Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-1826

RESTEasy returns wrong error message if JSON-B provider receive corrupted json data

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: 4.0.0.Beta2, 3.5.0.Final
    • Fix Version/s: 3.5.1.Final, 4.0.0.Beta3
    • Component/s: None
    • Labels:
      None

      Description

      Client side

      RESTEasy client returns wrong error message if JSON-B provider receive corrupted json data

      Steps to reproduce

      • JSON-B is used on client, JSON-B is not used on server, server uses custom json provider that returns corrupted json data
      1. Client send GET request to server
      2. Server returns object, custom provider uses toString method, that doesn't doesn't create correct JSON data
      3. Client receive data with "json" media type, but data was created by toString method

      Expected results:
      JSON-B on client should throw user-friendly exception, because toString method doesn't create correct JSON data

      Actual results:

      • Invalid bundle interface org.jboss.resteasy.plugins.providers.jsonb.i18n.Messages (implementation not found)
      • Details:
        12:25:40.129 INFO  [com.resteasy.test.App] (main) java.lang.ExceptionInInitializerError
        	at org.jboss.resteasy.plugins.providers.jsonb.JsonBindingProvider.readFrom(JsonBindingProvider.java:56)
        	at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.readFrom(AbstractReaderInterceptorContext.java:66)
        	at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:56)
        	at org.jboss.resteasy.client.jaxrs.internal.ClientResponse.readFrom(ClientResponse.java:324)
        	at org.jboss.resteasy.client.jaxrs.internal.ClientResponse.readEntity(ClientResponse.java:251)
        	at org.jboss.resteasy.specimpl.BuiltResponse.readEntity(BuiltResponse.java:237)
        	at com.resteasy.test.App.main(App.java:106)
        Caused by: java.lang.IllegalArgumentException: Invalid bundle interface org.jboss.resteasy.plugins.providers.jsonb.i18n.Messages (implementation not found)
        	at org.jboss.logging.Messages$1.run(Messages.java:83)
        	at java.security.AccessController.doPrivileged(Native Method)
        	at org.jboss.logging.Messages.getBundle(Messages.java:58)
        	at org.jboss.logging.Messages.getBundle(Messages.java:46)
        	at org.jboss.resteasy.plugins.providers.jsonb.i18n.Messages.<clinit>(Messages.java:12)
        	... 7 more
        

      Server side

      RESTEasy server logs exception without any useful information if JSON-B provider receive corrupted json data. Server doesn't return any useful information in response message

      Steps to reproduce

      • JSON-B is not used on client, JSON-B is used on server
      • client uses custom json provider that returns corrupted json data
      1. client sends corrupted json data to server

      Actual results:

      • Server logs this exception:
        12:52:04,322 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /war_with_jsonb/test/jsonBinding/repeater: java.lang.ExceptionInInitializerError
        	at org.jboss.resteasy.plugins.providers.jsonb.JsonBindingProvider.readFrom(JsonBindingProvider.java:56)
        	at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.readFrom(AbstractReaderInterceptorContext.java:66)
        	at org.jboss.resteasy.core.interception.ServerReaderInterceptorContext.readFrom(ServerReaderInterceptorContext.java:61)
        	at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:56)
        	at org.jboss.resteasy.security.doseta.DigitalVerificationInterceptor.aroundReadFrom(DigitalVerificationInterceptor.java:36)
        	at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:59)
        	at org.jboss.resteasy.core.MessageBodyParameterInjector.inject(MessageBodyParameterInjector.java:203)
        	at org.jboss.resteasy.core.MethodInjectorImpl.injectArguments(MethodInjectorImpl.java:92)
        	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:115)
        	at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:511)
        	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:402)
        	at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:366)
        	at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:361)
        	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:368)
        	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:340)
        	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:313)
        	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:441)
        	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:231)
        	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:137)
        	at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:361)
        	at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:140)
        	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:217)
        	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
        	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
        	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
        	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
        	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
        	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
        	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
        	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
        	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
        	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
        	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
        	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
        	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
        	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
        	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
        	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
        	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
        	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
        	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
        	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
        	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
        	at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
        	at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
        	at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
        	at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
        	at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
        	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
        	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
        	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
        	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
        	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
        	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        	at java.lang.Thread.run(Thread.java:748)
        Caused by: java.lang.IllegalArgumentException: Invalid bundle interface org.jboss.resteasy.plugins.providers.jsonb.i18n.Messages (implementation not found)
        	at org.jboss.logging.Messages$1.run(Messages.java:83)
        	at java.security.AccessController.doPrivileged(Native Method)
        	at org.jboss.logging.Messages.getBundle(Messages.java:58)
        	at org.jboss.logging.Messages.getBundle(Messages.java:46)
        	at org.jboss.resteasy.plugins.providers.jsonb.i18n.Messages.<clinit>(Messages.java:12)
        	... 63 more
        
      • Client receive 500 HTTP code and previous exception in response body, but without "Caused by: " part.

      Expected results:

      • JSON-B provider on server should not log any stacktrace of exception, because this log could cause large server log files without any important information
      • Server should returns relevant error message in response

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  rsearls r searls
                  Reporter:
                  mkopecky Marek Kopecky
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: