[OPENAM-12533] Internal server error if JSON cannot be parsed by the json/authenticate endpoint - ForgeRock JIRA

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5.1, 6.0.0
Fix Version/s: 6.0.0, 5.5.2
Component/s: None
Labels:
- AME
- NEWTON
- candidate

Target Version/s:

6.0.0, 5.5.2

Sprint:
Sprint 2018.3 Newton
Needs backport:

Yes

Verified Version/s:

6.0.0, 5.5.2
Needs QA verification:

Yes
Functional tests:

Yes
Are the reproduction steps defined?:

Yes but I used my own steps. (If so, please add them in a new comment)

Description

Bug description

If the content posted to /json/authenticate endpoint cannot be parsed Internal Server Error occurs. The user does not get any notification nor explanation for this error. The proper behaviour should be to handle the exception internally and to send the reason of the failure back to the user.

How to reproduce the issue

install AM
send a curl query with invalid content to /json/authenticate, for example:

curl --request POST \
--url 'http://openam.example.com:8080/openam/json/realms/root/authenticate?authIndexType=service&authIndexValue=ldapService' \
--header 'Accept-API-Version: protocol=1.0,resource=2.0' \
--header 'Cache-Control: no-cache' \
--header 'Content-Type: application/json' \
--header 'X-Requested-With: XMLHttpRequest' \
--data '{\n}'

Expected behaviour

Proper JSON response indicating the reason for the failure.

Current behaviour

No output is observed

What is observed in the debug log:

==> org.forgerock.http.servlet.HttpFrameworkServlet <==
org.forgerock.http.servlet.HttpFrameworkServlet:03/02/2018 09:29:09:632 AM GMT: Thread[http-nio-8081-exec-5,5,main]: TransactionId[28becdb4-569c-4199-9bca-691cb09ad51d-3155]
ERROR: RuntimeException caught
org.forgerock.json.JsonException: Failed to parse json
at org.forgerock.openam.utils.JsonValueBuilder.toJsonValue(JsonValueBuilder.java:52)
at org.forgerock.openam.core.rest.authn.AuthenticationAccessAuditFilter.populateAuditRequestContext(AuthenticationAccessAuditFilter.java:57)
at org.forgerock.openam.audit.AbstractHttpAccessAuditFilter.filter(AbstractHttpAccessAuditFilter.java:57)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.http.routing.Router.handle(Router.java:100)
at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:80)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.http.routing.Router.handle(Router.java:100)
at org.forgerock.http.routing.Router.handle(Router.java:100)
at org.forgerock.openam.rest.RealmRoutingFactory$ChfRealmRouter.handle(RealmRoutingFactory.java:140)
at org.forgerock.http.handler.Handlers$UndescribedAsDescribableHandler.handle(Handlers.java:179)
at org.forgerock.openam.rest.RealmRoutingFactory$HostnameFilter.filter(RealmRoutingFactory.java:117)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.http.routing.Router.handle(Router.java:100)
at org.forgerock.http.routing.Router.handle(Router.java:100)
at org.forgerock.openam.rest.CsrfFilter.filter(CsrfFilter.java:95)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:59)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:188)
at org.forgerock.caf.authentication.framework.AuthenticationFramework.lambda$onValidateRequestSuccess$1(AuthenticationFramework.java:181)
at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:241)
at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:144)
at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:134)
at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:84)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.openam.http.GuiceHandler.handle(GuiceHandler.java:51)
at org.forgerock.openam.http.HttpRoute$6.handle(HttpRoute.java:206)
at org.forgerock.http.routing.Router.handle(Router.java:100)
at org.forgerock.openam.dpro.session.ProofOfPossessionTokenFilter.filter(ProofOfPossessionTokenFilter.java:88)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:63)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.openam.http.ApiDescriptorFilter.filter(ApiDescriptorFilter.java:139)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.openam.http.OpenAMHttpApplication$1.filter(OpenAMHttpApplication.java:74)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:75)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:254)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.forgerock.openam.rest.ProtocolVersionFilter.doFilter(ProtocolVersionFilter.java:65)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:112)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: com.fasterxml.jackson.core.JsonParseException: Unexpected character ('\' (code 92)): was expecting double-quote to start field name
at [Source: (String)"{\n}"; line: 1, column: 3]
at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1804)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:663)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:561)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddName(ReaderBasedJsonParser.java:1757)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextFieldName(ReaderBasedJsonParser.java:907)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer._readAndBindStringKeyMap(MapDeserializer.java:500)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:364)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:29)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4001)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2992)
at org.forgerock.openam.utils.JsonValueBuilder.toJsonValue(JsonValueBuilder.java:50)
... 78 more

Attachments

Issue Links

is related to

OPENAM-12463 Undefined error when logging in via in-memory Authentication Trees with stickyless load balancing

Closed

Internal server error if JSON cannot be parsed by the json/authenticate endpoint