cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raul Guiu <raulg...@gmail.com>
Subject Re: CXF Uploads file completely on a POST even after authentication error (401)
Date Tue, 21 Oct 2014 21:29:25 GMT
Thanks a lot Sergey

On 21 October 2014 22:45, Sergey Beryozkin <sberyozkin@gmail.com> wrote:

> I've updated JAXRSInInterceptor accordingly. The caching was already
> disabled in case of 413 but not for other error statuses...
>
> Cheers, Sergey
>
> On 21/10/14 17:55, Sergey Beryozkin wrote:
>
>> Dan has explained to me that it is generally very tricky to cancel the
>> complete 'pull' of the whole payload from the client connection,
>> especially if HTTPUrlConnection is used to upload the resources...
>>
>> However it is possible to control at the CXF server side the caching
>> process, the only issue there that aborting the request via the standard
>> JAX-RS 2.0 filter API does not fit one to one into the CXF internal
>> model where the exceptions flow into the chain where no caching is
>> enforced...
>>
>> I'm going to do a bit of work for the requestContext.abortWith() calls
>> disabling the caching; in meantime the workaround is to throw some
>> runtime exception from the filter which can not be mapped with JAX-RS
>> 2.0 ExceptionMapper and register CXF FaultOutInterceptor (in
>> jaxrs:outFaultInterceptors) that will react to it and set 401...
>>
>> Thanks, Sergey
>>
>> On 21/10/14 15:45, Sergey Beryozkin wrote:
>>
>>> Never mind, given that you work with the annotations on a matched method
>>> it can not have @PreMatch...
>>>
>>> Cheers, Sergey
>>> On 21/10/14 15:42, Sergey Beryozkin wrote:
>>>
>>>> Hi
>>>>
>>>> Does your ContainerRequestFilter has a @PreMatch annotation ?
>>>>
>>>> Cheers, Sergey
>>>> On 21/10/14 14:40, Raul Guiu wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I posted the same question in StackOverflow but didn't got any
>>>>> response (
>>>>> http://stackoverflow.com/questions/26470597/cxf-post-
>>>>> uploads-a-file-completely-even-after-authentication-error-401).
>>>>>
>>>>>
>>>>>
>>>>> I will try to explain it slighly differently here:
>>>>>
>>>>> Basically we have a POST with a multipart file. Like the following:
>>>>>
>>>>> @OurOwnSecurityAnnotation(AUTHENTICATED_USER)
>>>>> @POST@Path("/file")@Consumes(MediaType.MULTIPART_FORM_DATA)Response
>>>>> uploadFile(
>>>>>          @Multipart("uploadedFile") @ApiParam(name = "uploadedFile",
>>>>> value = "File to transfer") Attachment file)
>>>>>          throws OnDoesNotExistsException;
>>>>>
>>>>>
>>>>> Out authentication process fails (as we expected) on a Filter with:
>>>>>
>>>>> requestContext.abortWith(
>>>>>              // code here to create Response with error code 401
>>>>> Unauthorised
>>>>>           );
>>>>>
>>>>>
>>>>> Everything seems to work fine. But under the hook the request gets
>>>>> blocked
>>>>> until the file gets completely uploaded. We have been able to see this
>>>>> using a throttled proxy.
>>>>>
>>>>> This is initialed in:
>>>>>
>>>>> JAXRSOutInterceptor
>>>>>
>>>>> And the blocking part of the call happens in the class
>>>>> DelegatingInputStream:
>>>>>
>>>>>      /**
>>>>>       * Read the entire original input stream and cache it.  Useful
>>>>>       * if switching threads or doing something where the original
>>>>>       * stream may not be valid by the time the next read() occurs
>>>>>       */
>>>>>      public void cacheInput() {...}
>>>>>
>>>>> This writes the file completely into a temp directory, like:
>>>>>
>>>>> /usr/local/Cellar/tomcat7/7.0.55/libexec/temp/cxf-tmp-834340
>>>>>
>>>>>
>>>>> Also, if we do use:
>>>>>
>>>>> LoggingInInterceptor
>>>>>
>>>>> The file save will be triggered by this filter before the
>>>>> authentication.
>>>>>
>>>>> I would think the writing to disk doesn't need to happen under a failed
>>>>> authentication.
>>>>>
>>>>> I am not sure if this is behaving as planned, it is a bug or I am doing
>>>>> something wrong.
>>>>>
>>>>> Any comments will be appreciated.
>>>>>
>>>>> Thanks a lot.
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message