Uploaded image for project: 'Wink'
  1. Wink
  2. WINK-188

org.apache.wink.server.internal.contexts.HttpHeadersImpl#getRequestHeaderInternal(String) should check for invalid values.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.0
    • 1.0
    • Server
    • None

    • IBM Lotus Expeditor's Web Container - LWI 7.1.1.

    • Patch Available

    Description

      The org.apache.wink.server.internal.contexts.HttpHeadersImpl#getRequestHeaderInternal(String) gets the values of the Accept header from an instance of the javax.servlet.http.HttpServletRequest which in our case is of type com.ibm.ws.webcontainer.srt.SRTServletRequest. The returned enumeration of header values contains the following elements: [text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, null, null, null, null, null, null, null, null, null]

      The HTTP Request headers looks like this:
Host: localhost:13100
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: bg,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Content-Type: text/html

      The thrown exception is:
javax.ws.rs.WebApplicationException: java.lang.IllegalArgumentException: Wrong MediaType format for MediaType: {}
	at org.apache.wink.server.internal.contexts.HttpHeadersImpl.getAcceptHeader(HttpHeadersImpl.java:132)
	at org.apache.wink.server.internal.contexts.HttpHeadersImpl.getAcceptableMediaTypes(HttpHeadersImpl.java:93)
	at org.apache.wink.server.internal.registry.ResourceRegistry.filterByProduces(ResourceRegistry.java:473)
	at org.apache.wink.server.internal.registry.ResourceRegistry.filterDispatchMethods(ResourceRegistry.java:397)
	at org.apache.wink.server.internal.registry.ResourceRegistry.findMethod(ResourceRegistry.java:281)
	at org.apache.wink.server.internal.handlers.FindResourceMethodHandler.handleResourceMethod(FindResourceMethodHandler.java:123)
	at org.apache.wink.server.internal.handlers.FindResourceMethodHandler.handleRequest(FindResourceMethodHandler.java:58)
	at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
	at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
	at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:55)
	at org.apache.wink.server.internal.handlers.FindRootResourceHandler.handleRequest(FindRootResourceHandler.java:99)
	at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
	at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
	at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:55)
	at org.apache.wink.server.internal.handlers.HeadMethodHandler.handleRequest(HeadMethodHandler.java:47)
	at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
	at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
	at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:55)
	at org.apache.wink.server.internal.handlers.OptionsMethodHandler.handleRequest(OptionsMethodHandler.java:42)
	at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
	at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
	at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:55)
	at org.apache.wink.server.internal.handlers.SearchResultHandler.handleRequest(SearchResultHandler.java:33)
	at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
	at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
	at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:55)
	at org.apache.wink.server.handlers.AbstractHandlersChain.run(AbstractHandlersChain.java:43)
	at org.apache.wink.server.internal.RequestProcessor.handleRequestWithoutFaultBarrier(RequestProcessor.java:137)
	at org.apache.wink.server.internal.RequestProcessor.handleRequest(RequestProcessor.java:118)
	at org.apache.wink.server.internal.servlet.RestServlet.service(RestServlet.java:103)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
	at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:971)
	at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:477)
	at com.ibm.pvc.internal.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:86)
	at com.ibm.pvc.internal.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:102)
	at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3124)
	at com.ibm.pvc.internal.webcontainer.webapp.BundleWebApp.handleRequest(BundleWebApp.java:451)
	at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:235)
	at com.ibm.pvc.internal.webcontainer.VirtualHost.handleRequest(VirtualHost.java:96)
	at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)
	at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:41)
	at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:464)
	at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:355)
	at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1498)
Caused by: 
java.lang.IllegalArgumentException: Wrong MediaType format for MediaType: {}
	at org.apache.wink.common.internal.providers.header.MediaTypeHeaderDelegate.fromString(MediaTypeHeaderDelegate.java:78)
	at org.apache.wink.common.internal.providers.header.MediaTypeHeaderDelegate.fromString(MediaTypeHeaderDelegate.java:34)
	at javax.ws.rs.core.MediaType.valueOf(MediaType.java:119)
	at org.apache.wink.common.internal.providers.header.AcceptHeaderDelegate.fromString(AcceptHeaderDelegate.java:55)
	at org.apache.wink.common.internal.providers.header.AcceptHeaderDelegate.fromString(AcceptHeaderDelegate.java:33)
	at org.apache.wink.common.internal.http.Accept.valueOf(Accept.java:139)
	at org.apache.wink.server.internal.contexts.HttpHeadersImpl.getAcceptHeader(HttpHeadersImpl.java:129)
	... 43 more
Caused by: 
java.lang.ArrayIndexOutOfBoundsException: Array index out of range: 1
	at org.apache.wink.common.internal.providers.header.MediaTypeHeaderDelegate.fromString(MediaTypeHeaderDelegate.java:65)
	... 49 more

      I am not sure what the reason for returning null elements in the enumeration is, but I think a check for this should be made. Here is how it might look:
      org.apache.wink.server.internal.contexts.HttpHeadersImpl:

      private Accept getAcceptHeader() {
	String alternateParameter = msgContext.getUriInfo().getQueryParameters().getFirst(RestConstants.REST_PARAM_MEDIA_TYPE);
	String acceptValue = null;
	if (alternateParameter != null) {
		// try to map alternate parameter shortcut to a real media type
		DeploymentConfiguration deploymentConfiguration = msgContext.getAttribute(DeploymentConfiguration.class);
		Map<String, String> alternateShortcutMap = deploymentConfiguration.getAlternateShortcutMap();
		if (alternateShortcutMap != null) {
			acceptValue = alternateShortcutMap.get(alternateParameter);
		}
		if (acceptValue == null) {
			acceptValue = alternateParameter;
		}
	} else {
		List<String> requestHeader = getRequestHeader(HttpHeaders.ACCEPT);
		if (requestHeader == null || requestHeader.isEmpty()) {
			acceptValue = null;
		} else if (requestHeader.size() > 0) {
			StringBuilder acceptValueTemp = new StringBuilder();
			acceptValueTemp.append(requestHeader.get(0));
			for (int c = 1; c < requestHeader.size(); ++c) {
				acceptValueTemp.append(",");
				acceptValueTemp.append(requestHeader.get(c));
			}
			acceptValue = acceptValueTemp.toString();
		} else {
			acceptValue = requestHeader.get(0);
		}
	}
	try {
		Accept acceptHeader = Accept.valueOf(acceptValue);
		return acceptHeader;
	} catch (IllegalArgumentException e) {
		throw new WebApplicationException(e, 400);
	}
}

private List<String> getRequestHeaderInternal(String name) {
	if (allHeaders != null) {
		return allHeaders.get(name);
	}

	List<String> list = headers.get(name);
	if (list == null) {
		Enumeration<?> headerValues = msgContext.getAttribute(HttpServletRequest.class).getHeaders(name);
		list = new ArrayList<String>();
		while (headerValues.hasMoreElements()) {
			String val = (String) headerValues.nextElement();
			if (val != null) {
				list.add(val);
			}
		}

		headers.put(name, list);
	}

	return list;
}

private MultivaluedMap<String, String> buildRequestHeaders() {
	MultivaluedMap<String, String> map = new CaseInsensitiveMultivaluedMap<String>();
	Enumeration<?> names = msgContext.getAttribute(HttpServletRequest.class).getHeaderNames();

	if (names == null) {
		return map;
	}

	while (names.hasMoreElements()) {
		String name = (String) names.nextElement();
		Enumeration<?> headerValues = msgContext.getAttribute(HttpServletRequest.class).getHeaders(name);
		List<String> values = new ArrayList<String>();
		while (headerValues.hasMoreElements()) {
			String val = (String) headerValues.nextElement();
			if (val != null) {
				values.add(val);
			}
		}
		map.put(name, values);
	}
	return new UnmodifiableMultivaluedMap<String, String>(map);
}

      Attachments

        Activity

          People

            bluk Bryant Luk
            kkolev Kaloyan Kolev
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment