Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-22401

[GSS](7.4.z) RESTEASY-2997 - RESTEASY003210 is appeared in response body when request resource is not found

XMLWordPrintable

    • False
    • False
    • +
    • Undefined
    • Hide

      Add the below custom ExceptionMapper to remove the response body:

      import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.ExceptionMapper;
import javax.ws.rs.ext.Provider;

@Provider
public class MyNotFoundExceptionMapper implements ExceptionMapper<NotFoundException> {
    @Override
    public Response toResponse(NotFoundException e) {
        return Response.status(Response.Status.NOT_FOUND).build();
    }
}
      Show
      Add the below custom ExceptionMapper to remove the response body: import javax.ws.rs.NotFoundException; import javax.ws.rs.core.Response; import javax.ws.rs.ext.ExceptionMapper; import javax.ws.rs.ext.Provider; @Provider public class MyNotFoundExceptionMapper implements ExceptionMapper<NotFoundException> { @Override public Response toResponse(NotFoundException e) { return Response.status(Response.Status.NOT_FOUND).build(); } }
    • Hide

      Using jboss-quickstart's helloworld-rs app, reproduce in JBoss EAP 7.3.7:

      $ git clone https://github.com/jboss-developer/jboss-eap-quickstarts.git
$ cd jboss-eap-quickstarts/helloworld-rs
$ mvn clean package
$ cp target/helloworld-rs.war jboss-eap-7.3.7/standalone/deployments/

// For JBoss EAP 7.3.7 as latest
$ curl 127.0.0.1:8080/helloworld-rs/rest/html
RESTEASY003210: Could not find resource for full path: http://127.0.0.1:8080/helloworld-rs/rest/html

// For JBoss EAP 7.2.9
$ curl -v 127.0.0.1:8080/helloworld-rs/rest/html
$ (only return HTTP header, no HTTP response body.)
      Show
      Using jboss-quickstart's helloworld-rs app, reproduce in JBoss EAP 7.3.7: $ git clone https://github.com/jboss-developer/jboss-eap-quickstarts.git $ cd jboss-eap-quickstarts/helloworld-rs $ mvn clean package $ cp target/helloworld-rs.war jboss-eap-7.3.7/standalone/deployments/ // For JBoss EAP 7.3.7 as latest $ curl 127.0.0.1:8080/helloworld-rs/rest/html RESTEASY003210: Could not find resource for full path: http://127.0.0.1:8080/helloworld-rs/rest/html // For JBoss EAP 7.2.9 $ curl -v 127.0.0.1:8080/helloworld-rs/rest/html $ (only return HTTP header, no HTTP response body.)

      In JBoss EAP 7.3.0 and later which merged RESTEASY-2189, the default ExceptionHandler returns "RESTEASY003210: Could not find resource for full path: <path>" in the response body when request path is not found:

      $ curl 127.0.0.1:8080/helloworld-rs/rest/html
RESTEASY003210: Could not find resource for full path: http://127.0.0.1:8080/helloworld-rs/rest/html

      A malicious user can find out that RESTEasy is being used in the backend. I believe the default message returned by the server should not contain any messages that can guess the product name or versions.

      I think it would be more appropriate to just return the response header same as in JBoss EAP 7.2.9 and earlier.

              istudens@redhat.com Ivo Studensky
              rhn-support-ivassile Ilia Vassilev
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: