Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Do
Priority: Major
Fix Version/s: None
Affects Version/s: 3.0.7.Final
Component/s: jaxrs
Labels:

Affects:

User Experience
Workaround Description:

Hide

Not using this standard exception and using just javax.ws.rs.core.Response as return value for all methods that need to return 403 or so.

Show
Not using this standard exception and using just javax.ws.rs.core.Response as return value for all methods that need to return 403 or so.

Description

If JAX-RS method throws any standard subclass of javax.ws.rs.WebApplicationException then RestEasy must generate correct Response for this exception with correct response message if it is specified.
For example with javax.ws.rs.ForbiddenException:

MyAuthenticationResource.java

	@POST
	@Produces(MediaType.TEXT_PLAIN)
	@Consumes(MediaType.APPLICATION_JSON)
	public String login(AuthenticationData authenticationData) {
		throw new ForbiddenException("Authentication failed");
	}

This method must create Respose with status 403 (already working) and content of "Authentication failed" (this doesn't work). But instead it shows just default error page from servlet container (Tomcat). Even more this page also doesn't include my error message. It just ignored by RestEasy.

<h1>HTTP Status 403 - </h1>
        <HR size="1" noshade="noshade">
            <p>
                <b>type</b> Status report
            </p>
            <p>
                <b>message</b>
                <u></u>
            </p>
            <p>
                <b>description</b>
                <u>Access to the specified resource () has been forbidden.</u>
            </p>
            <HR size="1" noshade="noshade">
                <h3>Apache Tomcat/7.0.12</h3>

And second problem is server logs:

2014-05-22 12:13:34,252 ["http-bio-8080"-exec-3] WARN o.j.resteasy.core.ExceptionHandler:135 - failed to execute
javax.ws.rs.ForbiddenException: Authentication failed
at net.point.rs.resource.AuthenticationResource.login(AuthenticationResource.java:39) ~[classes/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_45]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_45]
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_45]
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137) ~[resteasy-jaxrs-3.0.7.Final.jar:na]
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:288) ~[resteasy-jaxrs-3.0.7.Final.jar:na]
... cutted for brevity

Is it really intended to log full exception stacktrace at level WARN for standart javax.ws.rs.* exceptions which intended to use as replacement of Response.status(403).entity("Authentication failed").build(); ? For every bad request which is common practice in the web especially for authentication.

It is too many of logging for that standard response. Especially at level WARN. This exceptions intended to be used not for produce warnings but as normal flow of application just for using Model return values in JAX-RS resource methods instead of Respose wrappers.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

TestException.java
3 kB
2015/03/28 12:35 AM

Issue Links

relates to

RESTEASY-1342 RoleBasedSecurityFilter doesn't allow customizing response

Resolved

Activity

People

Assignee:: Ronald Sigal

Reporter:: Руслан Стельмаченко (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2014/05/22 5:29 AM

Updated:: 2016/04/11 10:58 AM

Resolved:: 2015/08/03 3:48 PM