Dear all, I am testing on a REST api, running on CXF 3.1.6 over pax-web 4.2.6. The API accepts a header "Authorization".
The problem is that if the value is provided for the header, everything is fine and the behaviour is expected (HTTP status 401 or 200, depending if the value is correct or not). However, if the header is an empty String, the following exception is thrown: java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 at java.util.ArrayList.rangeCheck(ArrayList.java:653)[:1.8.0_102] at java.util.ArrayList.get(ArrayList.java:429)[:1.8.0_102] at org.apache.cxf.transport.http.Headers.getAuthorization(Headers.java:528)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5] at org.apache.cxf.transport.http.AbstractHTTPDestination.setupMessage(AbstractHTTPDestination.java:390)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5] at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:238)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5] at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5] at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5] at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5] at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:298)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:222)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5] at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)[73:javax.servlet-api:3.1.0] at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:273)[121:org.apache.cxf.cxf-rt-transports-http:3.1.5] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)[175:org.eclipse.jetty.servlet:9.2.15.v20160210] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587)[175:org.eclipse.jetty.servlet:9.2.15.v20160210] at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:71)[199:org.ops4j.pax.web.pax-web-jetty:4.2.6] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)[174:org.eclipse.jetty.server:9.2.15.v20160210] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)[173:org.eclipse.jetty.security:9.2.15.v20160210] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)[174:org.eclipse.jetty.server:9.2.15.v20160210] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)[174:org.eclipse.jetty.server:9.2.15.v20160210] at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:276)[199:org.ops4j.pax.web.pax-web-jetty:4.2.6] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)[175:org.eclipse.jetty.servlet:9.2.15.v20160210] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)[174:org.eclipse.jetty.server:9.2.15.v20160210] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)[174:org.eclipse.jetty.server:9.2.15.v20160210] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)[174:org.eclipse.jetty.server:9.2.15.v20160210] at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80)[199:org.ops4j.pax.web.pax-web-jetty:4.2.6] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)[174:org.eclipse.jetty.server:9.2.15.v20160210] at org.eclipse.jetty.server.Server.handle(Server.java:499)[174:org.eclipse.jetty.server:9.2.15.v20160210] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)[174:org.eclipse.jetty.server:9.2.15.v20160210] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)[174:org.eclipse.jetty.server:9.2.15.v20160210] at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)[166:org.eclipse.jetty.io:9 .2.15.v20160210] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)[177:org.eclipse.jetty.util:9.2.15.v20160210] at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)[177:org.eclipse.jetty.util:9.2.15.v20160210] at java.lang.Thread.run(Thread.java:745)[:1.8.0_102] The returned response body is an HTML, showing the stacktrace. May I know if there's a way to alter this behaviour to return an empty response body and/or throw an application exception? Thanks. Regards, Allan C.
