Martijn Dashorst created CXF-5112:
-------------------------------------
Summary: OAuthUtils causes IllegalArgumentException when returning
400 instead of 401
Key: CXF-5112
URL: https://issues.apache.org/jira/browse/CXF-5112
Project: CXF
Issue Type: Bug
Components: JAX-RS
Affects Versions: 2.7.5
Reporter: Martijn Dashorst
Priority: Minor
OAuthUtils.handleException(MessageContext mc, Exception e, int status)
causes an IllegalArgumentException when one of the token parameters is invalid,
making the oauth request return a 400. However OAuthUtils wants to always throw
a NotAuthorizedException, hiding the original error in an
IllegalArgumentException (which would better be an IllegalStateException in the
first place):
java.lang.RuntimeException: org.apache.cxf.interceptor.Fault: Invalid response
status code. Expected [401], was [400].
at
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:116)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:331)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:203)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:158)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:243)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:168)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:219)
at
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:698)
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1506)
...
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1486)
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:503)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:138)
at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:564)
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:213)
at
org.eclipse.jetty.server.handler.ContextHandler.__doHandle(ContextHandler.java:1094)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java)
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:432)
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:175)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1028)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:136)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:445)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:267)
at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:224)
at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.run(AbstractConnection.java:358)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:601)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:532)
at java.lang.Thread.run(Thread.java:722)
Caused by: org.apache.cxf.interceptor.Fault: Invalid response status code.
Expected [401], was [400].
at
org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:162)
at
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:128)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:198)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:100)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
... 43 more
Caused by: java.lang.IllegalArgumentException: Invalid response status code.
Expected [401], was [400].
at
javax.ws.rs.WebApplicationException.validate(WebApplicationException.java:167)
at
javax.ws.rs.NotAuthorizedException.<init>(NotAuthorizedException.java:98)
at
org.apache.cxf.rs.security.oauth.utils.OAuthUtils.handleException(OAuthUtils.java:185)
at
org.apache.cxf.rs.security.oauth.services.RequestTokenHandler.handle(RequestTokenHandler.java:114)
at
org.apache.cxf.rs.security.oauth.services.RequestTokenService.getRequestToken(RequestTokenService.java:51)
at
org.apache.cxf.rs.security.oauth.services.RequestTokenService.getRequestTokenWithGET(RequestTokenService.java:45)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at
org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180)
at
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
... 48 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
