Unable to process optional parameter through request validation policy

[exalate-issue-sync[bot]]

500 server error response and stack errors in gateway logs when calling the token endpoint which has a flow request validation with an optional parameter (named policy)

Steps to reproduce

1. Create a domain
2. Create a backend to a backend application with metadata (for example allowed_policies = qatest)

3. Go to Flows within the domain and create the following:

   1. TOKEN FLOW as PRE TOKEN

      2. Add the Validate Request policy in PRE TOKEN with:

         1. Status Code = 400

      3. NEW RULE Field value = {{ {#request.params['policy'][0] != null}

         }} or {{

         {#request.params['policy'] != null}

         }} or {{

         {#request.params['policy'][0]}

         }}

      4. Toggle for ‘Required’ On OR off

      5. CONSTRAINT type = PATTERN, Parameter = {{ {#context.attributes['client']['metadata']['allowed_policies']}

         }}

      6. Message template = Bad policy parameter.

4. Go to application overview and copy the CURL for getting an access token
5. Import into Postman
6. Use client id and client secret as authorisation
7. Call the endpoint

Result = You will see a blank 500 Server error and logs for the gateway

Gateway logs

2024-02-13 09:51:29 09:51:29.942 [vert.x-eventloop-thread-17] [] ERROR i.g.a.g.policy.impl.PolicyChain - An error occurs in policy[policy-request-validation] error[io.gravitee.am.gateway.policy.PolicyChainException: io.gravitee.am.gateway.policy.PolicyException: java.lang.reflect.InvocationTargetException

2024-02-13 09:51:29 Caused by: io.gravitee.am.gateway.policy.PolicyException: java.lang.reflect.InvocationTargetException 2024-02-13 09:51:29 at io.gravitee.am.gateway.policy.impl.PolicyImpl.invoke(PolicyImpl.java:106) 2024-02-13 09:51:29 at io.gravitee.am.gateway.policy.impl.PolicyImpl.execute(PolicyImpl.java:78) 2024-02-13 09:51:29 at io.gravitee.am.gateway.policy.impl.PolicyChain.execute(PolicyChain.java:129) 2024-02-13 09:51:29 ... 231 more 2024-02-13 09:51:29 Caused by: java.lang.reflect.InvocationTargetException 2024-02-13 09:51:29 at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 2024-02-13 09:51:29 at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) 2024-02-13 09:51:29 at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 2024-02-13 09:51:29 at java.base/java.lang.reflect.Method.invoke(Method.java:568) 2024-02-13 09:51:29 at io.gravitee.am.gateway.policy.impl.PolicyImpl.invoke(PolicyImpl.java:104) 2024-02-13 09:51:29 ... 233 more 2024-02-13 09:51:29 Caused by: io.gravitee.el.exceptions.ExpressionEvaluationException: The template evaluation returns an error. Expression: 2024-02-13 09:51:29 #request.attributes['client']['metadata']['allowed_policies'] 2024-02-13 09:51:29 at io.gravitee.el.spel.SpelTemplateEngine.eval(SpelTemplateEngine.java:72) 2024-02-13 09:51:29 at io.gravitee.el.spel.SpelTemplateEngine.getValue(SpelTemplateEngine.java:44) 2024-02-13 09:51:29 at io.gravitee.el.TemplateEngine.convert(TemplateEngine.java:48) 2024-02-13 09:51:29 at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) 2024-02-13 09:51:29 at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:992) 2024-02-13 09:51:29 at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) 2024-02-13 09:51:29 at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) 2024-02-13 09:51:29 at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575) 2024-02-13 09:51:29 at java.base/java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260) 2024-02-13 09:51:29 at java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616) 2024-02-13 09:51:29 at io.gravitee.policy.requestvalidation.validator.ExpressionBasedValidator.validate(ExpressionBasedValidator.java:42) 2024-02-13 09:51:29 at io.gravitee.policy.requestvalidation.RequestValidationPolicy.validate(RequestValidationPolicy.java:151) 2024-02-13 09:51:29 at io.gravitee.policy.requestvalidation.RequestValidationPolicy.onRequest(RequestValidationPolicy.java:79) 2024-02-13 09:51:29 ... 238 more 2024-02-13 09:51:29 Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1008E: Property or field 'attributes' cannot be found on object of type 'io.gravitee.am.gateway.handler.context.EvaluableRequest' - maybe not public or not valid? 2024-02-13 09:51:29 at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:228) 2024-02-13 09:51:29 at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:111) 2024-02-13 09:51:29 at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:99) 2024-02-13 09:51:29 at org.springframework.expression.spel.ast.CompoundExpression.getValueRef(CompoundExpression.java:67) 2024-02-13 09:51:29 at org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:97) 2024-02-13 09:51:29 at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:119) 2024-02-13 09:51:29 at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:309) 2024-02-13 09:51:29 at io.gravitee.el.spel.SpelTemplateEngine.eval(SpelTemplateEngine.java:70) 2024-02-13 09:51:29 ... 250 more

---

2024-02-13 09:51:29 09:51:29.942 [vert.x-eventloop-thread-17] [] ERROR i.g.a.g.h.o.r.h.ExceptionHandler - An exception occurs while handling incoming request 2024-02-13 09:51:29 java.lang.NullPointerException: Cannot invoke "io.gravitee.reporter.api.http.Metrics.setMessage(String)" because the return value of "io.gravitee.gateway.api.Request.metrics()" is null

[exalate-issue-sync[bot]]

This issue will be fixed in versions 4.2.x