Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC-Client: Response status 0 and null entity when OIDC client auth is failing for Rest-Client-Reactive #22827

Closed
fwippe opened this issue Jan 12, 2022 · 3 comments · Fixed by #22859 or #28828
Closed

OIDC-Client: Response status 0 and null entity when OIDC client auth is failing for Rest-Client-Reactive #22827

fwippe opened this issue Jan 12, 2022 · 3 comments · Fixed by #22859 or #28828
Assignees
@geoand
Labels
area/oidc area/rest-client kind/bug Something isn't working
Milestone
2.13.4.Final

Comments

@fwippe
Copy link
Contributor

fwippe commented Jan 12, 2022
edited
Loading

Describe the bug

When using OIDC client to authorize Rest-Client-Reactive endpoints, failing authorizations result in responses with status 0 and reason phrase null.

Note following code in org.jboss.resteasy.reactive.client.handlers.ClientSetResponseEntityRestHandler#handle:

    public void handle(RestClientRequestContext context) throws Exception {
        ClientResponseContextImpl responseContext = new ClientResponseContextImpl(context);
        if (context.isCheckSuccessfulFamily()) {
            if (Response.Status.Family.familyOf(context.getResponseStatus()) != Response.Status.Family.SUCCESSFUL) {
                throw new WebClientApplicationException(context.getResponseStatus(), context.getResponseReasonPhrase());
            }
        }
        ClientRequestContextImpl requestContext = context.getClientRequestContext();
        // the spec doesn't really say this, but the TCK checks that the abortWith entity ends up read
        // so we have to write it, but without filters/interceptors
        if (requestContext != null && requestContext.getAbortedWith() != null) {
            setExistingEntity(requestContext.getAbortedWith(), responseContext, context);
        }
    }

When failing OIDC auth, context.getResponseStatus() is 0 so that Response.Status.Family is not SUCCESSFUL. Thus, a WebClientApplicationException with uninitialized parameters is thrown. On the other hand, the requestContext.getAbortedWith() is a response with status 401 and reason phrase Unauthorized. So that might be used instead?

Update: Reproducer: https://github.com/fwippe/issue-22827

Expected behavior

Response status should be 401 or 403 with corresponding reason phrases.

Actual behavior

Response status is 0 and reason phrase is null.

Output of uname -a or ver

Microsoft Windows [Version 10.0.19042.1415]

Output of java -version

openjdk version "11.0.3" 2019-04-16 OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.3+7) OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.3+7, mixed mode)

GraalVM version (if different from Java)

No response

Quarkus version or git rev

2.6.1.Final

Build tool (ie. output of mvnw --version or gradlew --version)

Apache Maven 3.8.2 (ea98e05a04480131370aa0c110b8c54cf726c06f)

Additional information

No response
@fwippe fwippe added the kind/bug Something isn't working label Jan 12, 2022
@quarkus-bot
Copy link

quarkus-bot bot commented Jan 12, 2022

/cc @michalszynkiewicz, @pedroigor, @sberyozkin

@geoand
Copy link
Contributor

geoand commented Jan 12, 2022

Any chance you can put together a small project that exhibits the problematic behavior?

@fwippe
Copy link
Contributor Author

fwippe commented Jan 12, 2022
edited
Loading

Any chance you can put together a small project that exhibits the problematic behavior?

Sure, no problem. I created repository https://github.com/fwippe/issue-22827. Run ./mvnw verify to reproduce. Test class:

@QuarkusTest
public class DocServiceIT {
    @Inject @RestClient
    DocService docService;

    @Test
    public void mustCreateDocument() {
        WebApplicationException thrown = assertThrows(WebApplicationException.class, () -> docService.createDocument("test"));
        assertThat(thrown.getResponse().getStatus(), is(400));
    }
}

@geoand geoand self-assigned this Jan 13, 2022
geoand added a commit to geoand/quarkus that referenced this issue Jan 13, 2022
@geoand
Take response status of aborted request into account in JAX-RS Client
c511555 
Fixes: quarkusio#22827
@geoand geoand mentioned this issue Jan 13, 2022
Merged
geoand added a commit that referenced this issue Jan 14, 2022
@geoand
Merge pull request #22859 from geoand/#22827
eae43d8 
Take response status of aborted request into account in JAX-RS Client
@quarkus-bot quarkus-bot bot added this to the 2.7 - main milestone Jan 14, 2022
@gsmet gsmet modified the milestones: 2.7 - main, 2.6.3.Final Jan 15, 2022
gsmet pushed a commit to gsmet/quarkus that referenced this issue Jan 15, 2022
@geoand @gsmet
Take response status of aborted request into account in JAX-RS Client
6e130d1 
Fixes: quarkusio#22827
(cherry picked from commit c511555)
@geoand geoand mentioned this issue Oct 26, 2022
Merged
@gsmet gsmet modified the milestones: 2.6.3.Final, 2.13.4.Final Oct 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@geoand geoand

Labels
area/oidc area/rest-client kind/bug Something isn't working
Projects
None yet
Milestone
2.13.4.Final
3 participants
@gsmet @geoand @fwippe