Manage JsonProcessingException to not return error 500 when json data is wrong

Closes https://github.com/keycloak/keycloak/issues/11517
2023-04-03 11:29:56 +02:00 · 2023-04-03 11:29:56 +02:00 · 99330dbb6d
commit 99330dbb6d
parent 4d8d6f8cd8
2 changed files with 25 additions and 3 deletions
--- a/services/src/main/java/org/keycloak/services/error/KeycloakErrorHandler.java
+++ b/services/src/main/java/org/keycloak/services/error/KeycloakErrorHandler.java
@ -1,6 +1,6 @@
 package org.keycloak.services.error;

-import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.core.JsonProcessingException;
 import org.jboss.logging.Logger;
 import org.jboss.resteasy.spi.Failure;
 import org.keycloak.Config;
@ -106,7 +106,7 @@ public class KeycloakErrorHandler implements ExceptionMapper<Throwable> {
            Failure f = (Failure) throwable;
            status = f.getErrorCode();
        }
-        if (throwable instanceof JsonParseException) {
+        if (throwable instanceof JsonProcessingException) {
            status = Response.Status.BAD_REQUEST.getStatusCode();
        }
        
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/error/UncaughtErrorPageTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/error/UncaughtErrorPageTest.java
@ -24,7 +24,6 @@ import org.keycloak.testsuite.pages.ErrorPage;
 import org.keycloak.util.JsonSerialization;
 import org.keycloak.utils.MediaType;
 import org.openqa.selenium.By;
-import org.openqa.selenium.WebElement;

 import javax.ws.rs.core.Response;
 import java.io.IOException;
@ -237,4 +236,27 @@ public class UncaughtErrorPageTest extends AbstractKeycloakTest {
        assertEquals("Page not found", errorPage.getError());
    }

+    @Test
+    public void jsonProcessingException() throws IOException {
+        try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
+            String accessToken = adminClient.tokenManager().getAccessTokenString();
+
+            // send an empty array to the user endpoint which expects a User json object
+            HttpPost post = new HttpPost(suiteContext.getAuthServerInfo().getUriBuilder().path("/auth/admin/realms/master/users").build());
+            post.setEntity(new StringEntity("[]"));
+            post.setHeader("Authorization", "bearer " + accessToken);
+            post.setHeader("Content-Type", "application/json");
+
+            try (CloseableHttpResponse response = client.execute(post)) {
+                assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatusLine().getStatusCode());
+
+                Header header = response.getFirstHeader("Content-Type");
+                assertThat(header, notNullValue());
+                assertEquals(MediaType.APPLICATION_JSON, header.getValue());
+
+                OAuth2ErrorRepresentation error = JsonSerialization.readValue(response.getEntity().getContent(), OAuth2ErrorRepresentation.class);
+                assertEquals("unknown_error", error.getError());
+            }
+        }
+    }
 }