UAA returns JSON error responses with incorrect media type.
See original GitHub issueWhat version of UAA are you running?
v74.30.0
What output do you see from curl <YOUR_UAA>/info -H'Accept: application/json'
?
{"app":{"version":"74.30.0"},"links":{"uaa":"http://localhost:8080/uaa","passwd":"/forgot_password","login":"http://localhost:8080/uaa","register":"/create_account"},"zone_name":"uaa","entityID":"cloudfoundry-saml-login","commit_id":"8d26cf2","idpDefinitions":{},"prompts":{"username":["text","Email"],"password":["password","Password"]},"timestamp":"2021-01-13T15:37:01-0800"}
How are you deploying the UAA?
I am deploying the UAA
- locally only using gradlew
What did you do?
- Download UAA 74.30.0 from GitHub
- Run the UAA locally using
./gradlew run
- Call (most?) APIs with an invalid query parameter or an invalid request body
What did you expect to see? What goal are you trying to achieve with the UAA?
In all cases, UAA returns a valid JSON response similar to this:
{"error_description":"Invalid filter expression: [foo] [created]","error":"scim","message":"Invalid filter expression: [foo] [created]"}{"error_description":"Invalid filter expression: [foo] [created]","error":"scim","message":"Invalid filter expression: [foo] [created]"}
The Content-Type
response header should always be application/json
to match this response body.
What did you see instead?
If we pass in different Accept
request headers, the response Content-Type
header changes. The response body is still in the JSON format above.
Accept request header |
Content-Type response header |
Valid |
---|---|---|
unspecified | application/octet-stream;charset=ISO-8859-1 |
✖️ |
*/* |
application/octet-stream;charset=ISO-8859-1 |
✖️ |
application/json;charset=UTF-8 |
application/json;charset=UTF-8 |
✔️ |
application/json |
application/json;charset=ISO-8859-1 |
✔️1 |
application/json,*/* |
application/json;charset=ISO-8859-1 |
✔️1 |
application/json,text/html |
application/json;charset=ISO-8859-1 |
✔️1 |
*/*,application/json |
application/json;charset=ISO-8859-1 |
✔️1 |
text/html,application/json |
text/html;charset=ISO-8859-1 |
✖️ |
text/html,*/* |
text/html;charset=ISO-8859-1 |
✖️ |
[1] The JSON format uses ISO-8859-1 encoding, but RFC 8259 restricts it to UTF-8. See https://github.com/spring-projects/spring-framework/issues/22788 for more information.
This issue does not seem to be restricted to a specific API. It was tested on the following APIs:
- GET /v1/Users
- PUT /v1/Users/{userId}
- GET /v1/Groups
- PUT /v1/Groups/{groupId}
- POST /v1/Groups/{groupId}/members
Issue Analytics
- State:
- Created 3 years ago
- Comments:8 (7 by maintainers)
Top Results From Across the Web
Overview – UAA API Reference - Cloud Foundry Documentation
The passed string has to be a URL-Encoded JSON Object, containing the field origin with value as origin_key of an identity provider. Note...
Read more >What are Duo's API responses and error messages?
API responses are formatted as a JSON object with a top-level stat key. Successful responses will have a stat value of “OK” and...
Read more >OpenWMS.org WMS: RESTful API (UAA) - OpenWMS on GitHub
Beside the actual representation of resources, the server may result an error response in JSON format that contains basic information about the error...
Read more >SMAPI Error Codes | Alexa Skills Kit - Amazon Developer
When a problem occurs, SMAPI returns an HTTP response with a 4xx or 5xx HTTP status code. Some of these error ... smallIconUri\"...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Those handlers all seem to be using a
ConvertingExceptionView
to convert anExceptionReport
to the HTTP response. When theAccept
header is absent or*/*
, that class tries to infer the response media type:https://github.com/cloudfoundry/uaa/blob/3ce614a62119132aa25f78f87134b0cbe6fa43d2/server/src/main/java/org/cloudfoundry/identity/uaa/web/ConvertingExceptionView.java#L130-L133
I think this might be a better place to add the fix, so it can be used for all response handling.
ok for me, hope that not too many tests needs to be adopted