Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-1676

REST API should return 400 instead of 500

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • Archive - 21'
    • RH-SSO-7.2.4.GA
    • Server
    • None
    • Hide

      1. copy the attached reproduce_the_issue.sh on your localhost
      2. change USERNAME and PASSWORD as needed
      3. run the script

      Show
      1. copy the attached reproduce_the_issue.sh on your localhost 2. change USERNAME and PASSWORD as needed 3. run the script

    Description

      Keycloak/RH-SSO does not handle empty POST data in proper way when using /users and /groups admin REST interface of RH-SSO.

      When making POST requests to /users and /groups REST interfaces with empty data RH-SSO returns HTTP/1.1 500 Internal server error

      Eg.

      curl -fsSL \
      -H "Authorization: bearer $TOKEN" \
      -H "Content-Type: application/json" \
      "https://${RH-SSO-ENDPOINT}/admin/realms/${REALM}/users" \
      -X POST
      -d '{}' or if -d is not provided

      HTTP/1.1 500 Internal server error

      This results in null pointer exception in RH-SSO server.log as no data is provide which seems to be expected behavior.
      Keycloak/RH-SSO should rather say 400 bad request instead of 500 Internal server error as this creates wrong impression also NPE exception not handled correctly.

      Attachments

        Activity

          People

            Unassigned Unassigned
            rhn-support-hokuda Hisanobu Okuda
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: