glassfish
  1. glassfish
  2. GLASSFISH-514

Bad attribute escaping on saving config from GUI

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 9.0pe
    • Fix Version/s: 9.0pe
    • Component/s: admin
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      514

      Description

      On b42 we have an issue about bad escaping of non XML valid char of admin when
      saving in the XML domain.xml config file.

      Example Configuration / Security / Realm :

      Add a property, "find-user-query" and a value:

      SELECT IDENTIFIER FROM PERSON WHERE USERID = ? AND PASSWORD = ? AND ( (
      VALIDITYPERIODBEGIN <= CURRENT_TIMESTAMP AND CURRENT_TIMESTAMP <=
      VALIDITYPERIODEND ) OR ( VALIDITYPERIODBEGIN IS NULL AND CURRENT_TIMESTAMP <=
      VALIDITYPERIODEND ) OR ( VALIDITYPERIODBEGIN <= CURRENT_TIMESTAMP AND
      VALIDITYPERIODEND IS NULL ) )

      Then save, and redisplay, the string will be shown like :

      SELECT IDENTIFIER FROM PERSON WHERE USERID = ? AND PASSWORD = ? AND ( (
      VALIDITYPERIODBEGIN ?= CURRENT_TIMESTAMP AND CURRENT_TIMESTAMP ?=
      VALIDITYPERIODEND ) OR ( VALIDITYPERIODBEGIN IS NULL AND CURRENT_TIMESTAMP ?=
      VALIDITYPERIODEND ) OR ( VALIDITYPERIODBEGIN <= CURRENT_TIMESTAMP AND
      VALIDITYPERIODEND IS NULL ) )

      This means "<=" is replaced by "?=" and so will result in a bad query.

      The workaround is to dig in the domain.xml and fix the entry manually.

      I did not check the manual CLI admin to see if this bug is also there.

      IMHO, correct XML escaping has to be done so that it result in bijective parsing
      & saving.

        Activity

        Hide
        kravtch added a comment -

        It seems that s2b does not support setAttributeValue opeartion if any of two
        symbols are inside of attribute values - "<" and "]"
        Above symbols are not converted to proper xml symbol codes (like <), but
        replaced by "?".
        (meanwhile, get command does make the proper back conversions e.g "<" ===> "<")

        The cause is in XMLUtil.java:
        /** Test if character can be in attr value
        */
        public static boolean isAttrContent(int i)

        { // return false for leading ACSII chars (except tab char) if (i<9) return false; if (i>9 && i<32) return false; // return false for <, ] if (i==60 || i==93) return false; // otherwise return true return true; }
        Show
        kravtch added a comment - It seems that s2b does not support setAttributeValue opeartion if any of two symbols are inside of attribute values - "<" and "]" Above symbols are not converted to proper xml symbol codes (like <), but replaced by "?". (meanwhile, get command does make the proper back conversions e.g "<" ===> "<") The cause is in XMLUtil.java: /** Test if character can be in attr value */ public static boolean isAttrContent(int i) { // return false for leading ACSII chars (except tab char) if (i<9) return false; if (i>9 && i<32) return false; // return false for <, ] if (i==60 || i==93) return false; // otherwise return true return true; }
        Hide
        kravtch added a comment -

        I'm trying to contact schema2beans developers to understand why these symbols
        treated so differently from the similar ones.

        Show
        kravtch added a comment - I'm trying to contact schema2beans developers to understand why these symbols treated so differently from the similar ones.
        Hide
        raccah added a comment -

        I've contacted schema2beans nb developers on your behalf and the following nb
        bug was filed:
        <http://www.netbeans.org/issues/show_bug.cgi?id=74299>

        Show
        raccah added a comment - I've contacted schema2beans nb developers on your behalf and the following nb bug was filed: < http://www.netbeans.org/issues/show_bug.cgi?id=74299 >
        Hide
        kravtch added a comment -

        Thank you, raccah.

        Show
        kravtch added a comment - Thank you, raccah.
        Hide
        kravtch added a comment -

        Bug #6254405 (Bad attribute escaping on saving config from GUI)
        GF issue: #514

        • GF migrated to schema2beans from netbeans 5.5 dev build. It has
          correspondent fixes for this issue;

        Submitted by: kravtch
        Reviewed by: Kedar
        Affected modules: bootstrap
        Tests: QLT-EE,devtest

        Checking in project.properties;
        /cvs/glassfish/bootstrap/project.properties,v <-- project.properties
        new revision: 1.159; previous revision: 1.158
        done (Bad attribute escaping on saving config from GUI)
        GF issue: #514

        • GF migrated to schema2beans from netbeans 5.5 dev build. It has
          correspondent fixes for this issue;

        Submitted by: kravtch
        Reviewed by: Kedar
        Affected modules: bootstrap
        Tests: QLT-EE,devtest

        Checking in project.properties;
        /cvs/glassfish/bootstrap/project.properties,v <-- project.properties
        new revision: 1.159; previous revision: 1.158
        done

        Show
        kravtch added a comment - Bug #6254405 (Bad attribute escaping on saving config from GUI) GF issue: #514 GF migrated to schema2beans from netbeans 5.5 dev build. It has correspondent fixes for this issue; Submitted by: kravtch Reviewed by: Kedar Affected modules: bootstrap Tests: QLT-EE,devtest Checking in project.properties; /cvs/glassfish/bootstrap/project.properties,v <-- project.properties new revision: 1.159; previous revision: 1.158 done (Bad attribute escaping on saving config from GUI) GF issue: #514 GF migrated to schema2beans from netbeans 5.5 dev build. It has correspondent fixes for this issue; Submitted by: kravtch Reviewed by: Kedar Affected modules: bootstrap Tests: QLT-EE,devtest Checking in project.properties; /cvs/glassfish/bootstrap/project.properties,v <-- project.properties new revision: 1.159; previous revision: 1.158 done

          People

          • Assignee:
            kravtch
            Reporter:
            bjb
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: