-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[java][jersey2] Differentiate request with no body vs request that contains the null value #6634
Conversation
👍 Thanks for opening this issue! The team will review the labels and make any necessary changes. |
@@ -787,7 +794,7 @@ public String escapeString(String str) { | |||
* @return String | |||
* @throws ApiException API exception | |||
*/ | |||
public String serializeToString(Object obj, Map<String, Object> formParams, String contentType) throws ApiException { | |||
public String serializeToString(BodyHolder obj, Map<String, Object> formParams, String contentType) throws ApiException { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@wing328 , I'm a bit confused why updateParamsForAuth
invokes serializeToString, but the request body is serialized using a different function. That means an authorization scheme that processes the message body may provide incorrect authorization data.
For example, the calculate message digest may be different because the body is serialized using two different functions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree ideally they should be using the same function to come up with the request body.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks. I propose that we tackle this in a follow-up PR, what do you think? I see some discrepancies between serializeToString and serialize.
@bbdouglas (2017/07) @sreeshas (2017/08) @jfiala (2017/08) @lukoyanov (2017/09) @cbornet (2017/09) @jeff9finger (2018/01) @karismann (2019/03) @Zomzog (2019/04) @lwlee2608 (2019/10) @bkabrda (2020/01) |
Two scenarios need to be differentiated:
We need to be able to differentiate these two cases when serializing the body. In particular, for HTTP GET request which have an empty body, the input object was set to null, and it was serialized as the 'null' value instead of the empty string.
This leads to incorrect message digest being calculated.
PR checklist
./bin/generate-samples.sh
to update all Petstore samples related to your fix. This is important, as CI jobs will verify all generator outputs of your HEAD commit as it would merge with master. These must match the expectations made by your contribution. You may regenerate an individual generator by passing the relevant config(s) as an argument to the script, for example./bin/generate-samples.sh bin/config/java*
. For Windows users, please run the script in Git BASH.master