users@jersey.java.net

[Jersey] Security Annotations with Jersey 1.15 and tomcat 7

From: Charles R. Fornof <Charles.Fornof_at_radiancetech.com>
Date: Tue, 29 Jul 2014 11:34:25 -0500

Hello,
I posted most of my details and (basic) source on Stack Overflow http://stackoverflow.com/questions/25020194/jersey-security-annotations-on-tomcat-7
mainly I’m wondering, are security annotations (@RolesAllowed, etc) possible with Jersey 1.15 on Tomcat?
Also, is there more documentation on security annotation? – I’m not sure if I set it up correctly / registered users right –
I followed 15.1.2.2 https://jersey.java.net/documentation/latest/security.html#d0e10680 – but was not quite able to get that working , so I ended up using a slightly different configuration.
Source is here: https://github.com/fornof/TomRESTTest/tree/master

Jersey is letting firefox access GET methods if the @RolesAllowed() is set to anything other than admin, so something is dropping, I’m trying to figure out what.

-Charles R. Fornof


From: Philipp Marx [mailto:smigfu_at_googlemail.com]
Sent: Tuesday, July 29, 2014 10:59 AM
To: users_at_jersey.java.net
Subject: [Jersey] NPE in FormDataParamValueFactoryProvider if body and content-type is missing

Hi,


I have the following endpoint in my application:

@PUT
@Produces(APPLICATION_JSON)
@Consumes(MULTIPART_FORM_DATA)
@Transactional
public Response updateData(@FormDataParam(":data") final InputStream data)
{
   // do stuff
}

If I call this endpoint without a multipart body and no content-type I end up in a NPE (see below).

If I call this endpoint without a multipart body and content-type "multipart/form-data" I receive a proper 400 response.

If I call this endpoint without a multipart body and content-type "text/plain" I receive a proper 415 response.

Is this is a know issue or am I anticipating something wrong here?

This is the (shortend) NPE stacktrace:

java.lang.NullPointerException
            at org.glassfish.jersey.media.multipart.internal.FormDataParamValueFactoryProvider$FormDataParamValueFactory.provide(FormDataParamValueFactoryProvider.java:203)[32:org.glassfish.jersey.media.jersey-media-multipart:2.9.0]
            at org.glassfish.jersey.server.spi.internal.ParameterValueHelper.getParameterValues(ParameterValueHelper.java:81)[89:org.glassfish.jersey.core.jersey-server:2.9.0]
            at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$AbstractMethodParamInvoker.getParamValues(JavaResourceMethodDispatcherProvider.java:121)[89:org.glassfish.jersey.core.jersey-server:2.9.0]
            at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:152)[89:org.glassfish.jersey.core.jersey-server:2.9.0]
            at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:104)[89:org.glassfish.jersey.core.jersey-server:2.9.0]
            at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:387)[89:org.glassfish.jersey.core.jersey-server:2.9.0]
            at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:331)[89:org.glassfish.jersey.core.jersey-server:2.9.0]
            at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:103)[89:org.glassfish.jersey.core.jersey-server:2.9.0]
            at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:269)[89:org.glassfish.jersey.core.jersey-server:2.9.0]

Thanks!

Cheers
Philipp