search

wso2 / financial-open-banking

WSO2 Open Banking Accelerator is a collection of technologies that increases the speed and reduces the complexity of adopting open banking compliance. Instead of building a solution from scratch, you can use WSO2 Open Banking Accelerator to meet all legislative requirements with additional benefits beyond compliance.
Apache License 2.0
7 stars 21 forks source link

[Accelerator] - Server error for requests with invalid Authorization Header and without Authorization Header #5

Open malshaniS opened 10 months ago

malshaniS commented 10 months ago

Description: Getting a server error for requests with invalid Authorization Header and without/empty Authorization Header.

Request with invalid Authorization Header.

TID: [-1234] [] [2022-07-17 08:18:51,682] ERROR {org.apache.synapse.transport.passthru.ServerWorker} - Error processing POST request for : /xs2a/v1/consents. java.lang.NullPointerException
    at com.wso2.openbanking.accelerator.gateway.util.GatewayUtils.getPayloadFromJWT(GatewayUtils.java:67)
    at com.wso2.openbanking.berlin.gateway.executors.SignatureValidationExecutor.extractClientIdFromJWT(SignatureValidationExecutor.java:704)
    at com.wso2.openbanking.berlin.gateway.executors.SignatureValidationExecutor.preProcessRequest(SignatureValidationExecutor.java:232)
    at com.wso2.openbanking.accelerator.gateway.executor.core.OBExtensionListenerImpl.preProcessRequest(OBExtensionListenerImpl.java:52)
    at org.wso2.carbon.apimgt.gateway.handlers.ext.listener.ExtensionListenerUtil.preProcessRequest_aroundBody0(ExtensionListenerUtil.java:90)
    at org.wso2.carbon.apimgt.gateway.handlers.ext.listener.ExtensionListenerUtil.preProcessRequest(ExtensionListenerUtil.java:85)
    at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest_aroundBody46(APIAuthenticationHandler.java:392)
    at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:361)
    at org.apache.synapse.api.API.process(API.java:389)
    at org.apache.synapse.api.AbstractApiHandler.apiProcessNonDefaultStrategy(AbstractApiHandler.java:107)
    at org.apache.synapse.api.AbstractApiHandler.identifyAPI(AbstractApiHandler.java:127)
    at org.apache.synapse.api.AbstractApiHandler.dispatchToAPI(AbstractApiHandler.java:59)
    at org.apache.synapse.api.rest.RestRequestHandler.dispatchToAPI(RestRequestHandler.java:84)
    at org.apache.synapse.api.rest.RestRequestHandler.process(RestRequestHandler.java:70)
    at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:54)
    at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:344)
    at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:101)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
    at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:375)
    at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:434)
    at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:182)
    at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:834)

TID: [-1234] [] [2022-07-17 08:18:51,684] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-7 << "HTTP/1.1 500 Internal Server Error[\r][\n]"
TID: [-1234] [] [2022-07-17 08:18:51,684] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-7 << "Content-Type: application/json; charset=UTF-8[\r][\n]"
TID: [-1234] [] [2022-07-17 08:18:51,684] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-7 << "Date: Sun, 17 Jul 2022 08:18:51 GMT[\r][\n]"
TID: [-1234] [] [2022-07-17 08:18:51,684] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-7 << "Transfer-Encoding: chunked[\r][\n]"
TID: [-1234] [] [2022-07-17 08:18:51,684] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-7 << "Connection: Keep-Alive[\r][\n]"
TID: [-1234] [] [2022-07-17 08:18:51,685] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-7 << "[\r][\n]"
TID: [-1234] [] [2022-07-17 08:18:51,685] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-7 << "4e[\r][\n]"
TID: [-1234] [] [2022-07-17 08:18:51,685] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-7 << "{"Fault":{"faultcode":"soapenv:Server","faultstring":"unknown","detail":null}}[\r][\n]"

Request without/empty Authorization Header.

TID: [-1234] [] [2022-07-17 08:19:24,065] ERROR {org.apache.synapse.transport.passthru.ServerWorker} - Error processing POST request for : /xs2a/v1/consents. java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1
    at com.wso2.openbanking.accelerator.gateway.util.GatewayUtils.getPayloadFromJWT(GatewayUtils.java:67)
    at com.wso2.openbanking.berlin.gateway.executors.SignatureValidationExecutor.extractClientIdFromJWT(SignatureValidationExecutor.java:704)
    at com.wso2.openbanking.berlin.gateway.executors.SignatureValidationExecutor.preProcessRequest(SignatureValidationExecutor.java:232)
    at com.wso2.openbanking.accelerator.gateway.executor.core.OBExtensionListenerImpl.preProcessRequest(OBExtensionListenerImpl.java:52)
    at org.wso2.carbon.apimgt.gateway.handlers.ext.listener.ExtensionListenerUtil.preProcessRequest_aroundBody0(ExtensionListenerUtil.java:90)
    at org.wso2.carbon.apimgt.gateway.handlers.ext.listener.ExtensionListenerUtil.preProcessRequest(ExtensionListenerUtil.java:85)
    at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest_aroundBody46(APIAuthenticationHandler.java:392)
    at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:361)
    at org.apache.synapse.api.API.process(API.java:389)
    at org.apache.synapse.api.AbstractApiHandler.apiProcessNonDefaultStrategy(AbstractApiHandler.java:107)
    at org.apache.synapse.api.AbstractApiHandler.identifyAPI(AbstractApiHandler.java:127)
    at org.apache.synapse.api.AbstractApiHandler.dispatchToAPI(AbstractApiHandler.java:59)
    at org.apache.synapse.api.rest.RestRequestHandler.dispatchToAPI(RestRequestHandler.java:84)
    at org.apache.synapse.api.rest.RestRequestHandler.process(RestRequestHandler.java:70)
    at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:54)
    at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:344)
    at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:101)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
    at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:375)
    at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:434)
    at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:182)
    at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:834)

TID: [-1234] [] [2022-07-17 08:19:24,087] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-8 << "HTTP/1.1 500 Internal Server Error[\r][\n]"
TID: [-1234] [] [2022-07-17 08:19:24,087] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-8 << "Content-Type: application/json; charset=UTF-8[\r][\n]"
TID: [-1234] [] [2022-07-17 08:19:24,087] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-8 << "Date: Sun, 17 Jul 2022 08:19:24 GMT[\r][\n]"
TID: [-1234] [] [2022-07-17 08:19:24,087] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-8 << "Transfer-Encoding: chunked[\r][\n]"
TID: [-1234] [] [2022-07-17 08:19:24,088] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-8 << "Connection: Keep-Alive[\r][\n]"
TID: [-1234] [] [2022-07-17 08:19:24,088] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-8 << "[\r][\n]"
TID: [-1234] [] [2022-07-17 08:19:24,088] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-8 << "69[\r][\n]"
TID: [-1234] [] [2022-07-17 08:19:24,088] DEBUG {org.apache.synapse.transport.http.wire} - HTTPS-Listener I/O dispatcher-8 << "{"Fault":{"faultcode":"soapenv:Server","faultstring":"Index 1 out of bounds for length 1","detail":null}}[\r][\n]"

This behaviour can be observed in all the endpoints.

Suggested Labels: [For non-committers only. Optional comma separated list of suggested labels. Non committers can’t assign labels to issues, so this will help issue creators who are not a committer to suggest possible labels. Labels can be found here - https://github.com/wso2/financial-open-banking/labels]

Suggested Assignees: [For non-committers only. Optional comma separated list of suggested team members who should attend the issue. Non committers can’t assign issues to assignees, so this will help issue creators who are not a committer to suggest possible assignees]

Affected Product Version:

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues: