Hi Does your ContainerRequestFilter has a @PreMatch annotation ?
Cheers, Sergey On 21/10/14 14:40, Raul Guiu wrote:
Hi, I posted the same question in StackOverflow but didn't got any response ( http://stackoverflow.com/questions/26470597/cxf-post-uploads-a-file-completely-even-after-authentication-error-401). I will try to explain it slighly differently here: Basically we have a POST with a multipart file. Like the following: @OurOwnSecurityAnnotation(AUTHENTICATED_USER) @POST@Path("/file")@Consumes(MediaType.MULTIPART_FORM_DATA)Response uploadFile( @Multipart("uploadedFile") @ApiParam(name = "uploadedFile", value = "File to transfer") Attachment file) throws OnDoesNotExistsException; Out authentication process fails (as we expected) on a Filter with: requestContext.abortWith( // code here to create Response with error code 401 Unauthorised ); Everything seems to work fine. But under the hook the request gets blocked until the file gets completely uploaded. We have been able to see this using a throttled proxy. This is initialed in: JAXRSOutInterceptor And the blocking part of the call happens in the class DelegatingInputStream: /** * Read the entire original input stream and cache it. Useful * if switching threads or doing something where the original * stream may not be valid by the time the next read() occurs */ public void cacheInput() {...} This writes the file completely into a temp directory, like: /usr/local/Cellar/tomcat7/7.0.55/libexec/temp/cxf-tmp-834340 Also, if we do use: LoggingInInterceptor The file save will be triggered by this filter before the authentication. I would think the writing to disk doesn't need to happen under a failed authentication. I am not sure if this is behaving as planned, it is a bug or I am doing something wrong. Any comments will be appreciated. Thanks a lot.
