[
https://issues.apache.org/jira/browse/CXF-6297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14378023#comment-14378023
]
Dmitry Kozlov commented on CXF-6297:
------------------------------------
Hi [~sergey_beryozkin],
Thank you very much! :) I have a quick question though: I've recently broken
down my application into sub-resources to simplify maintenance, but have found
that global request filters are now applied twice. With response filters
applied once only.
This introduces certain overhead. E.g. auth filter is now applied twice
(basically it's applied against each (sub-)resource call in request).
I'm not sure if this is a bug, since it seems legit for {{Order}} case as
described here:
http://cxf.apache.org/docs/jax-rs-basics.html#JAX-RSBasics-Sub-resourcelocators.
But it would definitely be nice to have some way to handle it in the way that
allows to avoid double authentication.
I might be missing something. Your advice appreciated. Thanks!
> JAX-RS BeanValidation feature fails with NPE in
> JAXRSBeanValidationOutInterceptor on sub-resource call
> ------------------------------------------------------------------------------------------------------
>
> Key: CXF-6297
> URL: https://issues.apache.org/jira/browse/CXF-6297
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 3.0.4
> Reporter: Dmitry Kozlov
> Assignee: Sergey Beryozkin
> Fix For: 3.1.0, 3.0.5
>
>
> With {{JAXRSBeanValidationFeature}} enabled CXF fails to process request to
> sub-resource with exception like this:
> {code}
> 23:58:16.049 [qtp457732796-28] WARN o.a.cxf.phase.PhaseInterceptorChain -
> Interceptor for {http://example.com/}MainResource has thrown exception,
> unwinding now
> java.lang.NullPointerException: null
> at
> org.apache.cxf.jaxrs.validation.ValidationUtils.getResourceInstance(ValidationUtils.java:39)
> ~[cxf-rt-frontend-jaxrs-3.0.4.jar:3.0.4]
> at
> org.apache.cxf.jaxrs.validation.JAXRSBeanValidationOutInterceptor.getServiceObject(JAXRSBeanValidationOutInterceptor.java:44)
> ~[cxf-rt-frontend-jaxrs-3.0.4.jar:3.0.4]
> at
> org.apache.cxf.validation.AbstractValidationInterceptor.handleMessage(AbstractValidationInterceptor.java:60)
> ~[cxf-core-3.0.4.jar:3.0.4]
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
> [cxf-core-3.0.4.jar:3.0.4]
> at
> org.apache.cxf.interceptor.OutgoingChainInterceptor.handleMessage(OutgoingChainInterceptor.java:83)
> [cxf-core-3.0.4.jar:3.0.4]
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
> [cxf-core-3.0.4.jar:3.0.4]
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> [cxf-core-3.0.4.jar:3.0.4]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
> [cxf-rt-transports-http-3.0.4.jar:3.0.4]
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> [cxf-rt-transports-http-3.0.4.jar:3.0.4]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> [cxf-rt-transports-http-3.0.4.jar:3.0.4]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> [cxf-rt-transports-http-3.0.4.jar:3.0.4]
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
> [cxf-rt-transports-http-3.0.4.jar:3.0.4]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
> [cxf-rt-transports-http-3.0.4.jar:3.0.4]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:217)
> [cxf-rt-transports-http-3.0.4.jar:3.0.4]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
> [javax.servlet-api-3.1.0.jar:3.1.0]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:268)
> [cxf-rt-transports-http-3.0.4.jar:3.0.4]
> ...
> {code}
> The example resource code:
> {code}
> @Path("/main")
> public interface MainResource {
> @Path("/sub/{id}")
> SubResource subResource(@PathParam @Size(min=3, max=255) String id);
> }
> -----
> public interface SubResource {
> @GET
> @Path("/items")
> List<String> items();
> }
> GET http://example.com/main/sub/123/items
> {code}
> NPE happens at
> [ValidationUtils.java:39|https://github.com/apache/cxf/blob/c79696bfc1aee1d1204cbd592f6bc5c83c0d9dae/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/validation/ValidationUtils.java#L39],
> since {{resourceProvider}} retrieved on previous line is {{null}}:
> {code:java|firstline=33|highlight=39}
> public static Object getResourceInstance(Message message) {
> final OperationResourceInfo ori =
> message.getExchange().get(OperationResourceInfo.class);
> if (ori == null) {
> return null;
> }
> final ResourceProvider resourceProvider =
> ori.getClassResourceInfo().getResourceProvider();
> if (!resourceProvider.isSingleton()) {
> String error = "Service object is not a singleton, use a custom
> invoker to validate";
> LOG.warning(error);
> return null;
> } else {
> return resourceProvider.getInstance(message);
> }
> {code}
> This happens only during invocation of {{JAXRSBeanValidationOutInterceptor}}
> and only when calling sub-resources as in example above.
> h3. Partial Workaround
> The partial workaround is to enable in-interceptor only. But this won't work
> for people wishing to validate response entities as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
