Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12533

Internal server error if JSON cannot be parsed by the json/authenticate endpoint

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5.1, 6.0.0
    • Fix Version/s: 6.0.0, 5.5.2
    • Component/s: None
    • Labels:
    • Sprint:
      Sprint 2018.3 Newton
    • Needs backport:
      Yes
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes but I used my own steps. (If so, please add them in a new comment)

      Description

      Bug description

      If the content posted to /json/authenticate endpoint cannot be parsed Internal Server Error occurs. The user does not get any notification nor explanation for this error. The proper behaviour should be to handle the exception internally and to send the reason of the failure back to the user.

      How to reproduce the issue

      1. install AM
      2. send a curl query with invalid content to /json/authenticate, for example:
      curl --request POST \
      --url 'http://openam.example.com:8080/openam/json/realms/root/authenticate?authIndexType=service&authIndexValue=ldapService' \
      --header 'Accept-API-Version: protocol=1.0,resource=2.0' \
      --header 'Cache-Control: no-cache' \
      --header 'Content-Type: application/json' \
      --header 'X-Requested-With: XMLHttpRequest' \
      --data '{\n}'
      Expected behaviour
      Proper JSON response indicating the reason for the failure.
      
      Current behaviour
      No output is observed

       

      What is observed in the debug log:

      ==> org.forgerock.http.servlet.HttpFrameworkServlet <==
      org.forgerock.http.servlet.HttpFrameworkServlet:03/02/2018 09:29:09:632 AM GMT: Thread[http-nio-8081-exec-5,5,main]: TransactionId[28becdb4-569c-4199-9bca-691cb09ad51d-3155]
      ERROR: RuntimeException caught
      org.forgerock.json.JsonException: Failed to parse json
      at org.forgerock.openam.utils.JsonValueBuilder.toJsonValue(JsonValueBuilder.java:52)
      at org.forgerock.openam.core.rest.authn.AuthenticationAccessAuditFilter.populateAuditRequestContext(AuthenticationAccessAuditFilter.java:57)
      at org.forgerock.openam.audit.AbstractHttpAccessAuditFilter.filter(AbstractHttpAccessAuditFilter.java:57)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      at org.forgerock.http.routing.Router.handle(Router.java:100)
      at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:80)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      at org.forgerock.http.routing.Router.handle(Router.java:100)
      at org.forgerock.http.routing.Router.handle(Router.java:100)
      at org.forgerock.openam.rest.RealmRoutingFactory$ChfRealmRouter.handle(RealmRoutingFactory.java:140)
      at org.forgerock.http.handler.Handlers$UndescribedAsDescribableHandler.handle(Handlers.java:179)
      at org.forgerock.openam.rest.RealmRoutingFactory$HostnameFilter.filter(RealmRoutingFactory.java:117)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      at org.forgerock.http.routing.Router.handle(Router.java:100)
      at org.forgerock.http.routing.Router.handle(Router.java:100)
      at org.forgerock.openam.rest.CsrfFilter.filter(CsrfFilter.java:95)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      at org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:59)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:188)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework.lambda$onValidateRequestSuccess$1(AuthenticationFramework.java:181)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:241)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:144)
      at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:134)
      at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:84)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      at org.forgerock.openam.http.GuiceHandler.handle(GuiceHandler.java:51)
      at org.forgerock.openam.http.HttpRoute$6.handle(HttpRoute.java:206)
      at org.forgerock.http.routing.Router.handle(Router.java:100)
      at org.forgerock.openam.dpro.session.ProofOfPossessionTokenFilter.filter(ProofOfPossessionTokenFilter.java:88)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      at org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:63)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      at org.forgerock.openam.http.ApiDescriptorFilter.filter(ApiDescriptorFilter.java:139)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      at org.forgerock.openam.http.OpenAMHttpApplication$1.filter(OpenAMHttpApplication.java:74)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:75)
      at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:254)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      at org.forgerock.openam.rest.ProtocolVersionFilter.doFilter(ProtocolVersionFilter.java:65)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:112)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
      at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
      at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
      at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
      at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789)
      at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
      at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      at java.lang.Thread.run(Thread.java:745)
      Caused by: com.fasterxml.jackson.core.JsonParseException: Unexpected character ('\' (code 92)): was expecting double-quote to start field name
      at [Source: (String)"{\n}"; line: 1, column: 3]
      at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1804)
      at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:663)
      at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:561)
      at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddName(ReaderBasedJsonParser.java:1757)
      at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextFieldName(ReaderBasedJsonParser.java:907)
      at com.fasterxml.jackson.databind.deser.std.MapDeserializer._readAndBindStringKeyMap(MapDeserializer.java:500)
      at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:364)
      at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:29)
      at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4001)
      at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2992)
      at org.forgerock.openam.utils.JsonValueBuilder.toJsonValue(JsonValueBuilder.java:50)
      ... 78 more

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ken.stubbings Ken Stubbings
                Reporter:
                n4al Nemanja Lukic
                QA Assignee:
                Nemanja Lukic
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: