I suppose if Authorization is empty then one option is to assume the
blank credentials are provided. Is there some text around supporting it
? We might be able to fix it for 3.1.8
I guess for now you can register a servlet filter to deal with the empty
header.
Cheers, Sergey
On 29/07/16 10:55, Allan C. wrote:
Dear all,
I am testing on a REST api, running on CXF 3.1.6 over pax-web 4.2.6. The
API accepts a header "Authorization".
The problem is that if the value is provided for the header, everything is
fine and the behaviour is expected (HTTP status 401 or 200, depending if
the value is correct or not). However, if the header is an empty String,
the following exception is thrown:
java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
at java.util.ArrayList.rangeCheck(ArrayList.java:653)[:1.8.0_102]
at java.util.ArrayList.get(ArrayList.java:429)[:1.8.0_102]
at
org.apache.cxf.transport.http.Headers.getAuthorization(Headers.java:528)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5]
at
org.apache.cxf.transport.http.AbstractHTTPDestination.setupMessage(AbstractHTTPDestination.java:390)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5]
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:238)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5]
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5]
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5]
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5]
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5]
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:298)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5]
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:222)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5]
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:687)[73:javax.servlet-api:3.1.0]
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:273)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5]
at
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)[175:org.eclipse.jetty.servlet:9.2.15.v20160210]
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587)[175:org.eclipse.jetty.servlet:9.2.15.v20160210]
at
org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:71)[199:org.ops4j.pax.web.pax-web-jetty:4.2.6]
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)[174:org.eclipse.jetty.server:9.2.15.v20160210]
at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)[173:org.eclipse.jetty.security:9.2.15.v20160210]
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)[174:org.eclipse.jetty.server:9.2.15.v20160210]
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)[174:org.eclipse.jetty.server:9.2.15.v20160210]
at
org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:276)[199:org.ops4j.pax.web.pax-web-jetty:4.2.6]
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)[175:org.eclipse.jetty.servlet:9.2.15.v20160210]
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)[174:org.eclipse.jetty.server:9.2.15.v20160210]
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)[174:org.eclipse.jetty.server:9.2.15.v20160210]
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)[174:org.eclipse.jetty.server:9.2.15.v20160210]
at
org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80)[199:org.ops4j.pax.web.pax-web-jetty:4.2.6]
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)[174:org.eclipse.jetty.server:9.2.15.v20160210]
at
org.eclipse.jetty.server.Server.handle(Server.java:499)[174:org.eclipse.jetty.server:9.2.15.v20160210]
at
org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)[174:org.eclipse.jetty.server:9.2.15.v20160210]
at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)[174:org.eclipse.jetty.server:9.2.15.v20160210]
at
org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)[166:org.eclipse.jetty.io:9
.2.15.v20160210]
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)[177:org.eclipse.jetty.util:9.2.15.v20160210]
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)[177:org.eclipse.jetty.util:9.2.15.v20160210]
at java.lang.Thread.run(Thread.java:745)[:1.8.0_102]
The returned response body is an HTML, showing the stacktrace. May I know
if there's a way to alter this behaviour to return an empty response body
and/or throw an application exception?
Thanks.
Regards,
Allan C.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
