Uploaded image for project: 'Red Hat Process Automation Manager'
  1. Red Hat Process Automation Manager
  2. RHPAM-4876

exclusion on kie server affect custom endpoints

XMLWordPrintable

      Implementing a custom endopoint:

       

      @ApiOperation(value = "Completes Specified User Task in a specified KIE Container.", code = 200)
      	@ApiResponses(value = { @ApiResponse(code = 500, message = "Unexpected error"),
      			@ApiResponse(code = 404, message="User Task Not Found"),
      			@ApiResponse(code = 200,message="SUCCESS")/* examples = @Example(value = {
      					@ExampleProperty(mediaType ="application/json", value = "NO-Content") }))*/ })
      	@PUT
      	@Path("containers/{containerId}/tasks/{taskInstanceId}/states/completed")
      	@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML, MediaType.TEXT_PLAIN })
      	@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML, MediaType.TEXT_PLAIN })
      	public Response completeUserTask(@javax.ws.rs.core.Context HttpHeaders headers,
      			@ApiParam(value = "identifier of the Container to be fetched", required = true, example = "Example_1.0.3-SNAPSHOT") @PathParam("containerId") String containerId,
      			@ApiParam(value = "identifier of the TaskInstance to be fetched", required = true, example = "12") @PathParam("taskInstanceId") Long taskInstanceId,
      			@ApiParam(value = "optional user id to be used instead of authenticated user - only when bypass authenticated user is enabled", required = false) @QueryParam("user") String user,
      			@ApiParam(value = "optional flag that allows to directly claim and start task (if needed) before completion", required = false) @QueryParam("auto-progress") boolean autoprogress,
      			@ApiParam(value = "Optional Output Variables can be passed to User Task", required = false, examples=@Example(value= {
                          @ExampleProperty(mediaType ="application/json", value=COMPLETE_USERTASK_JSON)})) Map<String, Object> outputvariables)  

      is faling in RHPAM version 7.13.4

       

      024-01-05 11:15:07,010 | hz0v:13119547 | FUSE-taskjms:pim-case-uber:13119547:41538317 | PAM-WIH:pim-case-uber:13119547:41538317 | ERROR | org.jboss.resteasy.resteasy_ja | RESTEASY002010: Failed to execute: javax.ws.rs.NotSupportedException: RESTEASY003200: Could not find message body reader for type: org.jboss.resteasy.util.Types$1@3d5f3ab6 of content type: application/json
      	at org.jboss.resteasy.resteasy-jaxrs@3.15.7.Final-redhat-00001//org.jboss.resteasy.core.interception.ServerReaderInterceptorContext.throwReaderNotFound(ServerReaderInterceptorContext.java:53)
      	at org.jboss.resteasy.resteasy-jaxrs@3.15.7.Final-redhat- 

      The origin seems to be: 

       

      https://issues.redhat.com/browse/RHPAM-4700

       

      https://github.com/kiegroup/droolsjbpm-integration/pull/2959/files

       

      A exclusion to use correct snakeyaml. Nowadays (RHPAM 7.13.4+) exclusion is not needed as:

       

      snakeyaml issue has been solved in EAP itself since EAP 7.4.10.

      https://access.redhat.com/errata/RHSA-2023:1516
      ~~~
      Security Fix(es):
          SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
          ...
      ~~~

      In addition, EAP 7.4.10+ is required for RHPAM 7.13.3+ https://access.redhat.com/articles/3405381

            rhn-support-tkobayas Toshiya Kobayashi
            afanjula@redhat.com Alberto Fanjul Alonso
            Daniel Rosa Daniel Rosa
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: