Uploaded image for project: 'WildFly WIP'
  1. WildFly WIP
  2. WFWIP-342

Bootable JAR - RESTEasy JAXB end-point return unexpected 400 response

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • None
    • None

      RFE link: EAP7-1385

      RESTEasy JAXB end-point on bootable jar return unexpected 400 response with these security params:

          <context-param>
        <param-name>resteasy.document.secure.processing.feature</param-name>
        <param-value>true</param-value>
    </context-param>
    <context-param>
        <param-name>resteasy.document.secure.disableDTDs</param-name>
        <param-value>false</param-value>
    </context-param>
    <context-param>
        <param-name>resteasy.document.expand.entity.references</param-name>
        <param-value>false</param-value>
    </context-param>

      Used layers:

      • jaxrs-server
      • microprofile-config

      Although this test is security related, AFAIK this is not related with legacy-security/elytron configuration, because related params are used in javax.xml.parsers.DocumentBuilderFactory directly from RESTEasy. Anyway let me know if I'm wrong.

      Steps to reproduce:

      1. use installed WF version with reasonable layers, eg: WF_VERSION=21.0.0.Beta1-SNAPSHOT #
      2. git clone git@github.com:marekkopecky/Resteasy.git -b bootable-jar-3-12-secure-processing
      3. cd Resteasy
      4. mvn install -DskipTests -Dcheckstyle.skip=true
      5. cd testsuite
      6. mvn install:install-file -Dpackaging=pom -Dfile=pom.xml -DpomFile=pom.xml
      7. cd integration-tests
      8. mvn clean install -Dts.bootable -Ddefault=false -Ddisable.microprofile.tests -Dserver.version=${WF_VERSION} -Dserver.home=placeholder -Dcheckstyle.skip=true -Denforcer.skip -Dcheckstyle.skip=true -Dmaven.test.redirectTestOutputToFile=false

      I can move these steps outside of TS, but I believe that TS doesn't affects this bootable jar behaviour, so it doesn't seem to be necessary.

      I see just this unexpected&suspicious console output although I'm not sure whether it's related or not:

      [org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 189; External DTD: Failed to read external DTD &#x27;SecureProcessing_external.dtd&#x27;, because &#x27;file&#x27; access is not allowed due to restriction set by the accessExternalDTD property.]

      cc: fburzigo, yborgess1@redhat.com, rhn-support-asoldano, rsigal@redhat.com

              jdenise@redhat.com Jean Francois Denise
              mkopecky@redhat.com Marek Kopecky
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: