Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
6.0.0, 6.1.0, 6.5.1, 7.0.0
-
None
-
4.18.0-15-generic GNU/Linux
Java JDK 1.8.0_201
Tomcat 8.5.39
openig IG 7.0.0-SNAPSHOT (becbbcbda33)
-
2019.9 - IG / Microservices, 2019.10 - IG / Microservices, 2019.11 - IG / Microservices, 2019.12 - IG / Microservices
-
5
-
Impediment
Description
I wanted to do some additional steps before / after I reach access token resolver, so I encapusate it in scriptable access token resolver by delegate method. When token is valid, everything works fine. However when AccessTokenException is thrown, scriptable access token should propagate that error also and thus return 401, but it fails with 500 due to
java.lang.ClassCastException: org.forgerock.http.oauth2.AccessTokenException cannot be cast to javax.script.ScriptException
Steps to reproduce:
1) Deploy route with stateless access token resolver
2) Make sure valid tokens returns 200, invalid 401.
3) Encapsulate SATR with scriptable ATR, for example using this code:
{
"type" : "ScriptableAccessTokenResolver",
"config" : {
"type" : "application/x-groovy",
"source" : [ "logger.info('Validating token \"' + token + '\"')", "return delegate.resolve(context, token)" ],
"args" : {
"delegate" : "${heap['DelegatedSATR']}"
}
}
}
4) Try again both valid and invalid tokens
Expected result: Valid tokens return 200, invalid 401
Actual result: Valid tokens return 200, invalid 500 with ClassCastException in logs