Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-21223

Safer behavior for WebApplicationExceptions thrown by RESTEasy clients running in JAX-RS resources

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • None
    • None
    • 5
    • False
    • False
    • Undefined

      If a JAX-RS or MicroProfile REST Client client running in a JAX-RS resource method throws a WebApplicationException (WAE) and that WAE is not caught and processed by application code, the WAE is thrown up to the servlet container and the information from a third party accessed by the client (HTTP headers, for example) can be returned to the client that invoked the resource method.

      The new default behavior in RESTEasy removes most of that information before returning a response.

      Instead of relying on the default behavior, a better practice would be for the resource method to process the WAE explicitly.

      If the full complement of information returned by the previous behavior is needed, the configuration parameter "resteasy.original.webapplicationexception.behavior" may be set to "true".

       A fuller description of the issue may be found in Section 32.3 "Resteasy WebApplicationExceptions" of the RESTEasy User Guide (https://docs.jboss.org/resteasy/docs/3.15.1.Final/userguide/html/ExceptionHandling.html#ResteasyWebApplicationException).

              Unassigned Unassigned
              rsigal@redhat.com Ronald Sigal
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: