New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ServerJacksonMessageBodyReader and JacksonBasicMessageBodyReader "should" catch JsonProcessingException #29316
Comments
/cc @evanchooly, @geoand, @gsmet |
As a side note, the work-around is easy; just posting this bug to help keep the intention of the ServerJacksonMessageBodyReader pure. |
Are you sure that |
We could certainly be more targeted. JsonProcessingException seemed appropriate to me. That said, there are two general issues I am hoping to address:
Looking at the docs, there are basically two paths through Jackson, parsing and generating. JsonProcessingException is used in both paths, so in that sense, it is too broad. However, in the context of a MessgeBodyReader, only the parsing path is exercised. The other place that it may be too broad is with InvalidDefinitionException, which generally would indicate a problem with the target type definition and not necessarily the input. Generally, I would expect a mistake that would prevent de-serialization to be caught in unit tests, but when used in a broader framework like Quarkus, it is probably naive to think unit tests would be used that vigorously. So ... While JsonProcessingException works for our case, it would probably be better to be surgical and catch the following Exceptions:
There maybe others, but I haven't done an exhaustive search. Thoughts? |
I think this is the safest thing to do. Would you like to contribute this fix? |
Sure |
@damonsutherland just checking in: are you still up for making this contribution or do you want me to add the fix? |
Sorry, I’ve been on vacation. I am back today though. I will work on it this afternoon.
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Georgios Andrianakis ***@***.***>
Sent: Monday, November 28, 2022 6:47:46 AM
To: quarkusio/quarkus ***@***.***>
Cc: Damon Sutherland ***@***.***>; Mention ***@***.***>
Subject: Re: [quarkusio/quarkus] ServerJacksonMessageBodyReader and JacksonBasicMessageBodyReader "should" catch JsonProcessingException (Issue #29316)
@damonsutherland<https://github.com/damonsutherland> just checking in: are you still up for making this contribution or do you want me to add the fix?
—
Reply to this email directly, view it on GitHub<#29316 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ACNNTM7WQCNIGKR22CIVYG3WKSZYFANCNFSM6AAAAAASCP4YMA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Thanks for the update! |
@geoand, I wasn't happy with my work and I found a couple things I missed. Just letting you know I am still working on this and will issue a new PR in the next day or so. I would like to close/reject the current PR. Are you OK with that? |
That's perfectly fine, not a problem at all |
@geoand, my replacement PR has been linked above. Thanks again for all your help. |
Describe the bug
When de-serializing JSON in a request, we want to catch client input errors due to malformed data. Unfortunately, we have run into situations where the exception Jackson is throwing is one of several JsonProcessingExceptions, i.e., a JsonMappingException, JsonParseException or DatabindException. As a result, the intended BAD_REQUEST is met with a SERVER_ERROR.
Using ExceptionMappers can work, if we are diligent in catching JsonProcessingException's in any location we use an ObjectMapper. If we are not diligent, then an ExceptionMapper will lead to a client error when it is actually a server error.
Corresponding locations:
JacksonBasicMessageBodyReader
ServerJacksonMessageBodyReader
Updating these locations to catch JsonProcessingException should resolve the issues we are seeing.
Expected behavior
BAD_REQUEST is thrown when input is malformed.
Actual behavior
SERVER_ERROR is thrown.
How to Reproduce?
This is a simplified version of what we are doing, only the details causing the issue are included.
Deserialize with the following line of code (throws a ValueInstantiationException):
When via a controller, i.e., we should get 400 if the request body is "{}".
Output of
uname -a
orver
Darwin Kernel Version 21.6.0: Thu Sep 29 20:12:57 PDT 2022; root:xnu-8020.240.7~1/RELEASE_X86_64
Output of
java -version
17.0.3 (Eclipse Adoptium 17.0.3+7)
GraalVM version (if different from Java)
No response
Quarkus version or git rev
2.8.3-Final
Build tool (ie. output of
mvnw --version
orgradlew --version
)------------------------------------------------------------ Gradle 7.3 ------------------------------------------------------------ Build time: 2021-11-09 20:40:36 UTC Revision: 96754b8c44399658178a768ac764d727c2addb37 Kotlin: 1.5.31 Groovy: 3.0.9 Ant: Apache Ant(TM) version 1.10.11 compiled on July 10 2021 JVM: 17.0.3 (Eclipse Adoptium 17.0.3+7) OS: Mac OS X 12.6.1 x86_64
Additional information
No response
The text was updated successfully, but these errors were encountered: