Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPetros Splinakis2016-07-07 15:49:29 +0000
committerPetros Splinakis2016-07-07 16:55:46 +0000
commita0648d52c58bab3fe4ee9d06e6ab5db5908a4088 (patch)
treedca578da1afc0f5eafb31debf10d67fb1d7154b4
parent8f418384431cce614c07f73138c44d9553c66b6c (diff)
downloadeclipselink.runtime-2.6.3_WLS_TMP.tar.gz
eclipselink.runtime-2.6.3_WLS_TMP.tar.xz
eclipselink.runtime-2.6.3_WLS_TMP.zip
[NOBUG] - Limit the scope of bean lookup2.6.3_WLS_TMP
Signed-off-by: Petros Splinakis <petros.splinakis@oracle.com> Reviewed-by: Lukas Jungmann <lukas.jungmann@oracle.com>
-rw-r--r--dbws/org.eclipse.persistence.dbws/src/org/eclipse/persistence/jpa/rs/exceptions/JPARSException.java28
-rw-r--r--dbws/org.eclipse.persistence.dbws/src/org/eclipse/persistence/jpa/rs/logging/i18n/LoggingLocalizationResource.java137
-rw-r--r--dbws/org.eclipse.persistence.dbws/src/org/eclipse/persistence/jpa/rs/resources/common/AbstractPersistenceResource.java51
-rw-r--r--foundation/org.eclipse.persistence.core/src/org/eclipse/persistence/exceptions/JPARSErrorCodes.java3
4 files changed, 128 insertions, 91 deletions
diff --git a/dbws/org.eclipse.persistence.dbws/src/org/eclipse/persistence/jpa/rs/exceptions/JPARSException.java b/dbws/org.eclipse.persistence.dbws/src/org/eclipse/persistence/jpa/rs/exceptions/JPARSException.java
index 2e6b0937aa..90f5e8fd84 100644
--- a/dbws/org.eclipse.persistence.dbws/src/org/eclipse/persistence/jpa/rs/exceptions/JPARSException.java
+++ b/dbws/org.eclipse.persistence.dbws/src/org/eclipse/persistence/jpa/rs/exceptions/JPARSException.java
@@ -1,10 +1,10 @@
/*******************************************************************************
- * Copyright (c) 2013, 2015 Oracle and/or its affiliates. All rights reserved.
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 and Eclipse Distribution License v. 1.0
- * which accompanies this distribution.
+ * Copyright (c) 2013, 2016 Oracle and/or its affiliates. All rights reserved.
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 and Eclipse Distribution License v. 1.0
+ * which accompanies this distribution.
* The Eclipse Public License is available at http://www.eclipse.org/legal/epl-v10.html
- * and the Eclipse Distribution License is available at
+ * and the Eclipse Distribution License is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* Contributors:
@@ -338,6 +338,24 @@ public class JPARSException extends EclipseLinkException {
}
/**
+ * Session bean lookup is invalid.
+ *
+ * @param jndiName
+ * the jndi name
+ * @return the JPARS exception
+ */
+ public static JPARSException jndiNamePassedIsInvalid(String jndiName) {
+ Object[] args = { jndiName };
+
+ String msg = ExceptionMessageGenerator.buildMessage(JPARSException.class, JPARSErrorCodes.JNDI_NAME_IS_INVALID, args);
+ JPARSException exception = new JPARSException(msg);
+ exception.setErrorCode(JPARSErrorCodes.JNDI_NAME_IS_INVALID);
+ exception.setHttpStatusCode(Status.FORBIDDEN);
+
+ return exception;
+ }
+
+ /**
* Session bean lookup failed.
*
* @param jndiName the jndi name
diff --git a/dbws/org.eclipse.persistence.dbws/src/org/eclipse/persistence/jpa/rs/logging/i18n/LoggingLocalizationResource.java b/dbws/org.eclipse.persistence.dbws/src/org/eclipse/persistence/jpa/rs/logging/i18n/LoggingLocalizationResource.java
index 306edb10c1..658c278183 100644
--- a/dbws/org.eclipse.persistence.dbws/src/org/eclipse/persistence/jpa/rs/logging/i18n/LoggingLocalizationResource.java
+++ b/dbws/org.eclipse.persistence.dbws/src/org/eclipse/persistence/jpa/rs/logging/i18n/LoggingLocalizationResource.java
@@ -1,68 +1,69 @@
-/****************************************************************************
- * Copyright (c) 2011, 2013 Oracle and/or its affiliates. All rights reserved.
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 and Eclipse Distribution License v. 1.0
- * which accompanies this distribution.
- * The Eclipse Public License is available at http://www.eclipse.org/legal/epl-v10.html
- * and the Eclipse Distribution License is available at
- * http://www.eclipse.org/org/documents/edl-v10.php.
- *
- * Contributors:
- * tware -
- ******************************************************************************/
-package org.eclipse.persistence.jpa.rs.logging.i18n;
-
-import java.util.ListResourceBundle;
-
-public class LoggingLocalizationResource extends ListResourceBundle {
-
- static final Object[][] contents = {
- /*
- *
- * EACH RESOURCE STRING, MUST HAVE "requestId: {0}" AS FIRST PARAMETER in RESOURCE STRING.
- *
- */
- { "jpars_could_not_find_session_bean", "requestId: {0}. A call is being made to a session bean with JNDI Name: [{1}]. That bean can not be found." },
- { "jpars_could_not_find_persistence_context", "requestId: {0}. A JPA-RS call is requesting persistence context: [{1}]. That persistence context is not found." },
- { "jpars_could_not_find_class_in_persistence_unit", "requestId: {0}. Type: [{1}] cannot be found in persistence unit: [{2}]." },
- { "jpars_could_not_bootstrap_persistence_context", "requestId: {0}. Persistence Context: [{1}] could not be bootstrapped." },
- { "exception_marshalling_persitence_unit_metadata", "requestId: {0}. An exception was caught while marshalling the metadata for persistence unit [{1}]: [{2}]" },
- { "exception_marshalling_query_metadata", "requestId: {0}. An exception was caught while marshalling the metadata for the queries in persistence unit [{1}]: [{2}]" },
- { "exception_marshalling_individual_query_metadata", "requestId: {0}. An exception was caught while marshalling the metadata for query [{1}] in persistence unit [{2}]: [{3}]" },
- { "exception_marshalling_entity_metadata", "requestId: {0}. An exception was caught while marshalling the metadata for entity [{1}] in persistence unit [{2}]: [{3}]" },
- { "exception_creating_persistence_context", "requestId: {0}. An Exception was thrown while creating a JPA persistence context for persistence unit: [{1}]: [{2}]" },
- { "exception_while_updating_attribute", "requestId: {0}. An Exception was thrown while updating an entity of type [{1}] on persistence unit [{2}]: [{3}]" },
- { "exception_while_removing_attribute", "requestId: {0}. An Exception was thrown while removing attribute [{1}] on entity of type [{2}] on persistence unit [{3}]: [{4}]" },
- { "exception_while_unmarhalling_entity", "requestId: {0}. An Exception was thrown while unmarshalling an entity of type [{1}] in persitence unit [{2}]: [{3}]" },
- { "exception_creating_jaxb_context", "requestId: {0}. An Exception was thrown while creating a JAXBContext for persistence unit [{1}]: [{2}]" },
- { "exception_thrown_while_creating_dynamic_entity", "requestId: {0}. An Exception was thrown creating a dynamic entity of type [{1}]: [{2}]" },
- { "jpars_could_not_find_entity_type", "requestId: {0}. Entity type [{1}] could not be found in persistence unit: [{2}]." },
- { "jpars_could_not_find_entity_for_key", "requestId: {0}. Entity of type [{1}] and id [{2}] could not be found in persistence unit: [{3}]." },
- { "jpars_could_not_find_entity_for_attribute", "requestId: {0}. Attribute [{1}] for entity of type [{2}] and id [{3}] could not be found in persistence unit: [{4}]." },
- { "jpars_could_not_find_appropriate_mapping_for_update", "requestId: {0}. Attribute [{1}] for entity of type [{2}] in persistence unit: [{3}] is not the appropriate type for an update or delete." },
- { "jpars_could_not_update_attribute", "requestId: {0}. Attribute [{1}] for entity of type [{2}] with key [{3}] in persistence unit: [{4}] could not be updated or deleted." },
- { "jpars_put_not_idempotent", "requestId: {0}. An Entity of type [{1}] in persistence unit [{2}] is being created with a PUT, but the Entity is not idempotent due to either sequence generation or cascading." },
- { "jpars_could_not_marshal_serializing", "requestId: {0}. JPARS is serializing an object because it was unable to marshal it." },
- { "jaxb_exception_while_marshalling", "requestId: {0}. JPARS got a JAXBException while marshalling." },
- { "jpars_could_not_find_descriptor", "requestId: {0}. JPARS could not find the descriptor for [{1}] while subscribing for event notification." },
- { "jpars_caught_exception", "requestId: {0}. An exception was thrown in JPA RS." },
- { "jpars_could_not_add_listener", "requestId: {0}. JPA RS was unable to add a change listener" },
- { "weaving_required_for_relationships", "requestId: {0}. JPA RS can only handle relationships if your persistence unit is weaved. Ensure weaving is not disabled and either deploy on a Java EE compliant server of statically weave your classes." },
- { "jpars_could_not_marshal_requested_result_to_requested_type", "requestId: {0}. JPA RS could not marshall object [{1}] to the requested type." },
- { "object_referred_by_link_does_not_exist", "requestId: {0}. Entity referred by link does not exist, entity type:[{1}], id:[{2}]." },
- { "unsupported_service_version_in_the_request", "requestId: {0}. JPARS version [{1}] is not supported." },
- { "no_orderby_clause_for_paging", "requestId: {0}. No OrderBy clause is defined for query:[{1}]. As a result, no guarantee exists that paging will work deterministically." }
-
- /*
- *
- * EACH RESOURCE STRING, MUST HAVE "requestId: {0}" AS FIRST PARAMETER in RESOURCE STRING.
- *
- */
- };
-
- @Override
- protected Object[][] getContents() {
- return contents;
- }
-
-}
+/****************************************************************************
+ * Copyright (c) 2011, 2016 Oracle and/or its affiliates. All rights reserved.
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 and Eclipse Distribution License v. 1.0
+ * which accompanies this distribution.
+ * The Eclipse Public License is available at http://www.eclipse.org/legal/epl-v10.html
+ * and the Eclipse Distribution License is available at
+ * http://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * Contributors:
+ * tware -
+ ******************************************************************************/
+package org.eclipse.persistence.jpa.rs.logging.i18n;
+
+import java.util.ListResourceBundle;
+
+public class LoggingLocalizationResource extends ListResourceBundle {
+
+ static final Object[][] contents = {
+ /*
+ *
+ * EACH RESOURCE STRING, MUST HAVE "requestId: {0}" AS FIRST PARAMETER in RESOURCE STRING.
+ *
+ */
+ { "jpars_invalid_jndi_name", "requestId: {0}. A call is being made to a session bean with JNDI Name: [{1}]. That JNDI Name is invalid." },
+ { "jpars_could_not_find_session_bean", "requestId: {0}. A call is being made to a session bean with JNDI Name: [{1}]. That bean can not be found." },
+ { "jpars_could_not_find_persistence_context", "requestId: {0}. A JPA-RS call is requesting persistence context: [{1}]. That persistence context is not found." },
+ { "jpars_could_not_find_class_in_persistence_unit", "requestId: {0}. Type: [{1}] cannot be found in persistence unit: [{2}]." },
+ { "jpars_could_not_bootstrap_persistence_context", "requestId: {0}. Persistence Context: [{1}] could not be bootstrapped." },
+ { "exception_marshalling_persitence_unit_metadata", "requestId: {0}. An exception was caught while marshalling the metadata for persistence unit [{1}]: [{2}]" },
+ { "exception_marshalling_query_metadata", "requestId: {0}. An exception was caught while marshalling the metadata for the queries in persistence unit [{1}]: [{2}]" },
+ { "exception_marshalling_individual_query_metadata", "requestId: {0}. An exception was caught while marshalling the metadata for query [{1}] in persistence unit [{2}]: [{3}]" },
+ { "exception_marshalling_entity_metadata", "requestId: {0}. An exception was caught while marshalling the metadata for entity [{1}] in persistence unit [{2}]: [{3}]" },
+ { "exception_creating_persistence_context", "requestId: {0}. An Exception was thrown while creating a JPA persistence context for persistence unit: [{1}]: [{2}]" },
+ { "exception_while_updating_attribute", "requestId: {0}. An Exception was thrown while updating an entity of type [{1}] on persistence unit [{2}]: [{3}]" },
+ { "exception_while_removing_attribute", "requestId: {0}. An Exception was thrown while removing attribute [{1}] on entity of type [{2}] on persistence unit [{3}]: [{4}]" },
+ { "exception_while_unmarhalling_entity", "requestId: {0}. An Exception was thrown while unmarshalling an entity of type [{1}] in persitence unit [{2}]: [{3}]" },
+ { "exception_creating_jaxb_context", "requestId: {0}. An Exception was thrown while creating a JAXBContext for persistence unit [{1}]: [{2}]" },
+ { "exception_thrown_while_creating_dynamic_entity", "requestId: {0}. An Exception was thrown creating a dynamic entity of type [{1}]: [{2}]" },
+ { "jpars_could_not_find_entity_type", "requestId: {0}. Entity type [{1}] could not be found in persistence unit: [{2}]." },
+ { "jpars_could_not_find_entity_for_key", "requestId: {0}. Entity of type [{1}] and id [{2}] could not be found in persistence unit: [{3}]." },
+ { "jpars_could_not_find_entity_for_attribute", "requestId: {0}. Attribute [{1}] for entity of type [{2}] and id [{3}] could not be found in persistence unit: [{4}]." },
+ { "jpars_could_not_find_appropriate_mapping_for_update", "requestId: {0}. Attribute [{1}] for entity of type [{2}] in persistence unit: [{3}] is not the appropriate type for an update or delete." },
+ { "jpars_could_not_update_attribute", "requestId: {0}. Attribute [{1}] for entity of type [{2}] with key [{3}] in persistence unit: [{4}] could not be updated or deleted." },
+ { "jpars_put_not_idempotent", "requestId: {0}. An Entity of type [{1}] in persistence unit [{2}] is being created with a PUT, but the Entity is not idempotent due to either sequence generation or cascading." },
+ { "jpars_could_not_marshal_serializing", "requestId: {0}. JPARS is serializing an object because it was unable to marshal it." },
+ { "jaxb_exception_while_marshalling", "requestId: {0}. JPARS got a JAXBException while marshalling." },
+ { "jpars_could_not_find_descriptor", "requestId: {0}. JPARS could not find the descriptor for [{1}] while subscribing for event notification." },
+ { "jpars_caught_exception", "requestId: {0}. An exception was thrown in JPA RS." },
+ { "jpars_could_not_add_listener", "requestId: {0}. JPA RS was unable to add a change listener" },
+ { "weaving_required_for_relationships", "requestId: {0}. JPA RS can only handle relationships if your persistence unit is weaved. Ensure weaving is not disabled and either deploy on a Java EE compliant server of statically weave your classes." },
+ { "jpars_could_not_marshal_requested_result_to_requested_type", "requestId: {0}. JPA RS could not marshall object [{1}] to the requested type." },
+ { "object_referred_by_link_does_not_exist", "requestId: {0}. Entity referred by link does not exist, entity type:[{1}], id:[{2}]." },
+ { "unsupported_service_version_in_the_request", "requestId: {0}. JPARS version [{1}] is not supported." },
+ { "no_orderby_clause_for_paging", "requestId: {0}. No OrderBy clause is defined for query:[{1}]. As a result, no guarantee exists that paging will work deterministically." }
+
+ /*
+ *
+ * EACH RESOURCE STRING, MUST HAVE "requestId: {0}" AS FIRST PARAMETER in RESOURCE STRING.
+ *
+ */
+ };
+
+ @Override
+ protected Object[][] getContents() {
+ return contents;
+ }
+
+}
diff --git a/dbws/org.eclipse.persistence.dbws/src/org/eclipse/persistence/jpa/rs/resources/common/AbstractPersistenceResource.java b/dbws/org.eclipse.persistence.dbws/src/org/eclipse/persistence/jpa/rs/resources/common/AbstractPersistenceResource.java
index 6d96631c22..bf53ac9071 100644
--- a/dbws/org.eclipse.persistence.dbws/src/org/eclipse/persistence/jpa/rs/resources/common/AbstractPersistenceResource.java
+++ b/dbws/org.eclipse.persistence.dbws/src/org/eclipse/persistence/jpa/rs/resources/common/AbstractPersistenceResource.java
@@ -1,5 +1,5 @@
/*******************************************************************************
- * Copyright (c) 2011, 2014 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2016 Oracle and/or its affiliates. All rights reserved.
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v1.0 and Eclipse Distribution License v. 1.0
* which accompanies this distribution.
@@ -13,6 +13,23 @@
******************************************************************************/
package org.eclipse.persistence.jpa.rs.resources.common;
+import java.io.InputStream;
+import java.lang.reflect.Method;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.transform.stream.StreamSource;
+
import org.eclipse.persistence.internal.helper.ConversionManager;
import org.eclipse.persistence.internal.jpa.rs.metadata.model.Link;
import org.eclipse.persistence.internal.jpa.rs.metadata.model.Parameter;
@@ -31,21 +48,6 @@ import org.eclipse.persistence.jpa.rs.util.JPARSLogger;
import org.eclipse.persistence.jpa.rs.util.StreamingOutputMarshaller;
import org.eclipse.persistence.jpa.rs.util.list.LinkList;
-import javax.naming.InitialContext;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriInfo;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.transform.stream.StreamSource;
-import java.io.InputStream;
-import java.lang.reflect.Method;
-import java.net.URI;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-
/**
* Base class for persistent unit resources.
*
@@ -89,6 +91,11 @@ public abstract class AbstractPersistenceResource extends AbstractResource {
SessionBeanCall call = unmarshallSessionBeanCall(is);
String jndiName = call.getJndiName();
+ if (!isValid(jndiName)) {
+ JPARSLogger.error("jpars_invalid_jndi_name", new Object[] { jndiName });
+ throw JPARSException.jndiNamePassedIsInvalid(jndiName);
+ }
+
javax.naming.Context ctx = new InitialContext();
Object ans = ctx.lookup(jndiName);
if (ans == null) {
@@ -127,12 +134,22 @@ public abstract class AbstractPersistenceResource extends AbstractResource {
Method method = ans.getClass().getMethod(call.getMethodName(), parameters);
Object returnValue = method.invoke(ans, args);
return Response.ok(new StreamingOutputMarshaller(null, returnValue, headers.getAcceptableMediaTypes())).build();
- } catch (Exception e) {
+ } catch (JAXBException | NamingException | ReflectiveOperationException | RuntimeException e) {
JPARSLogger.exception("exception_in_callSessionBeanInternal", new Object[]{version, headers.getMediaType(), uriInfo.getRequestUri().toASCIIString()}, e);
throw JPARSException.exceptionOccurred(e);
}
}
+ private boolean isValid(String jndiName) {
+ String protocol = null;
+ int colon = jndiName.indexOf(':');
+ int slash = jndiName.indexOf('/');
+ if (colon > 0 && (slash == -1 || colon < slash)) {
+ protocol = jndiName.substring(0, colon);
+ }
+ return protocol == null || protocol.isEmpty() || protocol.equalsIgnoreCase("java") || protocol.equalsIgnoreCase("ejb");
+ }
+
private SessionBeanCall unmarshallSessionBeanCall(InputStream data) throws JAXBException {
Class<?>[] jaxbClasses = new Class[] { SessionBeanCall.class };
JAXBContext context = (JAXBContext) JAXBContextFactory.createContext(jaxbClasses, null);
diff --git a/foundation/org.eclipse.persistence.core/src/org/eclipse/persistence/exceptions/JPARSErrorCodes.java b/foundation/org.eclipse.persistence.core/src/org/eclipse/persistence/exceptions/JPARSErrorCodes.java
index e1ff70fc31..ed9d8497a8 100644
--- a/foundation/org.eclipse.persistence.core/src/org/eclipse/persistence/exceptions/JPARSErrorCodes.java
+++ b/foundation/org.eclipse.persistence.core/src/org/eclipse/persistence/exceptions/JPARSErrorCodes.java
@@ -1,5 +1,5 @@
/*******************************************************************************
-* Copyright (c) 2013, 2015 Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 2013, 2016 Oracle and/or its affiliates. All rights reserved.
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v1.0 and Eclipse Distribution License v. 1.0
* which accompanies this distribution.
@@ -34,6 +34,7 @@ public class JPARSErrorCodes {
public static final int PAGINATION_PARAMETER_USED_FOR_NOT_PAGEABLE_RESOURCE = 61016;
public static final int FIELDS_FILTERING_BOTH_PARAMETERS_PRESENT = 61017;
public static final int INVALID_PARAMETER = 61018;
+ public static final int JNDI_NAME_IS_INVALID = 61019;
//
public static final int AN_EXCEPTION_OCCURRED = 61999;

Back to the top