-
Bug
-
Resolution: Done
-
Major
-
4.7.9.Final, 5.0.8.Final, 6.2.5.Final
-
None
-
None
The Jackson provider may expose unwanted source references in a default RESTEasy 400 error response. This is reproduced easily with the jaxrs-client quick start and testing a bad POST if you start A container with RESTEasy with -Dresteasy.preferJacksonOverJsonB=true. Note the unwanted source reference:
$ curl -X POST localhost:8080/jaxrs-client/rest/contacts -H "Content-Type: application/json" -d '[[' com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize value of type `org.jboss.as.quickstarts.jaxrsclient.model.Contact` from Array value (token `JsonToken.START_ARRAY`) at [Source: (io.undertow.servlet.spec.ServletInputStreamImpl); line: 1, column: 1]
It can be masked with a custom ExceptionHandler that checks and avoids message output, but any improvement we might consider to avoid that source exposure in the exception message exposed in the default error response?
- causes
-
RESTEASY-3443 JsonProcessingExceptionMapper should return a 400 response rather than a 500
- Resolved
- is incorporated by
-
WFLY-18916 Upgrade RESTEasy from 6.2.6.Final to 6.2.7.Final
- Closed