Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15040

CIBA authorization request returns HTTP 500 NPE when file is wrong

    Details

    • Sprint:
      AM 2019.15 - Gears

      Description

      Bug description

      There is HTTP Error 500 when there is wrong POST body in CIBA authorization request.

      How to reproduce the issue

      1. configure openid connect service
      2. add oauth2 client with name and password, add backchannel grant type
      3. do authorize request with JSON file instead of JWT or no payload at all
      Expected behaviour
      Error leading customer to what is expected request payload
      
      Current behaviour
      $ http -v -a ${USER}:${PASS} POST ${URL}/oauth2/bc-authorize
      POST /openam/oauth2/bc-authorize HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      Authorization: Basic bXlDbGllbnRJRDpwYXNzd29yZA==
      Connection: keep-alive
      Content-Length: 0
      Host: amqa-clone70.test.forgerock.com:8080
      User-Agent: HTTPie/0.9.8
      
      HTTP/1.1 500 
      Connection: close
      Content-Length: 24
      Content-Type: application/json;charset=UTF-8
      Date: Wed, 05 Jun 2019 09:46:41 GMT
      X-Content-Type-Options: nosniff
      X-Frame-Options: SAMEORIGIN
      
      {
          "error": "server_error"
      }
      
      $ cat openam/openam/debug/OAuth2Provider 
      o.f.o.r.ExceptionHandler: 2019-06-05 10:46:41,688: Thread[http-nio-8080-exec-10]: TransactionId[7eb23208-34c3-4c55-9f2a-a332659acf74-61802]
      ERROR: Unhandled exception: 
      java.lang.NullPointerException: null
      	at org.forgerock.json.jose.common.JwtReconstruction.reconstructJwt(JwtReconstruction.java:61)
      	at org.forgerock.oauth2.core.OAuth2Jwt.create(OAuth2Jwt.java:70)
      	at org.forgerock.oauth2.restlet.BackChannelResource.backChannelAuthorize(BackChannelResource.java:136)
      	at sun.reflect.GeneratedMethodAccessor105.invoke(Unknown Source)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:483)
      	at org.forgerock.openam.http.annotations.AnnotatedMethod.invoke(AnnotatedMethod.java:81)
      	at org.forgerock.openam.http.annotations.Endpoints$1.handle(Endpoints.java:77)
      	at org.forgerock.http.handler.Handlers$UndescribedAsDescribableHandler.handle(Handlers.java:179)
      	at org.forgerock.openam.audit.AbstractHttpAccessAuditFilter.filter(AbstractHttpAccessAuditFilter.java:88)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.routing.Router.handle(Router.java:100)
      	at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:85)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.routing.Router.handle(Router.java:100)
      	at org.forgerock.openam.http.HttpRoute$6.handle(HttpRoute.java:206)
      	at org.forgerock.http.routing.Router.handle(Router.java:100)
      	at org.forgerock.openam.dpro.session.ProofOfPossessionTokenFilter.filter(ProofOfPossessionTokenFilter.java:88)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:63)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.openam.http.ApiDescriptorFilter.filter(ApiDescriptorFilter.java:139)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.openam.http.ResponseContext$ResponseContextFilter.filter(ResponseContext.java:53)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.openam.http.OpenAMHttpApplication.lambda$static$1(OpenAMHttpApplication.java:60)
      	at org.forgerock.openam.http.OpenAMHttpApplication$$Lambda$828/1545480468.filter(Unknown Source)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.openam.http.OpenAMHttpApplication.lambda$cacheHeaderFilter$3(OpenAMHttpApplication.java:88)
      	at org.forgerock.openam.http.OpenAMHttpApplication$$Lambda$899/1215841189.filter(Unknown Source)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:86)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:265)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:59)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:115)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:47)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
      	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
      	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
      	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
      	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
      	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)
      	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)
      	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      	at java.lang.Thread.run(Thread.java:745)
      
      

       

        Attachments

          Activity

            People

            • Assignee:
              kevin.umebolu Kevin Umebolu
              Reporter:
              lubomir.mlich Ľubomír Mlích
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: