JanssenProject / jans

An open source enterprise digital identity platform for CIAM or workforce... Janssen is a distribution of standards-based, developer friendly, components that are engineered to work together in any cloud. #OAuth #OpenID #FIDO
https://docs.jans.io
Apache License 2.0
468 stars 73 forks source link

fix(agama): serialization of undesired content when a flow crashes #6530

Closed jgomer2001 closed 11 months ago

jgomer2001 commented 11 months ago

When a flow A calls another B, if B crashes and A catches the crash, an undesired behavior occurs when hitting RRF (at A): all variables of B including the expection that caused the crashed are being serialized

Example for more clarity:

Flow A
    ...
foo ="bar"
result | E = Trigger B
...
E = null
RRF "blah.ftl"
...
Finish ...

Flow B
    ...
foo2 = "bar2"
Call something.that#crashes // --> Java exception occurring here
...

In this case, variable foo2 plus the exception is serialized when the RRF at A is executed. This makes no sense because flow B is already "gone" by then. Surprisingly, even if the caught exception is nulled (E in the example), it tries to serialize it

It is uncertain why Rhino is doing this

jgomer2001 commented 11 months ago

After many rounds of playing with transpiled code I discovered the situation is presented whenever a (flow) function terminates execution abruptly, be it caused by a Java Call that threw exception or by any other error, e.g. accessing a member of an inexisting variable

Even Java Calls that have exception handling (like var | E = Call ...) provoke the undesired serialization when the exception is caught!

Serialization of arbitrary variables is already problematic. It is necessary to avoid serialization of unnecessary variables at all cost. A solution has to address the following:

With the two points above, functions will always return a definite value. To implement the solution (ie. no throws) a transpiler rework is required