need to complete the exchange if JWT verification fails
stevehu opened this issue · comments
In a test environment, we have spotted this error which is newly introduced. The problem is that the verifyJwt returns void and the logic continues to the business handler.
03:00:11.741 [XNIO-1 task-11] DEBUG com.networknt.rpc.router.JsonHandler handleRequest - Get method with message = {"host":"lightapi.net","service":"user","action":"getPrivateMessage","version":"0.1.0","data":{"indirect":true,"email":"stevehu@gmail.com"}}
03:00:11.741 [XNIO-1 task-11] DEBUG com.networknt.rpc.router.JsonHandler processRequest - serviceId = lightapi.net/user/getPrivateMessage/0.1.0
03:00:11.743 [XNIO-1 task-11] ERROR c.networknt.handler.LightHttpHandler setExchangeStatus - {"statusCode":401,"code":"ERR10002","message":"MISSING_AUTH_TOKEN","description":"No Authorization header or the token is not bearer type","severity":"ERROR"} at com.networknt.handler.LightHttpHandler.setExchangeStatus(LightHttpHandler.java:67)
03:00:11.743 [XNIO-1 task-11] DEBUG com.networknt.rpc.Handler validate - serviceId = lightapi.net/user/getPrivateMessage/0.1.0 serviceMap = {"schema":{"title":"Service","type":"object","properties":{"email":{"type":"string"}},"required":["email"]},"scope":"portal.r"}
03:00:11.744 [XNIO-1 task-11] DEBUG com.networknt.schema.TypeValidator debug - validate( {"indirect":true,"email":"stevehu@gmail.com"}, {"indirect":true,"email":"stevehu@gmail.com"}, $)
03:00:11.745 [XNIO-1 task-11] DEBUG c.networknt.schema.RequiredValidator debug - validate( {"indirect":true,"email":"stevehu@gmail.com"}, {"indirect":true,"email":"stevehu@gmail.com"}, $)
03:00:11.745 [XNIO-1 task-11] DEBUG c.n.schema.PropertiesValidator debug - validate( {"indirect":true,"email":"stevehu@gmail.com"}, {"indirect":true,"email":"stevehu@gmail.com"}, $)
03:00:11.745 [XNIO-1 task-11] DEBUG com.networknt.schema.TypeValidator debug - validate( "stevehu@gmail.com", {"indirect":true,"email":"stevehu@gmail.com"}, $.email)
03:00:11.745 [XNIO-1 task-11] ERROR com.networknt.rpc.Handler getStatus - {"statusCode":404,"code":"ERR11607","message":"USER_NOT_FOUND_BY_EMAIL","description":"User not found by email stevehu@gmail.com.","severity":"ERROR"} at net.lightapi.portal.user.query.handler.GetPrivateMessage.handle(GetPrivateMessage.java:77)
03:00:11.753 [XNIO-1 task-11] ERROR c.n.exception.ExceptionHandler handleRequest - Exception:
java.lang.IllegalStateException: UT000002: The response has already been started
at io.undertow.server.HttpServerExchange.setStatusCode(HttpServerExchange.java:1406)
at com.networknt.rpc.Handler.getStatus(Handler.java:91)
at net.lightapi.portal.user.query.handler.GetPrivateMessage.handle(GetPrivateMessage.java:77)
at com.networknt.rpc.router.JsonHandler.processRequest(JsonHandler.java:83)
at com.networknt.rpc.router.JsonHandler.handleRequest(JsonHandler.java:56)
at com.networknt.handler.Handler.next(Handler.java:208)
at com.networknt.handler.Handler.next(Handler.java:229)
at com.networknt.cors.CorsHttpHandler.handleRequest(CorsHttpHandler.java:74)
at com.networknt.handler.Handler.next(Handler.java:208)
at com.networknt.handler.Handler.next(Handler.java:229)
at com.networknt.jaeger.tracing.JaegerHandler.handleRequest(JaegerHandler.java:123)
at com.networknt.handler.Handler.next(Handler.java:208)
at com.networknt.handler.Handler.next(Handler.java:229)
at com.networknt.exception.ExceptionHandler.handleRequest(ExceptionHandler.java:76)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:376)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
the verifyJwt returns a Status object or null to indicate if there is a verification error. The JsonHandler will complete the exchange and return if the status is not null.
