I am quite new to JAX-RS and RESTEasy and there is one thing I really don't understand. Let me first describe what we did:

• We are using JBoss AS 7.2 (yes, that old one) with RESTEasy 2.3.5 for machine-to-machine communication.
• We wrote one service that accepts a POST message and does not return a body. Using JAX-RS annotations that is mapped to a Java interface with a void method.
• The service should allow only secure (HTTPS) communication, no HTTP. To prevent accidential usage of HTTP, we set transport-guarantee to CONFIDENTIAL. Thus, each HTTP request leads to a response with a status code 302 and the HTTPS location.
• Now someone accidentially configured a HTTP URL instead of HTTPS. The server answered with a 302 status code and the proper location. Unfortunately, the client neither followed the redirect nor raised an exception. Thus, it gave no indication that the call did not go through.

With regard to the RFC for the HTTP status codes, I understand that there should be no automatic redirect for the POST method. I would have expected that an exception is raised. Instead, the issue is just ignored, giving the client application no chance at all to detect that the call it just made did not arrive where it should be. Why is that the case and how do I do that properly?

I do not believe that a library like RESTEasy does not allow to handle this situation properly, so I'm sure I am using it wrong. Unfortunately, even after hours of googling I still don't have an answer to my question. I hope someone here can enlighten me.

To reproduce the issue and allow the comparison of other JAX-RS implementations, I uploaded a small demo application to Github. It requires only Maven and JDK 8 to run.

Thank you in advance,

Martin