Hi,
We are changing Open Liberty to use the rest-jakarta protocol in Arquillian instead of
servlet-jakarta for running the MicroProfile TCKs. This has resulted in some problems in
the MicroProfile Rest Client TCK tests involving redirects. When REST is used instead of
Servlet a "sanitized" WebApplicationException is being returned rather than the
Response object, which only occurs within a request is handled by RESTEasy. This is due
to code added to the org.jboss.resteasy.microprofile.client.DefaultResponseExceptionMapper
under
https://github.com/resteasy/resteasy/pull/2632 to address a potential vulnerability.
I know you are also working on switching RestEasy / Wildfly TCK testing to use the
rest-jakarta protocol. I would expect you would see this same issue in your testing.
I have been attempting to understand the change in your PR I've listed above,
specifically why it was necessary to add the 300 series status codes as a trigger to use
this DefaultResponseExceptionMapper. It makes sense that a 400 or greater response code
should be handled in this manner, but I'm having difficulty understanding how
returning the response object when a 300 series status is received causes a potential
problem. Especially since this appears to prevent Redirect scenarios involving Rest
clients instead of Servlets from working.
Here is a list of the MP Rest Client TCK tests that are failing using REST vs. Servlet:
[junit] TCK TESTS THAT DID NOT PASS:
[junit] test303Default
[junit] test302Default
[junit] test307Default
[junit] test301Default
[junit] test301Default
[junit] test302Default
[junit] test303Default
[junit] test307Default
[junit]
testPropagationOfResponseDetailsFromDefaultMapper
Thanks