Dan has explained to me that it is generally very tricky to cancel the
complete 'pull' of the whole payload from the client connection,
especially if HTTPUrlConnection is used to upload the resources...
However it is possible to control at the CXF server side the caching
process, the only issue there that aborting the request via the standard
JAX-RS 2.0 filter API does not fit one to one into the CXF internal
model where the exceptions flow into the chain where no caching is
enforced...
I'm going to do a bit of work for the requestContext.abortWith() calls
disabling the caching; in meantime the workaround is to throw some
runtime exception from the filter which can not be mapped with JAX-RS
2.0 ExceptionMapper and register CXF FaultOutInterceptor (in
jaxrs:outFaultInterceptors) that will react to it and set 401...
Thanks, Sergey
On 21/10/14 15:45, Sergey Beryozkin wrote:
Never mind, given that you work with the annotations on a matched method
it can not have @PreMatch...
Cheers, Sergey
On 21/10/14 15:42, Sergey Beryozkin wrote:
Hi
Does your ContainerRequestFilter has a @PreMatch annotation ?
Cheers, Sergey
On 21/10/14 14:40, Raul Guiu wrote:
Hi,
I posted the same question in StackOverflow but didn't got any
response (
http://stackoverflow.com/questions/26470597/cxf-post-uploads-a-file-completely-even-after-authentication-error-401).
I will try to explain it slighly differently here:
Basically we have a POST with a multipart file. Like the following:
@OurOwnSecurityAnnotation(AUTHENTICATED_USER)
@POST@Path("/file")@Consumes(MediaType.MULTIPART_FORM_DATA)Response
uploadFile(
@Multipart("uploadedFile") @ApiParam(name = "uploadedFile",
value = "File to transfer") Attachment file)
throws OnDoesNotExistsException;
Out authentication process fails (as we expected) on a Filter with:
requestContext.abortWith(
// code here to create Response with error code 401
Unauthorised
);
Everything seems to work fine. But under the hook the request gets
blocked
until the file gets completely uploaded. We have been able to see this
using a throttled proxy.
This is initialed in:
JAXRSOutInterceptor
And the blocking part of the call happens in the class
DelegatingInputStream:
/**
* Read the entire original input stream and cache it. Useful
* if switching threads or doing something where the original
* stream may not be valid by the time the next read() occurs
*/
public void cacheInput() {...}
This writes the file completely into a temp directory, like:
/usr/local/Cellar/tomcat7/7.0.55/libexec/temp/cxf-tmp-834340
Also, if we do use:
LoggingInInterceptor
The file save will be triggered by this filter before the
authentication.
I would think the writing to disk doesn't need to happen under a failed
authentication.
I am not sure if this is behaving as planned, it is a bug or I am doing
something wrong.
Any comments will be appreciated.
Thanks a lot.
