New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GET w/ bad Accept header now returns proper error #966
Conversation
final HttpGet get = new HttpGet(serverAddress + id); | ||
get.addHeader("Accept", "application/turtle"); | ||
|
||
try (final CloseableHttpResponse response = execute(get)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there's a getStatus
method in the superclass that does the closing for you.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here's an example of what @ajs6f is suggesting: http://git.io/vEcjc
- When an invalid or unsupported format type was requested the wrong HTTP error code was returned. Now it returns the correct one. Resolves: https://jira.duraspace.org/browse/FCREPO-1840
-Stricter mime-type checking Resolves: https://jira.duraspace.org/browse/FCREPO-1840
public Response describe(@HeaderParam("Range") final String rangeValue) throws IOException { | ||
checkCacheControlHeaders(request, servletResponse, resource(), session); | ||
|
||
LOGGER.info("GET resource '{}'", externalPath); | ||
|
||
final ImmutableList<MediaType> acceptableMediaTypes = | ||
new ImmutableList.Builder<MediaType>().addAll(headers.getAcceptableMediaTypes()).build(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use the static factory method ImmutableList.builder()
, and acceptableMediaTypes
can just be typed List<MediaType>
. Actually, do you really need to copy the value of getAcceptableMediaTypes()
over at all?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, I don't think so, but I was trying to prevent a few function calls to access that list. I could just call headers.getAcceptableMediaTypes()
whenever I need the list, or just use a
final List<MediaType> acceptableMediaTypes = headers.getAcceptableMediaTypes();
Which way is preferred in Java?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given that the result of getAcceptableMediaTypes()
isn't likely to change in the course of this method, I think final List<MediaType> acceptableMediaTypes = headers.getAcceptableMediaTypes();
is fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just for the record, function calls in Java are incredibly cheap (JIT). Creating short-lived objects is what you really want to avoid.
@@ -67,10 +67,11 @@ | |||
|
|||
public static final List<Variant> POSSIBLE_RDF_VARIANTS = mediaTypes( | |||
RDF_XML_TYPE, TURTLE_TYPE, N3_TYPE, N3_ALT2_TYPE, NTRIPLES_TYPE, APPLICATION_XML_TYPE, | |||
TEXT_PLAIN_TYPE, TURTLE_X_TYPE, JSON_LD_TYPE).add().build(); | |||
TEXT_PLAIN_TYPE, TURTLE_X_TYPE, JSON_LD_TYPE, TEXT_HTML_TYPE, APPLICATION_XHTML_XML_TYPE).add().build(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have serious concerns about introducing arguably incorrect RDF variants: html and xhtml.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By what means could Fedora possibly be producing HTML RDF output? Are you thinking about the HTML "admin" presentation?
Reverted back to simpler mime-type checking. Changed the method name from describe(...) to getResource(...). Let me know what you think. |
Thanks, @bseeger. |
First question: Yes! it now returns a 406 if someone requests an invalid mime-type on a RdfResource Second question: Yes! You can't specify the mime-type for a binary, you'll get a 406 every time you do - even if you pick the correct mime-type. And... and... I'm not sure what to do with this. I can put the |
Thanks again, @bseeger. Your summary is helpful for expectation-setting. |
No, it's not insane and it may be as good as we can do. But it is weird. Are we saying that if I stick in a binary, then request it with the correct mimetype, I will still get an error? |
Yes, you will get a 406. It is weird, though unless we list all the relevant mime-types for binaries in the @produces line, we would need to do our own mime-type checking further down (or fix the larger issue of both Rdf and Non-Rdf resources being fetched via the same method). |
Well, we definitely can't list all the relevant mimetypes, because we don't know them! :) |
After testing this updated PR, I will add one point of clarification to the comments above:
I would suggest adding to the current PR a simple check in "ContentExposingResource.getContent()" before line:194 for a match of the |
With the PR the way it currently is, a GET request for a Binary with an Accept header would never get that far - because the I realize this is outside the scope of the bug, but how crazy would it be to reverse the semantics for getting a binary and it's associated metadata. Ie, take out the Meaning, if ... I have no clue how what I'm suggesting would impact current users. Might be an absolutely terrible idea. |
That's what we used to do, except it was |
@bseeger, When a p.s. I do not think revisiting the |
Thanks for the clarification, @awoods. I see the distinction now. Yes, I'm all for adding that mime-type checking before line:194 as described above. I can add that today. |
@ajs6f @bseeger it wasn't my idea, but I can point you to a couple of relevant posts: IIRC: Our experience back in the early beta was that this issue set you chasing your own tail about various bad implementation experiences as a consequence of JAXRS & JCR, but that this approach minimized the weirdness required of the client to know about where & what to POST or DELETE to manage LDP-NRs. |
|
Now I wish we had taken the high road and refused to use any magic URLs. When people create bitstreams, we could have returned the URI of the description in a header. We could have done the work of decoupling hierarchy and lifecycle. We would have been much better off in the long run. |
But we do this! When you create a bitstream, the URI of the description is On Mon, Feb 15, 2016 at 10:47 AM, A. Soroka notifications@github.com
|
May I suggest creating a GitHub issue for the |
Then why do we need |
The latest commit fixes the loophole where asking for a binary with Accept header containing a mime-type listed in the @produces line, but not the binary's actual mime-type, returned the resource. Now, if the mime-type of the binary does not match a mime-type requested in the Accept field, a 406 will be returned instead. I had to introduce this change in the FedoraLdp.java file before the getContent() call because it seems you have to have the header info complete before the response builder (in getContent()) calls build(). I'm open to moving things around, this just seemed the cleanest of all the options I thought about and tried. |
@bseeger, please put the JIRA ticket back into "Review" if you are ready. |
Resolved with: 825d26f |
HTTP error code was returned. Now it returns the correct one.
Resolves: https://jira.duraspace.org/browse/FCREPO-1840