Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 5.5.1, 6.0.0
-
Component/s: None
Description
Bug description
If the content posted to /json/authenticate endpoint cannot be parsed Internal Server Error occurs. The user does not get any notification nor explanation for this error. The proper behaviour should be to handle the exception internally and to send the reason of the failure back to the user.
How to reproduce the issue
- install AM
- send a curl query with invalid content to /json/authenticate, for example:
curl --request POST \ --url 'http://openam.example.com:8080/openam/json/realms/root/authenticate?authIndexType=service&authIndexValue=ldapService' \ --header 'Accept-API-Version: protocol=1.0,resource=2.0' \ --header 'Cache-Control: no-cache' \ --header 'Content-Type: application/json' \ --header 'X-Requested-With: XMLHttpRequest' \ --data '{\n}'
Expected behaviour
Proper JSON response indicating the reason for the failure.
Current behaviour
No output is observed
What is observed in the debug log:
==> org.forgerock.http.servlet.HttpFrameworkServlet <== org.forgerock.http.servlet.HttpFrameworkServlet:03/02/2018 09:29:09:632 AM GMT: Thread[http-nio-8081-exec-5,5,main]: TransactionId[28becdb4-569c-4199-9bca-691cb09ad51d-3155] ERROR: RuntimeException caught org.forgerock.json.JsonException: Failed to parse json at org.forgerock.openam.utils.JsonValueBuilder.toJsonValue(JsonValueBuilder.java:52) at org.forgerock.openam.core.rest.authn.AuthenticationAccessAuditFilter.populateAuditRequestContext(AuthenticationAccessAuditFilter.java:57) at org.forgerock.openam.audit.AbstractHttpAccessAuditFilter.filter(AbstractHttpAccessAuditFilter.java:57) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53) at org.forgerock.http.routing.Router.handle(Router.java:100) at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:80) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53) at org.forgerock.http.routing.Router.handle(Router.java:100) at org.forgerock.http.routing.Router.handle(Router.java:100) at org.forgerock.openam.rest.RealmRoutingFactory$ChfRealmRouter.handle(RealmRoutingFactory.java:140) at org.forgerock.http.handler.Handlers$UndescribedAsDescribableHandler.handle(Handlers.java:179) at org.forgerock.openam.rest.RealmRoutingFactory$HostnameFilter.filter(RealmRoutingFactory.java:117) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53) at org.forgerock.http.routing.Router.handle(Router.java:100) at org.forgerock.http.routing.Router.handle(Router.java:100) at org.forgerock.openam.rest.CsrfFilter.filter(CsrfFilter.java:95) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53) at org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:59) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53) at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:188) at org.forgerock.caf.authentication.framework.AuthenticationFramework.lambda$onValidateRequestSuccess$1(AuthenticationFramework.java:181) at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252) at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:241) at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:144) at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:134) at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:84) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53) at org.forgerock.openam.http.GuiceHandler.handle(GuiceHandler.java:51) at org.forgerock.openam.http.HttpRoute$6.handle(HttpRoute.java:206) at org.forgerock.http.routing.Router.handle(Router.java:100) at org.forgerock.openam.dpro.session.ProofOfPossessionTokenFilter.filter(ProofOfPossessionTokenFilter.java:88) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53) at org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:63) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53) at org.forgerock.openam.http.ApiDescriptorFilter.filter(ApiDescriptorFilter.java:139) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53) at org.forgerock.openam.http.OpenAMHttpApplication$1.filter(OpenAMHttpApplication.java:74) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53) at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:75) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53) at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:254) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at org.forgerock.openam.rest.ProtocolVersionFilter.doFilter(ProtocolVersionFilter.java:65) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:112) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: com.fasterxml.jackson.core.JsonParseException: Unexpected character ('\' (code 92)): was expecting double-quote to start field name at [Source: (String)"{\n}"; line: 1, column: 3] at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1804) at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:663) at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:561) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddName(ReaderBasedJsonParser.java:1757) at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextFieldName(ReaderBasedJsonParser.java:907) at com.fasterxml.jackson.databind.deser.std.MapDeserializer._readAndBindStringKeyMap(MapDeserializer.java:500) at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:364) at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:29) at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4001) at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2992) at org.forgerock.openam.utils.JsonValueBuilder.toJsonValue(JsonValueBuilder.java:50) ... 78 more
Attachments
Issue Links
- is related to
-
OPENAM-12463 Undefined error when logging in via in-memory Authentication Trees with stickyless load balancing
-
- Closed
-