From e2ff301209a8b796aea4966c1b3013bf27e05381 Mon Sep 17 00:00:00 2001 From: Stuart Douglas Date: Wed, 8 Jul 2020 11:42:48 +1000 Subject: [PATCH] Don't send body with 403 In most cases the client is not a browser. Fixes #5998 --- .../io/quarkus/resteasy/runtime/ForbiddenExceptionMapper.java | 3 ++- .../test/java/io/quarkus/jwt/test/RolesAllowedUnitTest.java | 4 ---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/extensions/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/ForbiddenExceptionMapper.java b/extensions/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/ForbiddenExceptionMapper.java index b9ed6e3e88a7e..8a4a5c4f29140 100644 --- a/extensions/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/ForbiddenExceptionMapper.java +++ b/extensions/resteasy/runtime/src/main/java/io/quarkus/resteasy/runtime/ForbiddenExceptionMapper.java @@ -14,8 +14,9 @@ @Provider @Priority(Priorities.USER + 1) public class ForbiddenExceptionMapper implements ExceptionMapper { + @Override public Response toResponse(ForbiddenException exception) { - return Response.status(403).entity("Forbidden").build(); + return Response.status(403).build(); } } diff --git a/extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/RolesAllowedUnitTest.java b/extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/RolesAllowedUnitTest.java index f81495b569d00..b9983c650c2d8 100644 --- a/extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/RolesAllowedUnitTest.java +++ b/extensions/smallrye-jwt/deployment/src/test/java/io/quarkus/jwt/test/RolesAllowedUnitTest.java @@ -170,8 +170,6 @@ public void callEcho2() { .get("/endp/echo2").andReturn(); Assertions.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, response.getStatusCode()); - String replyString = response.body().asString(); - Assertions.assertEquals("Forbidden", replyString); } /** @@ -245,8 +243,6 @@ public void echoWithToken2() throws Exception { .get("/endp/echo").andReturn(); Assertions.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, response.getStatusCode()); - String replyString = response.body().asString(); - Assertions.assertEquals("Forbidden", replyString); } /**