Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-1676

REST API should return 400 instead of 500

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • Archive - 21'
    • RH-SSO-7.2.4.GA
    • Server
    • None
    • Hide

      1. copy the attached reproduce_the_issue.sh on your localhost
      2. change USERNAME and PASSWORD as needed
      3. run the script

      Show
      1. copy the attached reproduce_the_issue.sh on your localhost 2. change USERNAME and PASSWORD as needed 3. run the script

      Keycloak/RH-SSO does not handle empty POST data in proper way when using /users and /groups admin REST interface of RH-SSO.

      When making POST requests to /users and /groups REST interfaces with empty data RH-SSO returns HTTP/1.1 500 Internal server error

      Eg.

      curl -fsSL \
      -H "Authorization: bearer $TOKEN" \
      -H "Content-Type: application/json" \
      "https://${RH-SSO-ENDPOINT}/admin/realms/${REALM}/users" \
      -X POST
      -d '{}' or if -d is not provided

      HTTP/1.1 500 Internal server error

      This results in null pointer exception in RH-SSO server.log as no data is provide which seems to be expected behavior.
      Keycloak/RH-SSO should rather say 400 bad request instead of 500 Internal server error as this creates wrong impression also NPE exception not handled correctly.

        1. reproduce_the_issue.sh
          0.6 kB

              Unassigned Unassigned
              rhn-support-hokuda Hisanobu Okuda
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: