Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8689

javascript httpClient appends headers as querystring parameters

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.0.0, 12.0.1, 12.0.2, 12.0.3, 13.0.0
    • Fix Version/s: 12.0.4, 13.5.0
    • Component/s: policy, scripting
    • Labels:
    • Sprint:
      AM Sustaining Sprint 20
    • Support Ticket IDs:

      Description

      Following the example "Scripted Policy Condition", I created the below script.

      MyScriptedPolicyCondition.js
      var response = httpClient.get("http://localhost.localdomain.com:8082/openidm/managed/user/1d1cd0df-5962-49b4-a316-cb083762b667?_fields=*%2Ctenant%2Ctenant%2FSKUs%2Ctenant%2FSKUs%2F*",
      	{
              cookies: [],
              headers: [
      			{ 
      				field: "Content-Type",
      				value: "application/json"
      			},
      			{ 
      				field: "X-OpenIDM-Username",
      				value: "eric"
      			},
      			{ 
      				field: "X-OpenIDM-Password",
      				value: "Password1"
      			}
              ],
          });
      
      logResponse(response);
      var body = JSON.parse(response.getEntity());
      if (body.tenant.SKUs[0] !== null) {
      	authorized = true; 
      }
      
      function logResponse(response) {
          logger.error("User REST Call. Status: " + response.getStatusCode() + ", Body: " + response.getEntity());
      }
      

      To get a better idea of the request that was going out, I set up a simple ncat listener on port 8082. I found that the headers I was passing in my script were being appended as querystring parameters.

      Outbound HTTP Request
      GET /openidm/managed/user/1d1cd0df-5962-49b4-a316-cb083762b667?_fields=*%2Ctenant%2Ctenant%2FSKUs%2Ctenant%2FSKUs%2F*?X-OpenIDM-Username=eric&X-OpenIDM-Password=Password1&Content-Type=application%2Fjson HTTP/1.1
      Date: Fri, 08 Apr 2016 00:01:34 GMT
      Accept: */*
      User-Agent: Restlet-Framework/2.3.4
      Cache-Control: no-cache
      Pragma: no-cache
      Host: localhost.localdomain.com:8082
      Connection: keep-alive
      

      I found that the class executing this was using org.forgerock.openam.scripting.api.http.JavaScriptHttpClient, and the super class at org.forgerock.http.client.RestletHttpClient. The source (https://stash.forgerock.org/projects/OPENAM/repos/openam/browse/openam-http-client/src/main/java/org/forgerock/http/client/RestletHttpClient.java) has the following code on lines 62-67:

      RestletHttpClient.java
                  if (headers != null) {
                      for (Map header : headers) {
                          httpClientRequest.addQueryParameter((String) header.get("field"),
                                  (String) header.get("value"));
                      }
                  }
      

      This code would place all headers as querystring parameters.

        Attachments

          Activity

            People

            • Assignee:
              markdr Mark de Reeper
              Reporter:
              ewirkerman Eric Wirkerman
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 0h
                0h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 2h
                2h