Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-3380

Source references exposed in RESTEasy error response

    XMLWordPrintable

Details

    Description

      The Jackson provider may expose unwanted source references in a default RESTEasy 400 error response. This is reproduced easily with the jaxrs-client quick start and testing a bad POST if you start A container with RESTEasy with -Dresteasy.preferJacksonOverJsonB=true. Note the unwanted source reference:

      $ curl -X POST localhost:8080/jaxrs-client/rest/contacts -H "Content-Type: application/json" -d '[['
      com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize value of type `org.jboss.as.quickstarts.jaxrsclient.model.Contact` from Array value (token `JsonToken.START_ARRAY`)
       at [Source: (io.undertow.servlet.spec.ServletInputStreamImpl); line: 1, column: 1]
      

      It can be masked with a custom ExceptionHandler that checks and avoids message output, but any improvement we might consider to avoid that source exposure in the exception message exposed in the default error response?

      Attachments

        Issue Links

          Activity

            People

              jperkins-rhn James Perkins
              jperkins-rhn James Perkins
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: