Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-3380

Source references exposed in RESTEasy error response


      The Jackson provider may expose unwanted source references in a default RESTEasy 400 error response. This is reproduced easily with the jaxrs-client quick start and testing a bad POST if you start A container with RESTEasy with -Dresteasy.preferJacksonOverJsonB=true. Note the unwanted source reference:

      $ curl -X POST localhost:8080/jaxrs-client/rest/contacts -H "Content-Type: application/json" -d '[['
      com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize value of type `org.jboss.as.quickstarts.jaxrsclient.model.Contact` from Array value (token `JsonToken.START_ARRAY`)
       at [Source: (io.undertow.servlet.spec.ServletInputStreamImpl); line: 1, column: 1]

      It can be masked with a custom ExceptionHandler that checks and avoids message output, but any improvement we might consider to avoid that source exposure in the exception message exposed in the default error response?

            jperkins-rhn James Perkins
            jperkins-rhn James Perkins
            0 Vote for this issue
            8 Start watching this issue