[JBoss JIRA] (WFWIP-342) Bootable JAR - RESTEasy JAXB end-point return unexpected 400 response - jboss-jira

Tuesday, 1 September 2020

    [
https://issues.redhat.com/browse/WFWIP-342?page=com.atlassian.jira.plugin...
] 

Jean Francois Denise commented on WFWIP-342:
--------------------------------------------

I can only reproduce with Bootable JAR, problem is unrelated to galleon.

It is caused by some JBoss module magic done to set the proper JAXP factories at boot. I
logged WFCORE-5110

...
 Bootable JAR - RESTEasy JAXB end-point return unexpected 400
response
 ---------------------------------------------------------------------

                 Key: WFWIP-342
                 URL: https://issues.redhat.com/browse/WFWIP-342
             Project: WildFly WIP
          Issue Type: Bug
            Reporter: Marek Kopecky
            Assignee: Jean Francois Denise
            Priority: Blocker

 RFE link: EAP7-1385
 RESTEasy JAXB end-point on bootable jar return unexpected 400 response with these
security params:
 {code:xml}
     <context-param>
         <param-name>resteasy.document.secure.processing.feature</param-name>
         <param-value>true</param-value>
     </context-param>
     <context-param>
         <param-name>resteasy.document.secure.disableDTDs</param-name>
         <param-value>false</param-value>
     </context-param>
     <context-param>
         <param-name>resteasy.document.expand.entity.references</param-name>
         <param-value>false</param-value>
     </context-param>
 {code}
 Used layers:
 * jaxrs-server
 * microprofile-config
 Although this test is security related, AFAIK this is not related with
legacy-security/elytron configuration, because related params are used in
javax.xml.parsers.DocumentBuilderFactory directly from RESTEasy. Anyway let me know if
I'm wrong.
 Steps to reproduce:
 #  use installed WF version with reasonable layers, eg: WF_VERSION=21.0.0.Beta1-SNAPSHOT
#
 # git clone git@github.com:marekkopecky/Resteasy.git -b
bootable-jar-3-12-secure-processing
 # cd Resteasy
 # mvn install -DskipTests -Dcheckstyle.skip=true
 # cd testsuite
 # mvn install:install-file -Dpackaging=pom -Dfile=pom.xml -DpomFile=pom.xml
 # cd integration-tests
 # mvn clean install -Dts.bootable -Ddefault=false -Ddisable.microprofile.tests
-Dserver.version=${WF_VERSION} -Dserver.home=placeholder -Dcheckstyle.skip=true
-Denforcer.skip -Dcheckstyle.skip=true -Dmaven.test.redirectTestOutputToFile=false
 I can move these steps outside of TS, but I believe that TS doesn't affects this
bootable jar behaviour, so it doesn't seem to be necessary.
 I see just this unexpected&suspicious console output although I'm not sure
whether it's related or not:
 {noformat}
 [org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 189; External DTD: Failed to
read external DTD &#x27;SecureProcessing_external.dtd&#x27;, because
&#x27;file&#x27; access is not allowed due to restriction set by the
accessExternalDTD property.]
 {noformat}
 cc: [~fburzigo], [~yersan], [~asoldano], [~ron_sigal] 

--
This message was sent by Atlassian Jira
(v7.13.8#713008)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[JBoss JIRA] (WFWIP-342) Bootable JAR - RESTEasy JAXB end-point return unexpected 400 response