rzo1 opened a new pull request, #1822: URL: https://github.com/apache/cxf/pull/1822
Hi all, I am currently checking the integration of CXF 4.1.0-SNAPSHOT into TomEE 10 and I noticed a change in `AbstractHTTPDestination`. An additional `try-catch` was added around `getUserPrincipal()` catching any kind of `Exception` and just returning `null`. Was this intentional (or required by the spec)? I think, that we shouldn't catch everything here. I noticed this change by debugging TomEE's Microprofile JWT integration and one specific TCK test was failing: ``` org.eclipse.microprofile.jwt.tck.container.jaxrs.EmptyTokenTest#invalidToken ``` The provided token is invalid, we cannot parse a principal out of it and since it is in an invalid format anyway, our impl will throw an exception. This exception is now caught and mapped to `null`, which is quite bad (as it will just return http 200 instead of 401). wdyt? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
