OPDK: Password with % character causes error

Google Cloud Apigee
1

With version 4.15.01.00 of OPDK, if a password contains a percent character, the login will fail because it tries to evaluate it as a URL-encoded value.

This issue doesn’t seem to occur on the cloud version of Apigee Edge. However, I don’t see anything in the release notes for the recent versions about this.

I’m not sure if there’s a bug tracker available to view or a better way to submit bugs.

Here’s the error that the login page returns:

{
    "errorInfo": {
        "operationsStack": [],
        "extraData": {},
        "gatewayRequestUrl": null,
        "gatewayRequestBody": null,
        "gatewayErrorCode": null,
        "gatewayErrorMessage": "",
        "errorMessage": null,
        "gatewayResponseStatus": 500,
        "stackTrace": null,
        "responseStatus": 502
    }
}

And the stack trace from the management-server

Jul 14, 2015 10:01:09 AM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://framework.rest.apigee.com/}APIRegistry has thrown exception, unwinding now
java.lang.IllegalArgumentException: URLDecoder: Illegal hex characters in escape (%) pattern - For input string: "cg"
   at java.net.URLDecoder.decode(URLDecoder.java:173)
   at org.apache.cxf.common.util.UrlUtils.urlDecode(UrlUtils.java:51)
   at org.apache.cxf.jaxrs.utils.HttpUtils.urlDecode(HttpUtils.java:77)
   at org.apache.cxf.jaxrs.utils.FormUtils.populateMapFromString(FormUtils.java:97)
   at org.apache.cxf.jaxrs.utils.JAXRSUtils.processFormParam(JAXRSUtils.java:742)
   at org.apache.cxf.jaxrs.utils.JAXRSUtils.createHttpParameterValue(JAXRSUtils.java:668)
   at org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameter(JAXRSUtils.java:626)
   at org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameters(JAXRSUtils.java:579)
   at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:238)
   at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:241)
   at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:241)
   at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:92)
   at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
   at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
   at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
   at java.util.concurrent.FutureTask.run(FutureTask.java:138)
   at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
   at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:106)
   at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
   at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
   at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:207)
   at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:209)
   at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:152)
   at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:114)
   at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:185)
   at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:108)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
   at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:164)
   at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:558)
   at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1366)
   at org.eclipse.jetty.servlets.UserAgentFilter.doFilter(UserAgentFilter.java:77)
   at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:144)
   at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1337)
   at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:486)
   at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
   at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:520)
   at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:233)
   at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:973)
   at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:417)
   at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:192)
   at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:907)
   at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
   at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250)
   at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)
   at org.eclipse.jetty.server.Server.handle(Server.java:350)
   at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:442)
   at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:941)
   at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:801)
   at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:224)
   at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51)
   at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586)
   at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44)
   at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
   at java.lang.Thread.run(Thread.java:662)
2

@Eric Dahl the issue you are seeing is a bug (ID MGMT-1962) and there is a fix available:

The fix is available in the service pack 4.15.01.05, release notes here: http://apigee.com/docs/release-notes/content/4150105-apigee-edge-private-cloud-release-notes

It is also available in the most recent full release version of OPDK: 4.15.04.00, release notes are available here: http://apigee.com/docs/release-notes/content/4150400-apigee-edge-private-cloud-release-notes.