[IDENTITY-6099] Intermittent error when invoking password reset rest api using browser based client Created: 26/Jun/17  Updated: 15/Aug/17  Resolved: 14/Aug/17

Status: Resolved
Project: WSO2 Identity Server
Component/s: identity-mgt
Affects Version/s: 5.3.0-GA
Fix Version/s: 5.4.0-M3

Type: Bug Priority: High
Reporter: Hasanthi Dissanayake Assignee: Nuwandi Wickramasinghe
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Severity: Major
Estimated Complexity: Moderate
Test cases added: Yes

 Description   

When invoking 'Password Reset' using a browser based rest client it throws following exception. This works fine with curl and soap UI.

[2017-06-26 13:11:59,963] ERROR

{org.wso2.carbon.identity.auth.valve.AuthenticationValve}

- Auth Runtime Exception occurred in Authentication valve :
org.wso2.carbon.identity.auth.service.exception.AuthRuntimeException: Cookies map trying to override existing cookie CookieKey

{name='JSESSIONID', path='null'}

at org.wso2.carbon.identity.auth.service.AuthenticationRequest$AuthenticationRequestBuilder.addCookie(AuthenticationRequest.java:155)
at org.wso2.carbon.identity.auth.service.factory.AuthenticationRequestBuilderFactory.createRequestBuilder(AuthenticationRequestBuilderFactory.java:76)
at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:72)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715)

This happens as we prohibit to add two cookies with the same name from [1] and we catch the Runtime exception in [2]. But it should be possible to have two cookies with the same name. As a good practice we should not catch Runtime Exceptions as well.

[1] https://github.com/wso2-extensions/identity-carbon-auth-rest/blob/7f3ed0516f29a73dd6cdc042ae867fd8bff13ec9/components/org.wso2.carbon.identity.auth.service/src/main/java/org/wso2/carbon/identity/auth/service/AuthenticationRequest.java#L153
[2] https://github.com/wso2-extensions/identity-carbon-auth-rest/blob/v1.1.1/components/org.wso2.carbon.identity.auth.valve/src/main/java/org/wso2/carbon/identity/auth/valve/AuthenticationValve.java#L92



 Comments   
Comment by Nuwandi Wickramasinghe [ 14/Aug/17 ]

Fixed with https://github.com/wso2-extensions/identity-carbon-auth-rest/commit/208c88fde30404cdea8c90538d0c54dc3f74d9e2

Generated at Sun Jun 24 23:58:48 IST 2018 using JIRA 7.2.2#72004-sha1:9d5132893cc8c728a3601a9034a1f8547ef5c7be.