Skip to content

ExternalLoginAuthenticationManager.java should catch a expeption #3655

New issue
New issue
Open
Open
ExternalLoginAuthenticationManager.java should catch a expeption#3655
@lijjhaha

Description

@lijjhaha
lijjhaha
opened on Oct 29, 2025

line 112,

if idTokenWasIssuedByTheUaa, then isAddNewShadowUser will throw a ClassCastException excption caught by servlet.
it's better to catch this exception and throw a AccountNotPreCreatedException.
as below:

    if (userFromDb == null) {
        try{
             if (!isAddNewShadowUser(origin)) {
                 throw new AccountNotPreCreatedException("The user account must be pre-created. Please contact your system administrator.");
             }
        }catch(ClassCastException e){  
            throw new AccountNotPreCreatedException("The user account must be pre-created. Please contact your system administrator.");
         }


        publish(new NewUserAuthenticatedEvent(userFromRequest.authorities(List.of())));
        try {
            userFromDb = userDatabase.retrieveUserByName(userFromRequest.getUsername(), origin);
        } catch (UsernameNotFoundException ex) {
            throw new BadCredentialsException("Unable to register user in internal UAA store.");
        }
    }

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    Foundational Infrastructure Working Group

    Status

    Inbox

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions