Uploaded image for project: 'WSO2 Identity Server'
  1. WSO2 Identity Server
  2. IDENTITY-6099

Intermittent error when invoking password reset rest api using browser based client

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 5.3.0-GA
    • Fix Version/s: 5.4.0-M3
    • Component/s: identity-mgt
    • Labels:
      None
    • Severity:
      Major
    • Estimated Complexity:
      Moderate
    • Test cases added:
      Yes

      Description

      When invoking 'Password Reset' using a browser based rest client it throws following exception. This works fine with curl and soap UI.

      [2017-06-26 13:11:59,963] ERROR

      {org.wso2.carbon.identity.auth.valve.AuthenticationValve}

      - Auth Runtime Exception occurred in Authentication valve :
      org.wso2.carbon.identity.auth.service.exception.AuthRuntimeException: Cookies map trying to override existing cookie CookieKey

      {name='JSESSIONID', path='null'}

      at org.wso2.carbon.identity.auth.service.AuthenticationRequest$AuthenticationRequestBuilder.addCookie(AuthenticationRequest.java:155)
      at org.wso2.carbon.identity.auth.service.factory.AuthenticationRequestBuilderFactory.createRequestBuilder(AuthenticationRequestBuilderFactory.java:76)
      at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:72)
      at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
      at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
      at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
      at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
      at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
      at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958)
      at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)
      at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
      at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
      at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756)
      at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715)

      This happens as we prohibit to add two cookies with the same name from [1] and we catch the Runtime exception in [2]. But it should be possible to have two cookies with the same name. As a good practice we should not catch Runtime Exceptions as well.

      [1] https://github.com/wso2-extensions/identity-carbon-auth-rest/blob/7f3ed0516f29a73dd6cdc042ae867fd8bff13ec9/components/org.wso2.carbon.identity.auth.service/src/main/java/org/wso2/carbon/identity/auth/service/AuthenticationRequest.java#L153
      [2] https://github.com/wso2-extensions/identity-carbon-auth-rest/blob/v1.1.1/components/org.wso2.carbon.identity.auth.valve/src/main/java/org/wso2/carbon/identity/auth/valve/AuthenticationValve.java#L92

        Attachments

          Activity

            People

            • Assignee:
              nuwandiw@wso2.com Nuwandi Wickramasinghe
              Reporter:
              hasanthi@wso2.com Hasanthi Dissanayake
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: