Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-683

Too much information in response in case of error

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.0.0
    • Fix Version/s: 4.5.0
    • Component/s: None
    • Labels:
    • Sprint:
      OpenIG Sprint 74, OpenIG Sprint 75

      Description

      OpenIG gives too much information to the client that issued the original request. In case of an error, OpenIG has to be succinct about the error and tries not to publish any "confidential" information. This kind of information should only be published onto the loggers for troubleshooting by the administrator.

      As an example, with OpenIG acting as a simple proxy, here is the response we get :

      $ http http://localhost:9876/time
      HTTP/1.1 502 Bad Gateway
      Content-Length: 56
      Date: Tue, 20 Oct 2015 12:06:34 GMT
      Server: Jetty(9.2.11.v20150529)
      
      Failed to obtain response for http://localhost:8080/time
      

      ==> OpenIG should not publish the target host into the response. The response's content might be something like "Bad Gateway" but in the log files we should have a trace of that event with much as possible.

      Another example is when you use a Groovy script : in the response, we get the compilation error message : we should get a 500 error page with the following message : "An unexpected error happend. Please contact your system administrator." All the compilation error messages have to be in the log files.

      To ease the troubleshooting, we might provide a request Id (the context id ? ) in the response as well in the log files.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                violette Violette Roche Montane
                Reporter:
                laurent.vaills Laurent Vaills
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: