Uploaded image for project: 'Spring Data REST'
  1. Spring Data REST
  2. DATAREST-26

Parameters for executing query methods not checked properly

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Complete
    • Affects Version/s: 1.0.0.RC1
    • Fix Version/s: 1.0.0.RC2
    • Component/s: None
    • Labels:
      None

      Description

      Calling a finder method without the parameters needed seems to result in handling null values into the query method execution:

      org.springframework.dao.DataRetrievalFailureException: nested exception is java.lang.reflect.InvocationTargetException
      	at org.springframework.data.rest.webmvc.RepositoryRestController.query(RepositoryRestController.java:488)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      	at java.lang.reflect.Method.invoke(Method.java:597)
      	at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:213)
      	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:126)
      	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:96)
      	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:617)
      	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:578)
      	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
      	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
      	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
      	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
      	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
      	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:643)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:450)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1067)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:377)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:192)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1001)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
      	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250)
      	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:149)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111)
      	at org.eclipse.jetty.server.Server.handle(Server.java:360)
      	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:454)
      	at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:890)
      	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:944)
      	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:630)
      	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:230)
      	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:77)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:622)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:46)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:603)
      	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:538)
      	at java.lang.Thread.run(Thread.java:680)
      Caused by: java.lang.reflect.InvocationTargetException
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      	at java.lang.reflect.Method.invoke(Method.java:597)
      	at org.springframework.data.rest.webmvc.RepositoryRestController.query(RepositoryRestController.java:426)
      	... 41 more
      Caused by: org.springframework.dao.InvalidDataAccessApiUsageException: [Assertion failed] - this argument is required; it must not be null; nested exception is java.lang.IllegalArgumentException: [Assertion failed] - this argument is required; it must not be null
      	at org.springframework.orm.jpa.EntityManagerFactoryUtils.convertJpaAccessExceptionIfPossible(EntityManagerFactoryUtils.java:301)
      	at org.springframework.orm.jpa.vendor.HibernateJpaDialect.translateExceptionIfPossible(HibernateJpaDialect.java:106)
      	at org.springframework.dao.support.ChainedPersistenceExceptionTranslator.translateExceptionIfPossible(ChainedPersistenceExceptionTranslator.java:58)
      	at org.springframework.dao.support.DataAccessUtils.translateIfNecessary(DataAccessUtils.java:213)
      	at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:163)
      	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
      	at org.springframework.data.jpa.repository.support.LockModeRepositoryPostProcessor$LockModePopulatingMethodIntercceptor.invoke(LockModeRepositoryPostProcessor.java:91)
      	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
      	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90)
      	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
      	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
      	at $Proxy57.findByDescriptionContaining(Unknown Source)
      	... 46 more
      Caused by: java.lang.IllegalArgumentException: [Assertion failed] - this argument is required; it must not be null
      	at org.springframework.util.Assert.notNull(Assert.java:112)
      	at org.springframework.util.Assert.notNull(Assert.java:123)
      	at org.springframework.data.jpa.repository.query.ParameterMetadataProvider$ParameterMetadata.prepare(ParameterMetadataProvider.java:156)
      	at org.springframework.data.jpa.repository.query.CriteriaQueryParameterBinder.bind(CriteriaQueryParameterBinder.java:68)
      	at org.springframework.data.jpa.repository.query.ParameterBinder.bind(ParameterBinder.java:108)
      	at org.springframework.data.jpa.repository.query.PartTreeJpaQuery$CountQueryPreparer.invokeBinding(PartTreeJpaQuery.java:196)
      	at org.springframework.data.jpa.repository.query.PartTreeJpaQuery$QueryPreparer.createQuery(PartTreeJpaQuery.java:121)
      	at org.springframework.data.jpa.repository.query.PartTreeJpaQuery.doCreateCountQuery(PartTreeJpaQuery.java:82)
      	at org.springframework.data.jpa.repository.query.AbstractJpaQuery.createCountQuery(AbstractJpaQuery.java:148)
      	at org.springframework.data.jpa.repository.query.JpaQueryExecution$PagedExecution.doExecute(JpaQueryExecution.java:99)
      	at org.springframework.data.jpa.repository.query.JpaQueryExecution.execute(JpaQueryExecution.java:55)
      	at org.springframework.data.jpa.repository.query.AbstractJpaQuery.doExecute(AbstractJpaQuery.java:95)
      	at org.springframework.data.jpa.repository.query.AbstractJpaQuery.execute(AbstractJpaQuery.java:85)
      	at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.invoke(RepositoryFactorySupport.java:313)
      	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
      	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
      	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
      	at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:155)
      	... 53 more

      The exception in ParameterMetadataProvider is thrown if someone hands null into the method massaging the String parameter for Contains keywords where piping in null obviously doesn't make much sense.

      The controller should reject GET requests without the necessary parameters provided.

        Activity

        Hide
        jbrisbin Jon Brisbin added a comment -

        Added more complete checking for query parameters. Bad input will result in a 400 Bad Request with a description of the error as JSON in the body of the response.

        Show
        jbrisbin Jon Brisbin added a comment - Added more complete checking for query parameters. Bad input will result in a 400 Bad Request with a description of the error as JSON in the body of the response.

          People

          • Assignee:
            jbrisbin Jon Brisbin
            Reporter:
            olivergierke Oliver Gierke
            Last updater:
            Trevor Marshall
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: