Hi again,
I've another question about the %perm:allow annotation. Is it possible to use multiple instances of this annotation?
My expectation would be that any of the listed roles is allowed to call the function. For example:
declare %rest:GET %rest:path("/multi") %perm:allow("role1") %perm:allow("role2") function test:multi()as item()* { <response>multi</response> }; declare %rest:GET %rest:path("/single") %perm:allow("role1") function test:single()as item()* { <response>single</response> };
declare %perm:check('/admin','{$perm}')function test:check($perm) { () };
When I call /multi the first time I get a response. But all further calls to /multi will result in a NullPointerException. Calls to /single do not have this problem.
My error stacktrace is:
java.lang.NullPointerException at org.basex.util.list.ObjectList.finish(ObjectList.java:235) at org.basex.query.value.seq.StrSeq.get(StrSeq.java:64) at org.basex.http.restxq.RestXqPerm.map(RestXqPerm.java:43) at org.basex.http.restxq.RestXqFunction.bind(RestXqFunction.java:263) at org.basex.http.restxq.RestXqResponse.bind(RestXqResponse.java:61) at org.basex.http.web.WebResponse.create(WebResponse.java:53) at org.basex.http.restxq.RestXqServlet.run(RestXqServlet.java:50) at org.basex.http.BaseXServlet.service(BaseXServlet.java:59) at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)
I think the error is at the location where he parses the perm:allow annotations.
Best regards Johannes
Good catch! It has been fixed in the latest snapshot.
On Wed, Jan 30, 2019 at 3:42 PM Johannes Bauer johannes.bauer@tanner.de wrote:
Hi again,
I've another question about the %perm:allow annotation. Is it possible to use multiple instances of this annotation?
My expectation would be that any of the listed roles is allowed to call the function. For example:
declare %rest:GET %rest:path("/multi") %perm:allow("role1") %perm:allow("role2") function test:multi() as item()* { <response>multi</response> };
declare %rest:GET %rest:path("/single") %perm:allow("role1") function test:single() as item()* { <response>single</response> };
declare %perm:check('/admin', '{$perm}') function test:check($perm) { () };
When I call /multi the first time I get a response. But all further calls to /multi will result in a NullPointerException. Calls to /single do not have this problem.
My error stacktrace is:
java.lang.NullPointerException at org.basex.util.list.ObjectList.finish(ObjectList.java:235) at org.basex.query.value.seq.StrSeq.get(StrSeq.java:64) at org.basex.http.restxq.RestXqPerm.map(RestXqPerm.java:43) at org.basex.http.restxq.RestXqFunction.bind(RestXqFunction.java:263) at org.basex.http.restxq.RestXqResponse.bind(RestXqResponse.java:61) at org.basex.http.web.WebResponse.create(WebResponse.java:53) at org.basex.http.restxq.RestXqServlet.run(RestXqServlet.java:50) at org.basex.http.BaseXServlet.service(BaseXServlet.java:59) at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)
I think the error is at the location where he parses the perm:allow annotations.
Best regards Johannes
basex-talk@mailman.uni-konstanz.de
-
Christian Grün -
Johannes Bauer