Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-3783

ClassCastException in scriptable access token resolver occurs when invalid token is returned by delegated access token resolver

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 6.0.0, 6.1.0, 6.5.1, 7.0.0
    • 6.5.3, 7.0.0
    • None
    • 4.18.0-15-generic GNU/Linux
      Java JDK 1.8.0_201
      Tomcat 8.5.39
      openig IG 7.0.0-SNAPSHOT (becbbcbda33)
    • 2019.9 - IG / Microservices, 2019.10 - IG / Microservices, 2019.11 - IG / Microservices, 2019.12 - IG / Microservices
    • 5
    • Impediment

    Description

      I wanted to do some additional steps before / after I reach access token resolver, so I encapusate it in scriptable access token resolver by delegate method. When token is valid, everything works fine. However when AccessTokenException is thrown, scriptable access token should propagate that error also and thus return 401, but it fails with 500 due to

      java.lang.ClassCastException: org.forgerock.http.oauth2.AccessTokenException cannot be cast to javax.script.ScriptException

      Steps to reproduce:
      1) Deploy route with stateless access token resolver
      2) Make sure valid tokens returns 200, invalid 401.
      3) Encapsulate SATR with scriptable ATR, for example using this code:

      {
          "type" : "ScriptableAccessTokenResolver",
          "config" : {
                  "type" : "application/x-groovy",
                  "source" : [ "logger.info('Validating token \"' + token + '\"')", "return delegate.resolve(context, token)" ],
                  "args" : {
                  "delegate" : "${heap['DelegatedSATR']}"
              }
          }
      }

      4) Try again both valid and invalid tokens
      Expected result: Valid tokens return 200, invalid 401
      Actual result: Valid tokens return 200, invalid 500 with ClassCastException in logs

      Attachments

        Activity

          People

            wayne.morrison Wayne Morrison
            jan.hajovsky Jan Hajovsky
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: