cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-5112) OAuthUtils causes IllegalArgumentException when returning 400 instead of 401
Date Mon, 08 Jul 2013 11:43:49 GMT

     [ https://issues.apache.org/jira/browse/CXF-5112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sergey Beryozkin resolved CXF-5112.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 3.0.0
                   2.7.6
         Assignee: Sergey Beryozkin

I think it is a regression, initially WebApplicationException was thrown which was covering
all error codes.

I've updated the code to return the error Response directly:
http://svn.apache.org/r1500669



                
> OAuthUtils causes IllegalArgumentException when returning 400 instead of 401
> ----------------------------------------------------------------------------
>
>                 Key: CXF-5112
>                 URL: https://issues.apache.org/jira/browse/CXF-5112
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 2.7.5
>            Reporter: Martijn Dashorst
>            Assignee: Sergey Beryozkin
>            Priority: Minor
>             Fix For: 2.7.6, 3.0.0
>
>
> OAuthUtils.handleException(MessageContext mc, Exception e, int status)
> causes an IllegalArgumentException when one of the token parameters is invalid, making
the oauth request return a 400. However OAuthUtils wants to always throw a NotAuthorizedException,
hiding the original error in an IllegalArgumentException (which would better be an IllegalStateException
in the first place):
> java.lang.RuntimeException: org.apache.cxf.interceptor.Fault: Invalid response status
code. Expected [401], was [400].
> 	at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:116)
> 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:331)
> 	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> 	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
> 	at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
> 	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:203)
> 	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)
> 	at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:158)
> 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:243)
> 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:168)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
> 	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:219)
> 	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:698)
> 	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1506)
>     ...
> 	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1486)
> 	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:503)
> 	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:138)
> 	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:564)
> 	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:213)
> 	at org.eclipse.jetty.server.handler.ContextHandler.__doHandle(ContextHandler.java:1094)
> 	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java)
> 	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:432)
> 	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:175)
> 	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1028)
> 	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:136)
> 	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
> 	at org.eclipse.jetty.server.Server.handle(Server.java:445)
> 	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:267)
> 	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:224)
> 	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.run(AbstractConnection.java:358)
> 	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:601)
> 	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:532)
> 	at java.lang.Thread.run(Thread.java:722)
> Caused by: org.apache.cxf.interceptor.Fault: Invalid response status code. Expected [401],
was [400].
> 	at org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:162)
> 	at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:128)
> 	at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:198)
> 	at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:100)
> 	at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
> 	at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
> 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
> 	... 43 more
> Caused by: java.lang.IllegalArgumentException: Invalid response status code. Expected
[401], was [400].
> 	at javax.ws.rs.WebApplicationException.validate(WebApplicationException.java:167)
> 	at javax.ws.rs.NotAuthorizedException.<init>(NotAuthorizedException.java:98)
> 	at org.apache.cxf.rs.security.oauth.utils.OAuthUtils.handleException(OAuthUtils.java:185)
> 	at org.apache.cxf.rs.security.oauth.services.RequestTokenHandler.handle(RequestTokenHandler.java:114)
> 	at org.apache.cxf.rs.security.oauth.services.RequestTokenService.getRequestToken(RequestTokenService.java:51)
> 	at org.apache.cxf.rs.security.oauth.services.RequestTokenService.getRequestTokenWithGET(RequestTokenService.java:45)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:601)
> 	at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180)
> 	at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
> 	... 48 more

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message