[
https://issues.apache.org/jira/browse/ISIS-2626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17334519#comment-17334519
]
Andi Huber commented on ISIS-2626:
----------------------------------
Having another Filter should do the trick, while nicely separating concerns.
Though we do have one similar interception mechanism in place, that is when the
meta-model is invalid, a special page is served, listing all the validation
failures. I was wondering whether we can just reuse this hook for the case,
when the app is not yet fully initialized.
Perhaps the "not yet ready" page could include a hyperlink to whatever the user
submitted, allowing the user to retry.
> Do not serve HTTP requests until the Application is fully initialized.
> ----------------------------------------------------------------------
>
> Key: ISIS-2626
> URL: https://issues.apache.org/jira/browse/ISIS-2626
> Project: Isis
> Issue Type: Improvement
> Components: Isis Core
> Reporter: Andi Huber
> Assignee: Andi Huber
> Priority: Major
> Fix For: 2.0.0-M6
>
>
> That's currently a denial of service vector, as HTTP requests that happen too
> early during bootstrapping have the side effect of triggering meta-model
> validation too early, which leaves the application in an unusable state. As
> meta-model validation, while yet only partly inspected, will most likely lead
> to a validation failure that renders the application permanently broken until
> restarted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
