[Minor] Handle 403 response to send the message as HTTP response

[eaugene]

The message from WebApplicationException Permission Denied is not sent back as HTTP response from broker. This minor patch fixes that.

Existing

$ curl -X POST "http://<host:port>/query/sql"      -H "Content-Type: application/json"      -d '{"sql":"<QUERY>", "queryOptions": "useMultistageEngine=true"}' -v
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying <IP>...
* TCP_NODELAY set
* Connected to <HOST> (<IP>) port <port> (#0)
> POST /query/sql HTTP/1.1
> Host: <host:port>
> User-Agent: curl/7.64.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 158
> 
* upload completely sent off: 158 out of 158 bytes
< HTTP/1.1 403 Forbidden
< Content-Length: 0
< 
* Connection #0 to host <host> left intact

With this Change

$ curl -X POST "http://<host:port>/query/sql"      -H "Content-Type: application/json"      -d '{"sql":"<QUERY>", "queryOptions": "useMultistageEngine=true"}' -v
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying <IP>...
* TCP_NODELAY set
* Connected to <HOST> (<IP>) port <port> (#0)
> POST /query/sql HTTP/1.1
> Host: <host:port>
> User-Agent: curl/7.64.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 158
> 
* upload completely sent off: 158 out of 158 bytes
< HTTP/1.1 403 Forbidden
< Content-Type: application/json
< Content-Length: <50>
< 
* Connection #0 to host <HOST> left intact
{"code":403,"error":"Permission denied"}

This would be useful when the failed table names are returned as from the change made in #13195

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 62.12%. Comparing base (59551e4) to head (1853118).
Report is 536 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff              @@
##             master   #13292      +/-   ##
============================================
+ Coverage     61.75%   62.12%   +0.37%     
+ Complexity      207      198       -9     
============================================
  Files          2436     2536     +100     
  Lines        133233   139291    +6058     
  Branches      20636    21530     +894     
============================================
+ Hits          82274    86531    +4257     
- Misses        44911    46281    +1370     
- Partials       6048     6479     +431     

Flag	Coverage Δ
custom-integration1	<0.01% <0.00%> (-0.01%)	⬇️
integration	<0.01% <0.00%> (-0.01%)	⬇️
integration1	<0.01% <0.00%> (-0.01%)	⬇️
integration2	0.00% <0.00%> (ø)
java-11	62.09% <100.00%> (+0.38%)	⬆️
java-21	62.00% <100.00%> (+0.38%)	⬆️
skip-bytebuffers-false	62.11% <100.00%> (+0.36%)	⬆️
skip-bytebuffers-true	61.97% <100.00%> (+34.25%)	⬆️
temurin	62.12% <100.00%> (+0.37%)	⬆️
unittests	62.11% <100.00%> (+0.37%)	⬆️
unittests1	46.66% <ø> (-0.23%)	⬇️
unittests2	27.77% <100.00%> (+0.04%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[eaugene]

Hi @Jackie-Jiang, can you PTAL for this minor fix?

[Jackie-Jiang]

Good catch on the missing exception mapper. Noticing we have different implementations on controller/broker/server, should we consider using the same provider for all of them?

[eaugene]

@Jackie-Jiang That's a bit more effort I suppose as that requires refactoring the existing exception mappers into a common package ( possibly pinot-spi ) and making them as providers to Jersey Starter. At present using '@Provider' binds exception mapper in the runtime. How about creating that refactoring as a starter task in issues for interested folks to pick it up?