Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-1067

Throwing WebApplicationException standard subclasses doesn't produce correct error message

XMLWordPrintable

    • User Experience
    • Hide

      Not using this standard exception and using just javax.ws.rs.core.Response as return value for all methods that need to return 403 or so.

      Show
      Not using this standard exception and using just javax.ws.rs.core.Response as return value for all methods that need to return 403 or so.

      If JAX-RS method throws any standard subclass of javax.ws.rs.WebApplicationException then RestEasy must generate correct Response for this exception with correct response message if it is specified.
      For example with javax.ws.rs.ForbiddenException:

      MyAuthenticationResource.java
      	@POST
	@Produces(MediaType.TEXT_PLAIN)
	@Consumes(MediaType.APPLICATION_JSON)
	public String login(AuthenticationData authenticationData) {
		throw new ForbiddenException("Authentication failed");
	}

      This method must create Respose with status 403 (already working) and content of "Authentication failed" (this doesn't work). But instead it shows just default error page from servlet container (Tomcat). Even more this page also doesn't include my error message. It just ignored by RestEasy.

      <h1>HTTP Status 403 - </h1>
        <HR size="1" noshade="noshade">
            <p>
                <b>type</b> Status report
            </p>
            <p>
                <b>message</b>
                <u></u>
            </p>
            <p>
                <b>description</b>
                <u>Access to the specified resource () has been forbidden.</u>
            </p>
            <HR size="1" noshade="noshade">
                <h3>Apache Tomcat/7.0.12</h3>

      And second problem is server logs:

      2014-05-22 12:13:34,252 ["http-bio-8080"-exec-3] WARN o.j.resteasy.core.ExceptionHandler:135 - failed to execute
      javax.ws.rs.ForbiddenException: Authentication failed
      at net.point.rs.resource.AuthenticationResource.login(AuthenticationResource.java:39) ~[classes/:na]
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_45]
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_45]
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_45]
      at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_45]
      at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137) ~[resteasy-jaxrs-3.0.7.Final.jar:na]
      at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:288) ~[resteasy-jaxrs-3.0.7.Final.jar:na]
      ... cutted for brevity

      Is it really intended to log full exception stacktrace at level WARN for standart javax.ws.rs.* exceptions which intended to use as replacement of Response.status(403).entity("Authentication failed").build(); ? For every bad request which is common practice in the web especially for authentication.

      It is too many of logging for that standard response. Especially at level WARN. This exceptions intended to be used not for produce warnings but as normal flow of application just for using Model return values in JAX-RS resource methods instead of Respose wrappers.

        1. TestException.java
          3 kB

              rsigal@redhat.com Ronald Sigal
              djxak Руслан Стельмаченко (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: