search

belgif / rest-problem-java

Java library for RFC 9457 Problems with support for standard problem types of the Belgif REST guide (https://www.belgif.be/specification/rest/api-guide/#error-handling)
https://belgif.github.io/rest-problem-java/
Apache License 2.0
3 stars 0 forks source link

[java-ee] Problem response for missing request body is incorrect #63

Closed clone1612 closed 3 months ago

clone1612 commented 3 months ago

Interfaces for endpoints with a request body are generated like this:

Response authenticate(@Valid @NotNull AuthenticationRequestV2 authenticationRequest);

When sending a request without one request validation results in the following Problem type:

{
    "type": "urn:problem-type:belgif:badRequest",
    "href": "https://www.belgif.be/specification/rest/api-guide/problems/badRequest.html",
    "title": "Bad Request",
    "status": 400,
    "detail": "The input message is incorrect",
    "issues": [
        {
            "type": "urn:problem-type:belgif:input-validation:schemaViolation",
            "title": "Input value is invalid with respect to the schema",
            "detail": "must not be null",
            "in": "query",
            "name": "authenticationRequest"
        }
    ]
}

That response "issues" block has 3 values that seem incorrect:

  1. The "in" is incorrect -> query instead of body
  2. A "name" is returned while that's the interface parameter name, it has no meaning to the client
  3. The "detail" message doesn't refer to the request body

But can we easily determine that the constraint validation exception parameter, e.g. here "authenticationRequest" was actually a body? Spring has the @RequestBody annotation but we don't have an equivalent for jax-rs.

jpraet commented 3 months ago

We have some fallback code defaulting to InEnum.QUERY

https://github.com/belgif/rest-problem-java/blob/0571d81db58f69434b9673dfa9f64540b1773c3e/belgif-rest-problem-java-ee/src/main/java/io/github/belgif/rest/problem/internal/ConstraintViolationUtil.java#L77

https://github.com/belgif/rest-problem-java/blob/0571d81db58f69434b9673dfa9f64540b1773c3e/belgif-rest-problem-java-ee/src/main/java/io/github/belgif/rest/problem/internal/ConstraintViolationUtil.java#L83

Maybe one or both of these should be changed to InEnum.BODY?

For reference, could you give an example of what a missing request body issue looks like when thrown by APIGW?

clone1612 commented 3 months ago

APIGW returns the following:

{
    "type": "urn:problem-type:belgif:badRequest",
    "href": "https://www.belgif.be/specification/rest/api-guide/problems/badRequest.html",
    "title": "Bad Request",
    "status": 400,
    "detail": "The input message is incorrect",
    "issues": [
        {
            "type": "urn:problem-type:belgif:input-validation:schemaViolation",
            "title": "Input value is invalid with respect to the schema",
            "in": "body",
            "detail": "is required",
        }
    ]
}

Its detail message can/should also be improved.

jpraet commented 3 months ago

The spec says non-annotated JAX-RS parameters are mapped to the request body.

64 fixes the "in": "query" -> "in": "body".