Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-4427

Error details are discarded and never sent to the client

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.7
    • Fix Version/s: 2.6.2, 2.7
    • Component/s: JAX-RS Security
    • Labels:
    • Estimated Complexity:
      Novice

      Description

      Current AccessTokenService implementation catches all OAuthServiceExceptions and returns a generic error response discarding all the exception details:

      ServerAccessToken serverToken = null;
      try

      { serverToken = handler.createAccessToken(client, params); }

      catch (OAuthServiceException ex)

      { // the error response is to be returned next }

      if (serverToken == null)

      { return createErrorResponse(params, OAuthConstants.INVALID_GRANT); }

      I think it would be more useful to create the OAuthError object to return using the exception's message, in order to receive the error code/details at the client layer

        Attachments

          Activity

            People

            • Assignee:
              sergey_beryozkin Sergey Beryozkin
              Reporter:
              jordi Jordi Gerona
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: