NPE when no sub-resource method found that matches to the request
-----------------------------------------------------------------
Key: CXF-1655
URL: https://issues.apache.org/jira/browse/CXF-1655
Project: CXF
Issue Type: Bug
Components: REST
Affects Versions: 2.1
Reporter: Zagyvai Balazs
Hi,
In the process of matching a request to a resource method, a sub-resource
locator (if any involved) returns a sub-resource class. CXF will try to find a
method in that class with which it continues the request matching, but it
doesn't check if a suitable method can actually be found. This can result in a
NPE.
At org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:139):
OperationResourceInfo subOri = JAXRSUtils.findTargetMethod(subCri,
subResourcePath,
httpMethod,
values,
contentType,
acceptContentType);
This call to findTargetMethod() is made in order to get the handler method from
the sub-resource class. At this point a check is missing to see whether subOri
is null, because later it is assumed to represent either a sub-resource method
or a sub-resource locator.
subOri can be null for a number of reasons:
1. no method found with matching URI template,
2. no resource method found for the given httpMethod,
3. no method found with matching @ConsumeMime value,
4. no method found with matching @ProduceMime value.
According to the JAX-RS spec v0.6, section 2.5, step 3, the above cases have to
result in:
1. well, not sure about this, step 3.(c) simply says "otherwise no matching
resource method can be found and the algorithm terminates". I would guess a not
found response (HTTP 404 status) would be proper, as this is similar to the
case in step 2.(e).
2. a method not allowed response (HTTP 405 status)
3. an unsupported media type response (HTTP 415 status)
4. a not acceptable response (HTTP 406 status)
Sorry, I don't feel familiar enough with the code yet to try to send a patch
for this bug.
Thanks,
Balazs
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
