Thanks a lot Sergey On 21 October 2014 22:45, Sergey Beryozkin <[email protected]> wrote:
> I've updated JAXRSInInterceptor accordingly. The caching was already > disabled in case of 413 but not for other error statuses... > > Cheers, Sergey > > On 21/10/14 17:55, Sergey Beryozkin wrote: > >> Dan has explained to me that it is generally very tricky to cancel the >> complete 'pull' of the whole payload from the client connection, >> especially if HTTPUrlConnection is used to upload the resources... >> >> However it is possible to control at the CXF server side the caching >> process, the only issue there that aborting the request via the standard >> JAX-RS 2.0 filter API does not fit one to one into the CXF internal >> model where the exceptions flow into the chain where no caching is >> enforced... >> >> I'm going to do a bit of work for the requestContext.abortWith() calls >> disabling the caching; in meantime the workaround is to throw some >> runtime exception from the filter which can not be mapped with JAX-RS >> 2.0 ExceptionMapper and register CXF FaultOutInterceptor (in >> jaxrs:outFaultInterceptors) that will react to it and set 401... >> >> Thanks, Sergey >> >> On 21/10/14 15:45, Sergey Beryozkin wrote: >> >>> Never mind, given that you work with the annotations on a matched method >>> it can not have @PreMatch... >>> >>> Cheers, Sergey >>> On 21/10/14 15:42, Sergey Beryozkin wrote: >>> >>>> Hi >>>> >>>> Does your ContainerRequestFilter has a @PreMatch annotation ? >>>> >>>> Cheers, Sergey >>>> On 21/10/14 14:40, Raul Guiu wrote: >>>> >>>>> Hi, >>>>> >>>>> I posted the same question in StackOverflow but didn't got any >>>>> response ( >>>>> http://stackoverflow.com/questions/26470597/cxf-post- >>>>> uploads-a-file-completely-even-after-authentication-error-401). >>>>> >>>>> >>>>> >>>>> I will try to explain it slighly differently here: >>>>> >>>>> Basically we have a POST with a multipart file. Like the following: >>>>> >>>>> @OurOwnSecurityAnnotation(AUTHENTICATED_USER) >>>>> @POST@Path("/file")@Consumes(MediaType.MULTIPART_FORM_DATA)Response >>>>> uploadFile( >>>>> @Multipart("uploadedFile") @ApiParam(name = "uploadedFile", >>>>> value = "File to transfer") Attachment file) >>>>> throws OnDoesNotExistsException; >>>>> >>>>> >>>>> Out authentication process fails (as we expected) on a Filter with: >>>>> >>>>> requestContext.abortWith( >>>>> // code here to create Response with error code 401 >>>>> Unauthorised >>>>> ); >>>>> >>>>> >>>>> Everything seems to work fine. But under the hook the request gets >>>>> blocked >>>>> until the file gets completely uploaded. We have been able to see this >>>>> using a throttled proxy. >>>>> >>>>> This is initialed in: >>>>> >>>>> JAXRSOutInterceptor >>>>> >>>>> And the blocking part of the call happens in the class >>>>> DelegatingInputStream: >>>>> >>>>> /** >>>>> * Read the entire original input stream and cache it. Useful >>>>> * if switching threads or doing something where the original >>>>> * stream may not be valid by the time the next read() occurs >>>>> */ >>>>> public void cacheInput() {...} >>>>> >>>>> This writes the file completely into a temp directory, like: >>>>> >>>>> /usr/local/Cellar/tomcat7/7.0.55/libexec/temp/cxf-tmp-834340 >>>>> >>>>> >>>>> Also, if we do use: >>>>> >>>>> LoggingInInterceptor >>>>> >>>>> The file save will be triggered by this filter before the >>>>> authentication. >>>>> >>>>> I would think the writing to disk doesn't need to happen under a failed >>>>> authentication. >>>>> >>>>> I am not sure if this is behaving as planned, it is a bug or I am doing >>>>> something wrong. >>>>> >>>>> Any comments will be appreciated. >>>>> >>>>> Thanks a lot. >>>>> >>>>> >>>> >>> >>> >> >
