Skip to content

Commit

Permalink
Changes in this commit: (#2727)
Browse files Browse the repository at this point in the history
1. Upgrade to Jersey 2.33
2. Configuration via system properties for the Jersey Client API. Any response in an exception will be mapped to an empty one to prevent data leaks. See eclipse-ee4j/jersey#4641.

Signed-off-by: Santiago Pericasgeertsen <santiago.pericasgeertsen@oracle.com>
  • Loading branch information
spericas authored Feb 2, 2021
1 parent 68f15bd commit 0f52c76
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 11 deletions.
2 changes: 1 addition & 1 deletion dependencies/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@
<version.lib.jboss.transaction-api>1.0.0.Final</version.lib.jboss.transaction-api>
<version.lib.jboss.transaction-spi>7.6.0.Final</version.lib.jboss.transaction-spi>
<version.lib.jedis>3.1.0</version.lib.jedis>
<version.lib.jersey>2.32</version.lib.jersey>
<version.lib.jersey>2.33</version.lib.jersey>
<version.lib.jms-api>2.0</version.lib.jms-api>
<version.lib.jsonb-api>1.0.2</version.lib.jsonb-api>
<version.lib.jsonp-api>1.1.6</version.lib.jsonp-api>
Expand Down
7 changes: 1 addition & 6 deletions security/integration/jersey/pom.xml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (c) 2017, 2020 Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2017, 2021 Oracle and/or its affiliates. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -131,10 +131,5 @@
<artifactId>helidon-webserver-jersey</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>jakarta.activation</groupId>
<artifactId>jakarta.activation-api</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
</project>
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, 2020 Oracle and/or its affiliates.
* Copyright (c) 2017, 2021 Oracle and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -49,8 +49,8 @@
import io.helidon.webserver.ServerResponse;
import io.helidon.webserver.Service;

import io.opentracing.Span;
import io.opentracing.SpanContext;
import org.glassfish.jersey.CommonProperties;
import org.glassfish.jersey.internal.PropertiesDelegate;
import org.glassfish.jersey.internal.util.collection.Ref;
import org.glassfish.jersey.server.ApplicationHandler;
Expand Down Expand Up @@ -98,7 +98,6 @@ public class JerseySupport implements Service {

private static final Type REQUEST_TYPE = (new GenericType<Ref<ServerRequest>>() { }).getType();
private static final Type RESPONSE_TYPE = (new GenericType<Ref<ServerResponse>>() { }).getType();
private static final Type SPAN_TYPE = (new GenericType<Ref<Span>>() { }).getType();
private static final Type SPAN_CONTEXT_TYPE = (new GenericType<Ref<SpanContext>>() { }).getType();
private static final AtomicReference<ExecutorService> DEFAULT_THREAD_POOL = new AtomicReference<>();

Expand All @@ -108,6 +107,18 @@ public class JerseySupport implements Service {
private final HelidonJerseyContainer container;
private final Thread serviceShutdownHook;

/**
* This configuration via system properties is for the Jersey Client API. Any
* response in an exception will be mapped to an empty one to prevent data leaks.
* See https://github.com/eclipse-ee4j/jersey/pull/4641.
*/
static final String IGNORE_EXCEPTION_RESPONSE = "jersey.config.client.ignoreExceptionResponse";

static {
System.setProperty(CommonProperties.ALLOW_SYSTEM_PROPERTIES_PROVIDER, "true");
System.setProperty(IGNORE_EXCEPTION_RESPONSE, "true");
}

/**
* Creates a Jersey Support based on the provided JAX-RS application.
*
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, 2020 Oracle and/or its affiliates.
* Copyright (c) 2017, 2021 Oracle and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -33,9 +33,11 @@

import io.helidon.common.http.HttpRequest;

import org.glassfish.jersey.CommonProperties;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;

import static io.helidon.webserver.jersey.JerseySupport.IGNORE_EXCEPTION_RESPONSE;
import static io.helidon.webserver.jersey.JerseySupport.basePath;
import static org.hamcrest.CoreMatchers.endsWith;
import static org.hamcrest.MatcherAssert.assertThat;
Expand Down Expand Up @@ -332,6 +334,12 @@ public void testBasePath() {
is("/"));
}

@Test
public void testJerseyProperties() {
assertThat(System.getProperty(CommonProperties.ALLOW_SYSTEM_PROPERTIES_PROVIDER), is("true"));
assertThat(System.getProperty(IGNORE_EXCEPTION_RESPONSE), is("true"));
}

static class PathMockup implements HttpRequest.Path {
private final String absolutePath;
private final String path;
Expand Down

0 comments on commit 0f52c76

Please sign in to comment.