]
Marek Kopecky commented on WFWIP-342:
-------------------------------------
I also see similar behaviour on SecureProcessing2Test and ExternalParameterEntityTest
tests from RESTEasy TS
Bootable JAR - RESTEasy JAXB end-point return unexpected 400
response
---------------------------------------------------------------------
Key: WFWIP-342
URL:
https://issues.redhat.com/browse/WFWIP-342
Project: WildFly WIP
Issue Type: Bug
Reporter: Marek Kopecky
Assignee: Jean Francois Denise
Priority: Blocker
RFE link: EAP7-1385
RESTEasy JAXB end-point on bootable jar return unexpected 400 response with these
security params:
{code:xml}
<context-param>
<param-name>resteasy.document.secure.processing.feature</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>resteasy.document.secure.disableDTDs</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>resteasy.document.expand.entity.references</param-name>
<param-value>false</param-value>
</context-param>
{code}
Used layers:
* jaxrs-server
* microprofile-config
Although this test is security related, AFAIK this is not related with
legacy-security/elytron configuration, because related params are used in
javax.xml.parsers.DocumentBuilderFactory directly from RESTEasy. Anyway let me know if
I'm wrong.
Steps to reproduce:
# use installed WF version with reasonable layers, eg: WF_VERSION=21.0.0.Beta1-SNAPSHOT
#
# git clone git@github.com:marekkopecky/Resteasy.git -b
bootable-jar-3-12-secure-processing
# cd Resteasy
# mvn install -DskipTests -Dcheckstyle.skip=true
# cd testsuite
# mvn install:install-file -Dpackaging=pom -Dfile=pom.xml -DpomFile=pom.xml
# cd integration-tests
# mvn clean install -Dts.bootable -Ddefault=false -Ddisable.microprofile.tests
-Dserver.version=${WF_VERSION} -Dserver.home=placeholder -Dcheckstyle.skip=true
-Denforcer.skip -Dcheckstyle.skip=true -Dmaven.test.redirectTestOutputToFile=false
I can move these steps outside of TS, but I believe that TS doesn't affects this
bootable jar behaviour, so it doesn't seem to be necessary.
I see just this unexpected&suspicious console output although I'm not sure
whether it's related or not:
{noformat}
[org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 189; External DTD: Failed to
read external DTD 'SecureProcessing_external.dtd', because
'file' access is not allowed due to restriction set by the
accessExternalDTD property.]
{noformat}
cc: [~fburzigo], [~yersan], [~asoldano], [~ron_sigal]