Hi,
I posted the same question in StackOverflow but didn't got any response (
http://stackoverflow.com/questions/26470597/cxf-post-uploads-a-file-completely-even-after-authentication-error-401).
I will try to explain it slighly differently here:
Basically we have a POST with a multipart file. Like the following:
@OurOwnSecurityAnnotation(AUTHENTICATED_USER)
@POST [ at ] Path("/file")@Consumes(MediaType.MULTIPART_FORM_DATA)Response
uploadFile(
@Multipart("uploadedFile") @ApiParam(name = "uploadedFile",
value = "File to transfer") Attachment file)
throws OnDoesNotExistsException;
Out authentication process fails (as we expected) on a Filter with:
requestContext.abortWith(
// code here to create Response with error code 401 Unauthorised
);
Everything seems to work fine. But under the hook the request gets blocked
until the file gets completely uploaded. We have been able to see this
using a throttled proxy.
This is initialed in:
JAXRSOutInterceptor
And the blocking part of the call happens in the class
DelegatingInputStream:
/**
* Read the entire original input stream and cache it. Useful
* if switching threads or doing something where the original
* stream may not be valid by the time the next read() occurs
*/
public void cacheInput() {...}
This writes the file completely into a temp directory, like:
/usr/local/Cellar/tomcat7/7.0.55/libexec/temp/cxf-tmp-834340
Also, if we do use:
LoggingInInterceptor
The file save will be triggered by this filter before the authentication.
I would think the writing to disk doesn't need to happen under a failed
authentication.
I am not sure if this is behaving as planned, it is a bug or I am doing
something wrong.
Any comments will be appreciated.
Thanks a lot.
I posted the same question in StackOverflow but didn't got any response (
http://stackoverflow.com/questions/26470597/cxf-post-uploads-a-file-completely-even-after-authentication-error-401).
I will try to explain it slighly differently here:
Basically we have a POST with a multipart file. Like the following:
@OurOwnSecurityAnnotation(AUTHENTICATED_USER)
@POST [ at ] Path("/file")@Consumes(MediaType.MULTIPART_FORM_DATA)Response
uploadFile(
@Multipart("uploadedFile") @ApiParam(name = "uploadedFile",
value = "File to transfer") Attachment file)
throws OnDoesNotExistsException;
Out authentication process fails (as we expected) on a Filter with:
requestContext.abortWith(
// code here to create Response with error code 401 Unauthorised
);
Everything seems to work fine. But under the hook the request gets blocked
until the file gets completely uploaded. We have been able to see this
using a throttled proxy.
This is initialed in:
JAXRSOutInterceptor
And the blocking part of the call happens in the class
DelegatingInputStream:
/**
* Read the entire original input stream and cache it. Useful
* if switching threads or doing something where the original
* stream may not be valid by the time the next read() occurs
*/
public void cacheInput() {...}
This writes the file completely into a temp directory, like:
/usr/local/Cellar/tomcat7/7.0.55/libexec/temp/cxf-tmp-834340
Also, if we do use:
LoggingInInterceptor
The file save will be triggered by this filter before the authentication.
I would think the writing to disk doesn't need to happen under a failed
authentication.
I am not sure if this is behaving as planned, it is a bug or I am doing
something wrong.
Any comments will be appreciated.
Thanks a lot.