java oauth-2.0 azure-active-directory jetty jetty-8

Not able to retrieve form data from jetty post request

I am trying to add Azure AD authentication support to an existing jetty application. I am redirected to my application post authentication with Azure AD and the request looks like this

Dump of my request object looks like

org.eclipse.jetty.server.Request@46b8a08d[  
   _async=org.eclipse.jetty.server.AsyncContinuation@26bb9274@DISPATCHED,
   initial,
   _asyncSupported=true,
   _attributes=   {  
      javax.servlet.request.key_size=128,
      javax.servlet.request.cipher_suite=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
      javax.servlet.request.ssl_session_id=5cAbFe3eCbFfA8Ca84A546Cb995105F012E83eD556A493E55973F5A074A91eE3
   },
   _authentication=<null>,
   _baseParameters=   {  

   },
   _characterEncoding=<null>,
   _connection=AsyncHttpConnection@b7de4c,
   g=HttpGenerator   {  
      s=0,
      h=-1,
      b=-1,
      c=-1
   },
   p=HttpParser   {  
      s=-5,
      l=5,
      c=0
   },
   r=1,
   _context=ServletContext@o.e.j.s.ServletContextHandler   {  
      /,
      null
   },
   _newContext=false,
   _contextPath=,
   _cookies=<null>,
   _cookiesExtracted=false,
   _dispatcherType=REQUEST,
   _dns=false,
   _endp=SSL NOT_HANDSHAKING i/o/u=0/0/0 ishut=false oshut=false   {  
      AsyncHttpConnection@b7de4c,
      g=HttpGenerator      {  
         s=0,
         h=-1,
         b=-1,
         c=-1
      },
      p=HttpParser      {  
         s=-5,
         l=5,
         c=0
      },
      r=1
   },
   _handled=false,
   _inputState=1,
   _method=GET,
   _parameters=   {  

   },
   _paramsExtracted=true,
   _pathInfo=<null>,
   _port=0,
   _protocol=HTTP/1.1,
   _queryEncoding=<null>,
   _queryString=<null>,
   _reader=<null>,
   _readerEncoding=<null>,
   _remoteAddr=<null>,
   _remoteHost=<null>,
   _requestAttributeListeners=<null>,
   _requestedSessionId=<null>,
   _requestedSessionIdFromCookie=false,
   _requestURI=<null>,
   _savedNewSessions=<null>,
   _scheme=https,
   _scope=org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher-142075f1,
   _serverName=<null>,
   _servletPath=/token,
   _session=<null>,
   _sessionManager=<null>,
   _timeStamp=1554775615151,
   _dispatchTime=0,
   _timeStampBuffer=<null>,
   _uri=/token,
   _multiPartInputStream=<null>
]

I have tried to iterate over header and attributes but getting only Connection in header and javax.servlet.request.key_size, javax.servlet.request.cipher_suite, javax.servlet.request.ssl_session_id in attributes

My call trace looks like

java.lang.Thread.getStackTrace(Thread.java:1559)
com.AzureADLoginService.login(AzureADLoginService.java:33)
org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:47)
org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:90)
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:492)
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1088)
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429)
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
org.eclipse.jetty.server.Server.handle(Server.java:370)
org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971)
org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033)
org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196)
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
java.lang.Thread.run(Thread.java:748)

I wrote a sample jettey server app and I am able to retrieve token(code in form data, refer attached screenshot) using request.getParameter("code") but its not working with my application, can someone please help me out.

I am using jetty 8.1.15.v20140411 and don't have freedom to upgrade it.

Solution

First, Jetty 8 has been EOL (End of Life) since November 2014.

Now, to look at your Request state ...

   _inputState=1,
   _method=GET,
   _parameters=   {  

   },
   _paramsExtracted=true,

Those 4 tell us that your Request ...

was a GET method (which isn't to spec, as GET methods should not have a request body).
inputState at 1 says that some piece of code used the .getInputStream() putting the request body content in STREAM mode.
paramsExtracted says that some piece of code used one of the various .getParameter*() methods.
parameters={ } means that there were no parameters extracted or present either from the request query string, or the request body content.

Recommendations ...

First make sure you use the appropriate http method for what you are attempting to accomplish, use POST.
Ensure that any other code hasn't used the request body content before you (such as a filter)
Ensure that your application/x-www-form-urlencoded body content is sane and without encoding errors! (Jetty 8 was far more lenient, but that leniency made it vulnerable to many security issues. Jetty 9 is very strict)

If you can debug a live scenario, then set a breakpoint on org.eclipse.jetty.server.Request.getParameters() and follow along with what it's doing.