Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-2697

Inconsistent exceptions thrown in REST client when an user can not authenticate against an application

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Timed out
    • Icon: Low Low
    • None
    • 2.2.5
    • REST
    • None

      When an user is not authorised to authenticate against an application, some REST end points inconsistently throw the checked exceptions ApplicationPermissionException, InvalidAuthenticationException or ApplicationAccessDeniedException, sometimes in opposition to what their javadocs say.

      Examples, to authenticate the same user against the same application:

      • com.atlassian.crowd.service.client.CrowdClient.authenticateSSOUserWithoutValidatingPassword() calls /session?validate-password=false, which returns a 403, which throws an ApplicationPermissionException to the caller (due to RestExecutor.MethodExecutor.throwError()). Whereas, according to the javadoc, it should throw ApplicationAccessDeniedException: "if the user does not have access to authenticate against the application")
      • com.atlassian.crowd.service.client.CrowdClient.authenticateUser() throws ApplicationPermissionException for the same error (since /authentication returns a 400, which throws a CrowdRestException which then caught and re-throw as an InvalidAuthenticationException with the username)
      • com.atlassian.crowd.integration.http.CrowdHttpAuthenticator.authenticate() com.atlassian.crowd.exception.InvalidAuthenticationException for the same problem (which calls {{ /session?validate-password=true}} and returns a 403, which throws an ApplicationPermissionException to the invoker)

      This complicates the code invoking the CrowdClient and CrowdHttpAuthenticator.

              Unassigned Unassigned
              pepoirot Pierre-Etienne Poirot (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: