Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JerseySupport error response masking hard coded #2730

Closed
dansiviter opened this issue Feb 3, 2021 · 3 comments
Closed

JerseySupport error response masking hard coded #2730

dansiviter opened this issue Feb 3, 2021 · 3 comments
Assignees
@spericas
Labels
enhancement New feature or request jax-rs JAX-RS and Jersey related issues
Milestone
2.2.1

Comments

@dansiviter
Copy link
Contributor

Environment Details

  • Helidon Version: 2.2.1-SNAPSHOT
  • Helidon SE or Helidon MP
  • JDK version: N/A
  • OS: N/A
  • Docker version (if applicable):

Problem Description

Hiding/masking of error responses is hard coded in JerseySupport.java#119. With applications that already sanitise the error responses there is often a desire to be able to consume the payload.

This has two problems:

  • Moving away from default behaviour of Jersey Client which will cause confusion,
  • Not possible to disable.

IMO this is opt-in behaviour and should be neither the default or hard-coded.

Steps to reproduce

N/A
@spericas
Copy link
Member

spericas commented Feb 4, 2021

@dansiviter We absolutely need to change the default as this behavior presents a security risk. The app can override this by re-setting the property, but I agree this can be tricky as it depends on the loading of JerseySupport. One possible minor improvement would be for the code to make sure the property is unset (null) before setting it. The way an app could override this externally. Would that help in your case?

Application developers can also define their own exception mappers.

@spericas spericas self-assigned this Feb 4, 2021
@spericas spericas added enhancement New feature or request jax-rs JAX-RS and Jersey related issues labels Feb 4, 2021
@spericas spericas added this to the 2.2.1 milestone Feb 4, 2021
@dansiviter
Copy link
Contributor Author

dansiviter commented Feb 4, 2021
edited
Loading

Thinking about it, if we can just have this come from the normal configuration mechanism this would suffice. Happy for it to default to true if we can globally set this (but not via System properties 😄).

Update: deleted my previous comment as my thoughts have shifted a little.

@spericas
Copy link
Member

spericas commented Feb 4, 2021

PR #2737

@spericas spericas mentioned this issue Feb 4, 2021
Merged
@spericas spericas closed this as completed Feb 5, 2021
@m0mus m0mus added this to Backlog Aug 12, 2024
@m0mus m0mus moved this to Closed in Backlog Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spericas spericas

Labels
enhancement New feature or request jax-rs JAX-RS and Jersey related issues
Projects
Backlog
Archived in project
Milestone
2.2.1
Development

No branches or pull requests
2 participants
@dansiviter @spericas