Bug 867772

Summary: Invalid or empty POST data for action URIs cause unhandled exceptions
Product: Red Hat Enterprise Virtualization Manager Reporter: David Jaša <djasa>
Component: ovirt-engine-restapiAssignee: Ori Liel <oliel>
Status: CLOSED CANTFIX QA Contact: Oded Ramraz <oramraz>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.1.0CC: bazulay, dyasny, ecohen, iheim, mpastern, Rhev-m-bugs, ykaul
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-16 10:54:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Jaša 2012-10-18 09:28:21 UTC 
Description of problem:
Invalid or empty POST data for action URIs cause unhandled exceptions

Version-Release number of selected component (if applicable):
si19.1 / 3.1.0-18

How reproducible:
always

Steps to Reproduce:
1. issue curl ... -X POST https://rhevm.example.org/vms/<vm_uuid>/ticket
2. issue curl ... -X POST -d "g>arb<--age<>>>" <rhevm_action_uri>
3.
  
Actual results:
in both cases, exceptions are returned back to client and noted in server.log:
2012-10-18 11:15:43,111 WARN  [org.jboss.resteasy.core.SynchronousDispatcher] (ajp-/127.0.0.1:8009-2) Failed executing POST /vms/ad5f7497-120d-40da-9093-c9c4b8919e50/ticket: org.jboss.resteasy.plugins.providers.jaxb.JAXBUnmarshalExceptio
n: javax.xml.bind.UnmarshalException
 - with linked exception:
[org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.]
        at ...
<snip>
Caused by: javax.xml.bind.UnmarshalException
 - with linked exception:
[org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.]
        at ...
<snip>
Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.
        at ...

Expected results:
The exception are caught and "400 Bad Request" error is presented to the API user.

Additional info:
Comment 1 Michael Pasternak 2012-10-18 09:55:52 UTC 
not sure we can work this, exception thrown from resteasy before we 
gain control over your request.
Comment 2 Ori Liel 2012-12-03 10:27:17 UTC 
rest-easy provides interception points, but none of them is before the jaxb unmarshalling is activated, so they don't help us. I've posted a question on the rest-easy developers list: 

http://sourceforge.net/mailarchive/forum.php?thread_name=347661430.1276939.1351515960408.JavaMail.root%40redhat.com&forum_name=resteasy-developers