Suppress Stacktrace in Jetty

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Suppress Stacktrace in Jetty

aniketband
Hello All,We are using Karaf version 4.2.4 with Jetty version 9.3.27 (after
patch https://ops4j1.jira.com/browse/PAXWEB-1205) When there are some rest
services deployed on it and are available also working fine.With this patch
when a rest service is invoked, it does not show the version of the Jetty in
response anymore .When we try to invoke a Rest service with GET operation
and provide parameters which are not really valid. e.g. in the query URL
parameter value added/appended as paramName=abec%a?aa=aThen we get
Stacktrace on the web browser with 500 http Error code.Due to security
reasons (Rest service is a public URL) Customer would like to suppress it.
Is there a way to do it?I was able to find a few things on internet though
they are applicable for web applications. Not sure how to apply the same on
karaf
container.http://jetty.4.x6.nabble.com/jetty-users-How-to-prevent-Jetty-from-outputting-stacktraces-td4961272.htmlhttps://ops4j1.jira.com/browse/PAXWEB-352ThanksAniket



--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Reply | Threaded
Open this post in threaded view
|

Re: Suppress Stacktrace in Jetty

jbonofre
Hi,

Are you sure about the version ? Karaf 4.2.4 uses Jetty 9.4.18:

https://github.com/apache/karaf/blob/karaf-4.2.4/pom.xml

Maybe you are talking about Karaf 4.0.x ?

I guess by stack trace, you mean the stack trace display on the URL (not
the trace in the log or output stream).

Did you register an error handler on the HttpService ?

Regards
JB

On 05/09/2019 09:47, aniketband wrote:

> Hello All,We are using Karaf version 4.2.4 with Jetty version 9.3.27 (after
> patch https://ops4j1.jira.com/browse/PAXWEB-1205) When there are some rest
> services deployed on it and are available also working fine.With this patch
> when a rest service is invoked, it does not show the version of the Jetty in
> response anymore .When we try to invoke a Rest service with GET operation
> and provide parameters which are not really valid. e.g. in the query URL
> parameter value added/appended as paramName=abec%a?aa=aThen we get
> Stacktrace on the web browser with 500 http Error code.Due to security
> reasons (Rest service is a public URL) Customer would like to suppress it.
> Is there a way to do it?I was able to find a few things on internet though
> they are applicable for web applications. Not sure how to apply the same on
> karaf
> container.http://jetty.4.x6.nabble.com/jetty-users-How-to-prevent-Jetty-from-outputting-stacktraces-td4961272.htmlhttps://ops4j1.jira.com/browse/PAXWEB-352ThanksAniket
>
>
>
> --
> Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
>

--
Jean-Baptiste Onofré
[hidden email]
http://blog.nanthrax.net
Talend - http://www.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Suppress Stacktrace in Jetty

aniketband
This post was updated on .
Hello JB


By stacktrace I mean what is shown in browser as response. The stacktrace is
in the logs its fine if required we can suppress it.

Its a route with cRest component

We have tried to add following section in Jetty and it did not work.
<New id="webApp" class="org.eclipse.jetty.webapp.WebAppContext"> 
<Set name="contextPath">/servics/MyService/getinfo/</Set> 
<Get name="errorHandler"> 
<Call name="setShowStacks"> 
<Arg type="boolean">false</Arg> 
</Call> 
</Get> 
</New> 

Now I will try next is  
        <Get id="errorHandler"
name="org.eclipse.jetty.osgi.httpservice.HttpServiceErrorPageErrorHandler">
                <Set name="showStacks" type="java.lang.Boolean">false</Set>
        </Get> 

Or the Errorhandler must be custom one?

Thanks



--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Reply | Threaded
Open this post in threaded view
|

Re: Suppress Stacktrace in Jetty

jbonofre
OK, so, it's Karaf 4.0.x with Jetty 9.3.x.

I don't think the webapp in etc/jetty.xml will work with cREST.

A "global" error handler in etc/jetty.xml should work.

Regards
JB

On 05/09/2019 10:29, aniketband wrote:

> Hello JB
>
> This is actually Talend Runtime 7.2.1
>
> By stacktrace I mean what is shown in browser as response. The stacktrace is
> in the logs its fine if required we can suppress it.
>
> Its a route with cRest component which is developed in Talend Studio.
>
> We have tried to add following section in Jetty and it did not work.
> <New id="webApp" class="org.eclipse.jetty.webapp.WebAppContext">
> <Set name="contextPath">/servics/MyService/getinfo/</Set>
> <Get name="errorHandler">
> <Call name="setShowStacks">
> <Arg type="boolean">false</Arg>
> </Call>
> </Get>
> </New>
>
> Now I will try next is  
> <Get id="errorHandler"
> name="org.eclipse.jetty.osgi.httpservice.HttpServiceErrorPageErrorHandler">
> <Set name="showStacks" type="java.lang.Boolean">false</Set>
> </Get>
>
> Or the Errorhandler must be custom one?
>
> Thanks
>
>
>
> --
> Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
>

--
Jean-Baptiste Onofré
[hidden email]
http://blog.nanthrax.net
Talend - http://www.talend.com