-
Notifications
You must be signed in to change notification settings - Fork 6.1k
Unexpected Exception Handling in NimbusReactiveJwtDecoder decode Method #14467
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
Wouldn't it be better for the try catch to catch the specific exception "BadJwtException" since it's the one causing the bug ?(We maybe don't need to catch other exceptions ?) Like that : @Override
public Mono<Jwt> decode(String token) throws JwtException {
try {
JWT jwt = JWTParser.parse(token);
if (jwt instanceof PlainJWT) {
return Mono.error(new BadJwtException(
"Unsupported algorithm of " + jwt.getHeader().getAlgorithm()));
}
return this.decode(jwt);
} catch (BadJwtException ex) {
return Mono.error(new BadJwtException(
"An error occurred while attempting to decode the Jwt: " + ex.getMessage(), ex));
}
} I'm still new to working on opensource so feel free to correct me ! 😄 |
Hi, @Kardeen, I agree that the implementation should return If so, would you please base if off of the |
Previously, the `decode` method threw a `JwtException` directly when encountering an unsupported algorithm or any exception during parsing. This commit introduces a more robust error handling mechanism. Now, instead of throwing exceptions directly, it returns a `Mono.error()` with a `BadJwtException` containing detailed error information. This approach provides more flexibility and allows the caller to handle errors in a more granular way, by being able to use project reactors onError functionality. Closes spring-projectsgh-14467
Hi @jzheaux, @milaneuh the |
Previously, the `decode` method threw a `JwtException` directly when encountering an unsupported algorithm or any exception during parsing. This commit introduces a more robust error handling mechanism. Now, instead of throwing exceptions directly, it returns a `Mono.error()` with a `BadJwtException` containing detailed error information. This approach provides more flexibility and allows the caller to handle errors in a more granular way, by being able to use project reactors onError functionality. Closes spring-projectsgh-14467
Previously, the `decode` method threw a `JwtException` directly when encountering an unsupported algorithm or any exception during parsing. This commit introduces a more robust error handling mechanism. Now, instead of throwing exceptions directly, it returns a `Mono.error()` with a `BadJwtException` containing detailed error information. This approach provides more flexibility and allows the caller to handle errors in a more granular way, by being able to use project reactors onError functionality. Closes spring-projectsgh-14467
Description
We are experiencing an issue where exceptions thrown by the
decode
method are not being caught as expected when used in a reactive stream. This is causing problems when we attempt to handle these exceptions usingdoOnError
oronErrorReturn
.Steps to reproduce:
decode
method with a token string that would fail the parsing ofJWTParser.parse(String s)
method e.g.eyyyyy
.Mono<Jwt>
in a reactive stream.decode
method usingdoOnError
oronErrorReturn
.Failing code
Observed Result:
The exceptions thrown by the
decode
method are not being caught bydoOnError
oronErrorReturn
. Instead, they cause the reactive stream to terminate prematurely.Expected Result:
The exceptions thrown by the
decode
method should be caught bydoOnError
oronErrorReturn
and allow the reactive stream to continue processing regardless of whether the token string was provided wrapped in a Mono or directly to the method.Additional Information:
The
decode
method is defined as follows:spring-security/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
Lines 146 to 153 in 06f829e
And the
parse
method is defined as follows:spring-security/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
Lines 155 to 162 in 06f829e
As a workaround, we have found that wrapping the token into a
Mono
and then usingflatMap
causes the exceptions to be caught correctly. However, this is not ideal as it requires modifying the code that calls thedecode
method.Working workaround:
We believe the issue lies in the fact that the
BadJwtException
thrown by theparse
method is not being wrapped into aMono.error()
. Similarly, the exception thrown when thejwt
is an instance ofPlainJWT
should also be wrapped into aMono.error()
.We propose that the
decode
method be modified to wrap these exceptions into aMono.error()
so that they can be caught bydoOnError
oronErrorReturn
.Possible solution:
Thank you for considering this bug report. We appreciate your assistance in resolving this issue.
The text was updated successfully, but these errors were encountered: