Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-7174

NullPointerException when Content-Type is not specified in the http request

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.1.8
    • 3.1.10, 3.0.13, 3.2.0
    • JAX-RS
    • None
    • Unknown

    Description

      When the Content-Type header is not specified in the HttpServletRequest, a null pointer is possible when calling Headers.copyFromRequest(...) followed by Headers.determineContentType(). This scenario is possible when using non-traditional clients like curl.

      Here is an example (snippet) of the NPE:
      2016-12-09T09:29:47.24-0600 [APP/0] ERR Caused by: java.lang.NullPointerException
      2016-12-09T09:29:47.24-0600 [APP/0] ERR at org.apache.cxf.transport.http.Headers.determineContentType(Headers.java:374)
      2016-12-09T09:29:47.24-0600 [APP/0] ERR at org.apache.cxf.transport.http.Headers.setProtocolHeadersInConnection(Headers.java:363)
      2016-12-09T09:29:47.24-0600 [APP/0] ERR at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setProtocolHeaders(URLConnectionHTTPConduit.java:279)
      2016-12-09T09:29:47.24-0600 [APP/0] ERR at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1301)
      2016-12-09T09:29:47.24-0600 [APP/0] ERR at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1337)
      2016-12-09T09:29:47.24-0600 [APP/0] ERR ... 56 more

      The failing line of code is:
      if (ctList != null && ctList.size() == 1) {
      ct = ctList.get(0).toString(); // <--- here

      The reason it fails is that copyFromRequest(...) will create a singleton list and wrap the request's content-type value in it. If the content-type from the request is null, then ctList will be a singleton list with a null value in it, so the call to toString() will be on a null value.

      Instead, the code should be:
      if (ctList != null && ctList.size() == 1 && ctList.get(0) != null) {
      ct = ctList.get(0).toString();
      ...

      This ensures that a default content type of text/xml is returned when no content-type is specified in the request – or whatever was specified in the Message.

      This approach is preferable to just setting ctList (via the headers.get(Message.CONTENT_TYPE) field) to null because other places in the code depend on that list to be non-null.

      I have a patch and test case to be delivered shortly.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #213

          Activity

            People

              sergey_beryozkin Sergey Beryozkin
              andymc Andrew J McMurry
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: