当资源引发异常时，RestEasy重置所有标头

Question

I've uncovered something strange while using resteasy-jaxrs in a Cors enabled jBoss server. Here's the setup:

Our server has thetransactioncompany.com's CorsFilter (v1.3.2) enabled as a servlet filter to enable CORS and add the appropriate CORS headers to the HttpServletResponse object.

The server itself is using resteasy-jaxrs (v2.3.2.Final) to serve JSON endpoints to power our app, obviously running on a separate domain.

The issue is that if one of my endpoint methods generates any type of exception (NPE, UnauthorizedException, InternalServerErrorException), as a part of preparing the response, RestEasy makes the call

(HttpServletResponse)response.reset() 

which clears out my CORS headers. This causes Chrome to rightly act as if the request should be canceled. This is really inconvenient for my front end dev who needs those error codes.

Two questions:

1. Why would RestEasy want to clear those headers?
2. Has anyone else run across this and have any workarounds?

Answer 1

I am actually surprised to see that you have encountered this behavior since I've never seen it, and I certainly have generated plenty of exceptions in my day.

Regardless, consider writing a custom ExceptionMapper as described here . You can populate the response with your CORS headers and return it from toResponse along with the appropriate error information.

Answer 2

I ran into this issue too, and I had a workaround by using a response wrapper

class CorsHeaderResponseWrapper extends HttpServletResponseWrapper{

    public CorsHeaderResponseWrapper(HttpServletResponse resp) {
        super(resp);
        setCorsHeader();
    }

    void setCorsHeader(){
        HttpServletResponse resp = (HttpServletResponse)getResponse();
        //set cors header here
    }

    public void reset(){
        super.reset();
        //set again if anyone reset it
        setCorsHeader();
    }

}

when calling doFilter

chain.doFilter(req, new CorsHeaderResponseWrapper(resp));