Affects Version/s: 13.5.1, 14.1.1
Environment:Tomcat 7 & 8.5.x
Currently if the custom scope validator is added, when there is error the logging is not so good or sometimes missing.
1. Configure a custom scope validator
2. Configure an OAuth2 client
3. Test this is works and enable MESSAGE debug
Now there is two case
a) Class missing. Remove the class
OAuth2Provider:08/14/2017 05:21:27:725 PM SGT: Thread[http-nio-8080-exec-6,5,main]: TransactionId[87f17755-76ed-4759-8541-c002cde8812e-72]
- The logs is not corrrect.
Case b) Class is found but may not be accessible due to permission
(possibly due to different user / provisioning issues etc)
In this case there is no indication of any failure in the getScopeValidator()
and the scope validator is not loaded (there is not even any class not found
The improvement request is to print more details. Case (b) is very non-obvious when ScopeValidator
fails to load due to the above permission issue. (PS: the above is not see in the logs but because of and explicitly debug is attached to trap why things fail)
Better error for failing to load the validators.
getScopeValidator() does do Class.forName(...) but the code
then catches ClassNotFoundException(e) and logs (e.getMessage()).
The problem is that this only gives classname. So the case of this
should be changed to log a more correct error
Now there are other possible failure and those seeps out and
caught up by later OAuth2 service routine (they are wrapped
in ServerException) and sometime just do not provide reason why
the Scope Validator is causing this (no error). In the case of the failure where scope validator classes is not readable, Tomcat throws NPE
for Class.forName() . So maybe this needs to be trapped.