NPE:
2016-12-09T09:29:47.24-0600 [APP/0] ERR Caused by: java.lang.NullPointerException
2016-12-09T09:29:47.24-0600 [APP/0] ERR at org.apache.cxf.transport.http.Headers.determineContentType(Headers.java:374)
2016-12-09T09:29:47.24-0600 [APP/0] ERR at org.apache.cxf.transport.http.Headers.setProtocolHeadersInConnection(Headers.java:363)
2016-12-09T09:29:47.24-0600 [APP/0] ERR at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setProtocolHeaders(URLConnectionHTTPConduit.java:279)
2016-12-09T09:29:47.24-0600 [APP/0] ERR at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1301)
2016-12-09T09:29:47.24-0600 [APP/0] ERR at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1337)
2016-12-09T09:29:47.24-0600 [APP/0] ERR ... 56 more
The failing line of code is:
if (ctList != null && ctList.size() == 1) {
ct = ctList.get(0).toString(); // <--- here
The reason it fails is that copyFromRequest(...) will create a singleton list and wrap the request's content-type value in it. If the content-type from the request is null, then ctList will be a singleton list with a null value in it, so the call to toString() will be on a null value.
Instead, the code should be:
if (ctList != null && ctList.size() == 1 && ctList.get(0) != null) {
ct = ctList.get(0).toString();
...
This ensures that a default content type of text/xml is returned when no content-type is specified in the request – or whatever was specified in the Message.
This approach is preferable to just setting ctList (via the headers.get(Message.CONTENT_TYPE) field) to null because other places in the code depend on that list to be non-null.
I have a patch and test case to be delivered shortly.
Attachments
Issue Links
- links to