Description of problem: Invalid or empty POST data for action URIs cause unhandled exceptions Version-Release number of selected component (if applicable): si19.1 / 3.1.0-18 How reproducible: always Steps to Reproduce: 1. issue curl ... -X POST https://rhevm.example.org/vms/<vm_uuid>/ticket 2. issue curl ... -X POST -d "g>arb<--age<>>>" <rhevm_action_uri> 3. Actual results: in both cases, exceptions are returned back to client and noted in server.log: 2012-10-18 11:15:43,111 WARN [org.jboss.resteasy.core.SynchronousDispatcher] (ajp-/127.0.0.1:8009-2) Failed executing POST /vms/ad5f7497-120d-40da-9093-c9c4b8919e50/ticket: org.jboss.resteasy.plugins.providers.jaxb.JAXBUnmarshalExceptio n: javax.xml.bind.UnmarshalException - with linked exception: [org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.] at ... <snip> Caused by: javax.xml.bind.UnmarshalException - with linked exception: [org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.] at ... <snip> Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog. at ... Expected results: The exception are caught and "400 Bad Request" error is presented to the API user. Additional info:
not sure we can work this, exception thrown from resteasy before we gain control over your request.
rest-easy provides interception points, but none of them is before the jaxb unmarshalling is activated, so they don't help us. I've posted a question on the rest-easy developers list: http://sourceforge.net/mailarchive/forum.php?thread_name=347661430.1276939.1351515960408.JavaMail.root%40redhat.com&forum_name=resteasy-developers