You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Levi Miller (JIRA)" <ji...@apache.org> on 2019/01/15 21:13:00 UTC
[jira] [Updated] (CXF-7944) OAuthClientUtils hides error message if
it contains a comma
[ https://issues.apache.org/jira/browse/CXF-7944?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Levi Miller updated CXF-7944:
-----------------------------
Description:
OAuthClientUtils.getAccessToken hides the response error if the error message contains a comma.
The root cause of this is that OAuthJSONProvider.readJSONResponse uses String.split(",") to parse the json string, which throws
{code:java}
java.lang.StringIndexOutOfBoundsException: String index out of range: -1{code}
if there are unexpected commas.
Stack trace:
{code:java}
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(Unknown Source)
at org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider.readJSONResponse(OAuthJSONProvider.java:310)
at org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:312)
at org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:231)
at org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:179){code}
Json:
{code:java}
{"error":"invalid_client","error_description":"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."}{code}
was:
OAuthClientUtils.getAccessToken hides the response error if the error message contains a comma.
The root cause of this is that OAuthJSONProvider.readJSONResponse uses String.split(",") to parse the json string, which throws
{code:java}
java.lang.StringIndexOutOfBoundsException: String index out of range: -1{code}
if there are unexpected commas.
Stack trace:
{code:java}
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(Unknown Source)
at org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider.readJSONResponse(OAuthJSONProvider.java:310)
at org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:312)
at org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:231)
at org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:179){code}
> OAuthClientUtils hides error message if it contains a comma
> -----------------------------------------------------------
>
> Key: CXF-7944
> URL: https://issues.apache.org/jira/browse/CXF-7944
> Project: CXF
> Issue Type: Bug
> Affects Versions: 3.2.7
> Reporter: Levi Miller
> Priority: Major
>
> OAuthClientUtils.getAccessToken hides the response error if the error message contains a comma.
> The root cause of this is that OAuthJSONProvider.readJSONResponse uses String.split(",") to parse the json string, which throws
> {code:java}
> java.lang.StringIndexOutOfBoundsException: String index out of range: -1{code}
> if there are unexpected commas.
>
> Stack trace:
> {code:java}
> java.lang.StringIndexOutOfBoundsException: String index out of range: -1
> at java.lang.String.substring(Unknown Source)
> at org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider.readJSONResponse(OAuthJSONProvider.java:310)
> at org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:312)
> at org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:231)
> at org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:179){code}
> Json:
> {code:java}
> {"error":"invalid_client","error_description":"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."}{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)