Uploaded image for project: 'Webservices REST Module'
  1. Webservices REST Module
  2. RESTWS-277

Authentication error is same for expired session id and auth failure

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • TBD
    • Resolution: Fixed
    • 2.0
    • 2.5
    • None

    Description

      The error code returned for:
      1) Authentication failure
      2) Using an expired session id token

      are the same. So it makes it difficult to take an appropriate action for these two different cases

      JSON error messages:

      1) Authentication failure:
      {"error":{"message":"User is not logged in","code":"org.openmrs.aop.AuthorizationAdvice:119","detail":"org.openmrs.api.APIAuthenticationException: Privileges required: Get Identifier Types\n\tat org.openmrs.aop.AuthorizationAdvice.throwUnauthorized(AuthorizationAdvice.java:119)\n\tat org.openmrs.aop.AuthorizationAdvice.before(AuthorizationAdvice.java:98)\n\tat org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:49)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)\n\tat org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)\n\tat $Proxy86.getAllPatientIdentifierTypes(Unknown Source)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat java.lang.reflect.Method.invoke(Method.java:616)\n\tat org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)\n\tat org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
      
      

      2) Using an expired session token

      {"error":{"message":"User is not logged in","code":"org.openmrs.aop.AuthorizationAdvice:119","detail":"org.openmrs.api.APIAuthenticationException: Privileges required: Get Identifier Types\n\tat org.openmrs.aop.AuthorizationAdvice.throwUnauthorized(AuthorizationAdvice.java:119)\n\tat org.openmrs.aop.AuthorizationAdvice.before(AuthorizationAdvice.java:98)\n\tat org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:49)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)\n\tat org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)\n\tat $Proxy86.getAllPatientIdentifierTypes(Unknown Source)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat java.lang.reflect.Method.invoke(Method.java:616)\n\tat org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)\n\tat org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
      

      Update to this bug:
      Authentication error is thrown even for other kind of errors. For example, I was trying to use GET like 'https://localhost:8443/openmrs/ws/rest/v1/user?q=annie.member&v=ref', which is wrong and I get an error:

      {"error":{"message":"User is not logged in","code":"org.openmrs.module.webservices.rest.web.RestUtil:437","detail":"java.lang.IllegalArgumentException: Do not specify ?v=ref because it is the default behavior for this request\n\tat org.openmrs.module.webservices.rest.web.RestUtil.getRequestContext(RestUtil.java:437)\n\tat org.openmrs.module.webservices.rest.web.v1_0.controller.BaseCrudController.search(BaseCrudController.java:155)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat java.lang.reflect.Method.invoke(Method.java:616)\n\tat org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
      

      Gliffy Diagrams

        Attachments

          Issue Links

            Activity

              People

                lrozanski Lech Rozanski
                kavuri Sateesh Kavuri
                Rafal Korytkowski Rafal Korytkowski
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Time Tracking

                    Estimated:
                    Original Estimate - 4 hours
                    4h
                    Remaining:
                    Time Spent - 2 hours Remaining Estimate - 2 hours
                    2h
                    Logged:
                    Time Spent - 2 hours Remaining Estimate - 2 hours
                    2h