[jira] [Resolved] (CXF-5112) OAuthUtils causes IllegalArgumentException when returning 400 instead of 401

Sergey Beryozkin (JIRA) Mon, 08 Jul 2013 04:44:26 -0700

     [ 
https://issues.apache.org/jira/browse/CXF-5112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Sergey Beryozkin resolved CXF-5112.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 3.0.0
                   2.7.6
         Assignee: Sergey Beryozkin

I think it is a regression, initially WebApplicationException was thrown which 
was covering all error codes.

I've updated the code to return the error Response directly:
http://svn.apache.org/r1500669



                
> OAuthUtils causes IllegalArgumentException when returning 400 instead of 401
> ----------------------------------------------------------------------------
>
>                 Key: CXF-5112
>                 URL: https://issues.apache.org/jira/browse/CXF-5112
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 2.7.5
>            Reporter: Martijn Dashorst
>            Assignee: Sergey Beryozkin
>            Priority: Minor
>             Fix For: 2.7.6, 3.0.0
>
>
> OAuthUtils.handleException(MessageContext mc, Exception e, int status)
> causes an IllegalArgumentException when one of the token parameters is 
> invalid, making the oauth request return a 400. However OAuthUtils wants to 
> always throw a NotAuthorizedException, hiding the original error in an 
> IllegalArgumentException (which would better be an IllegalStateException in 
> the first place):
> java.lang.RuntimeException: org.apache.cxf.interceptor.Fault: Invalid 
> response status code. Expected [401], was [400].
>       at 
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:116)
>       at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:331)
>       at 
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>       at 
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
>       at 
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
>       at 
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:203)
>       at 
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)
>       at 
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:158)
>       at 
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:243)
>       at 
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:168)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
>       at 
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:219)
>       at 
> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:698)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1506)
>     ...
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1486)
>       at 
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:503)
>       at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:138)
>       at 
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:564)
>       at 
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:213)
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.__doHandle(ContextHandler.java:1094)
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java)
>       at 
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:432)
>       at 
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:175)
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1028)
>       at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:136)
>       at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
>       at org.eclipse.jetty.server.Server.handle(Server.java:445)
>       at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:267)
>       at 
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:224)
>       at 
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.run(AbstractConnection.java:358)
>       at 
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:601)
>       at 
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:532)
>       at java.lang.Thread.run(Thread.java:722)
> Caused by: org.apache.cxf.interceptor.Fault: Invalid response status code. 
> Expected [401], was [400].
>       at 
> org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:162)
>       at 
> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:128)
>       at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:198)
>       at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:100)
>       at 
> org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
>       at 
> org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
>       at 
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
>       ... 43 more
> Caused by: java.lang.IllegalArgumentException: Invalid response status code. 
> Expected [401], was [400].
>       at 
> javax.ws.rs.WebApplicationException.validate(WebApplicationException.java:167)
>       at 
> javax.ws.rs.NotAuthorizedException.<init>(NotAuthorizedException.java:98)
>       at 
> org.apache.cxf.rs.security.oauth.utils.OAuthUtils.handleException(OAuthUtils.java:185)
>       at 
> org.apache.cxf.rs.security.oauth.services.RequestTokenHandler.handle(RequestTokenHandler.java:114)
>       at 
> org.apache.cxf.rs.security.oauth.services.RequestTokenService.getRequestToken(RequestTokenService.java:51)
>       at 
> org.apache.cxf.rs.security.oauth.services.RequestTokenService.getRequestTokenWithGET(RequestTokenService.java:45)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>       at java.lang.reflect.Method.invoke(Method.java:601)
>       at 
> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180)
>       at 
> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
>       ... 48 more

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (CXF-5112) OAuthUtils causes IllegalArgumentException when returning 400 instead of 401

Reply via email to