Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 5.5.1, 6.0.0
-
Component/s: None
Description
Bug description
If the content posted to /json/authenticate endpoint cannot be parsed Internal Server Error occurs. The user does not get any notification nor explanation for this error. The proper behaviour should be to handle the exception internally and to send the reason of the failure back to the user.
How to reproduce the issue
- install AM
- send a curl query with invalid content to /json/authenticate, for example:
curl --request POST \
--url 'http://openam.example.com:8080/openam/json/realms/root/authenticate?authIndexType=service&authIndexValue=ldapService' \
--header 'Accept-API-Version: protocol=1.0,resource=2.0' \
--header 'Cache-Control: no-cache' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: XMLHttpRequest' \
--data '{\n}'
Expected behaviour
Proper JSON response indicating the reason for the failure.
Current behaviour
No output is observed
What is observed in the debug log:
==> org.forgerock.http.servlet.HttpFrameworkServlet <==
org.forgerock.http.servlet.HttpFrameworkServlet:03/02/2018 09:29:09:632 AM GMT: Thread[http-nio-8081-exec-5,5,main]: TransactionId[28becdb4-569c-4199-9bca-691cb09ad51d-3155]
ERROR: RuntimeException caught
org.forgerock.json.JsonException: Failed to parse json
at org.forgerock.openam.utils.JsonValueBuilder.toJsonValue(JsonValueBuilder.java:52)
at org.forgerock.openam.core.rest.authn.AuthenticationAccessAuditFilter.populateAuditRequestContext(AuthenticationAccessAuditFilter.java:57)
at org.forgerock.openam.audit.AbstractHttpAccessAuditFilter.filter(AbstractHttpAccessAuditFilter.java:57)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.http.routing.Router.handle(Router.java:100)
at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:80)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.http.routing.Router.handle(Router.java:100)
at org.forgerock.http.routing.Router.handle(Router.java:100)
at org.forgerock.openam.rest.RealmRoutingFactory$ChfRealmRouter.handle(RealmRoutingFactory.java:140)
at org.forgerock.http.handler.Handlers$UndescribedAsDescribableHandler.handle(Handlers.java:179)
at org.forgerock.openam.rest.RealmRoutingFactory$HostnameFilter.filter(RealmRoutingFactory.java:117)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.http.routing.Router.handle(Router.java:100)
at org.forgerock.http.routing.Router.handle(Router.java:100)
at org.forgerock.openam.rest.CsrfFilter.filter(CsrfFilter.java:95)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:59)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:188)
at org.forgerock.caf.authentication.framework.AuthenticationFramework.lambda$onValidateRequestSuccess$1(AuthenticationFramework.java:181)
at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:241)
at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:144)
at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:134)
at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:84)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.openam.http.GuiceHandler.handle(GuiceHandler.java:51)
at org.forgerock.openam.http.HttpRoute$6.handle(HttpRoute.java:206)
at org.forgerock.http.routing.Router.handle(Router.java:100)
at org.forgerock.openam.dpro.session.ProofOfPossessionTokenFilter.filter(ProofOfPossessionTokenFilter.java:88)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:63)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.openam.http.ApiDescriptorFilter.filter(ApiDescriptorFilter.java:139)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.openam.http.OpenAMHttpApplication$1.filter(OpenAMHttpApplication.java:74)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:75)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:254)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.forgerock.openam.rest.ProtocolVersionFilter.doFilter(ProtocolVersionFilter.java:65)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:112)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: com.fasterxml.jackson.core.JsonParseException: Unexpected character ('\' (code 92)): was expecting double-quote to start field name
at [Source: (String)"{\n}"; line: 1, column: 3]
at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1804)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:663)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:561)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddName(ReaderBasedJsonParser.java:1757)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextFieldName(ReaderBasedJsonParser.java:907)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer._readAndBindStringKeyMap(MapDeserializer.java:500)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:364)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:29)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4001)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2992)
at org.forgerock.openam.utils.JsonValueBuilder.toJsonValue(JsonValueBuilder.java:50)
... 78 more
Attachments
Issue Links
- is related to
-
-
- Closed
-