Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-7944

OAuthClientUtils hides error message if it contains a comma

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2.7
    • Fix Version/s: 3.2.8, 3.3.0
    • Component/s: None
    • Labels:
      None
    • Estimated Complexity:
      Novice

      Description

      OAuthClientUtils.getAccessToken hides the response error if the error message contains a comma.

      The root cause of this is that OAuthJSONProvider.readJSONResponse uses String.split(",") to parse the json string, which throws

      java.lang.StringIndexOutOfBoundsException: String index out of range: -1

      if there are unexpected commas.

       

      Stack trace:

      java.lang.StringIndexOutOfBoundsException: String index out of range: -1
      	at java.lang.String.substring(Unknown Source)
      	at org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider.readJSONResponse(OAuthJSONProvider.java:310)
      	at org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:312)
      	at org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:231)
      	at org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:179)

      response.getEntity() json string:

      {"error":"invalid_client","error_description":"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."}

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              levi.miller Levi Miller
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: