Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/guacamole-client/pull/291#discussion_r192220048
--- Diff:
guacamole/src/main/java/org/apache/guacamole/rest/RESTExceptionMapper.java ---
@@ -0,0 +1,118 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.rest;
+
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.ext.ExceptionMapper;
+import javax.ws.rs.ext.Provider;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.GuacamoleUnauthorizedException;
+import org.apache.guacamole.rest.auth.AuthenticationService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * A class that maps GuacamoleExceptions in a way that returns a
+ * custom response to the user via JSON rather than allowing the default
+ * web application error handling to take place.
+ */
+@Provider
+@Singleton
--- End diff --
> What's the best way to test the token expiration?
I'd just temporarily modify one of the existing extensions to throw
`GuacamoleUnauthorizedException` in some case which you can easily trigger, and
verify that doing so invalidates the associated token.
> According to this StackOverfow article, it appears they may use "proxies"
(?) to inject the correct request context into the single instance each time an
exception is thrown??
>
>
https://stackoverflow.com/questions/17766072/jax-rs-jersey-exceptionmapper-context-injection-into-static-singleton-class
>
> So maybe it actually turns out okay??
Yeah, it does seem so. Let's correct the comment in that case, which
currently states:
/**
* The request associated with this instance of this mapper.
*/
@Context
private HttpServletRequest request;
Might be helpful to note that the request object is always request scoped
(and will thus always point to the relevant request within `toResponse()`),
even for concurrent requests, regardless of the fact it is a field on a
singleton.
---
