List<String> to String cast exception on URLUtils -> serializeParameters

Issue #262 invalid

Craig Tobe created an issue 2019-03-04

This method worked in older versions but in the newer version you are trying to cast a List<String> to a String and this method bombs every time. Can we please fix this? Thanks!

for (Map.Entry<String,List<String>> entry: params.entrySet()) {

            if (entry.getKey() == null || entry.getValue() == null)
                continue;

            // === problem is here
            for (String value: entry.getValue()) {

                if (value == null) {
                    value = "";
                }

Comments (12)

Vladimir Dzhuvinov
- changed status to open
- 2019-03-05T06:52:14+00:00
Vladimir Dzhuvinov
Hi Craig,

Could you post a snippet or test that shows the bug?

We have a bunch of tests that pass this. entry.getValue() returns a List<String>. I don't see a cast in this method.
- 2019-03-05T07:01:03+00:00
Vladimir Dzhuvinov
Added multivalued test: f3eaa55f
- 2019-03-05T07:01:46+00:00
Craig Tobe reporter
Hi @vdzhuvinov

EntrySet returns a key, value. Your value is a List<String>. So when you do entry.getValue() you are returning a List<String>. However, you are trying to set the List<String> to a String in the inner for-loop. The cast is here... for (String value: entry.getValue())
- 2019-03-05T14:11:16+00:00
Vladimir Dzhuvinov
Hm, doesn't entry.getValue() resolve to List<String>?

See the Map.Entry<String,List<String>> entry
- 2019-03-05T14:27:14+00:00
Vladimir Dzhuvinov
If you do see an exception, can you post its stack trace here?
- 2019-03-05T14:27:52+00:00
Connect2id OSS
- changed status to invalid
Bug not validated
- 2019-04-17T08:39:03+00:00
Craig Tobe reporter
I don't understand how you aren't able to reproduce this. I've had 6 developers on my team have this identical issue.

The code doesn't even make sense. You are casting a List<String> to String. I think if you only have 1 String it may work, but with a real list of Strings, this will bomb every time.
- 2019-04-17T13:44:01+00:00
Connect2id OSS
There is no explicit cast in the method.

If code that calls the method does this cast - that's a different issue.

Can you post a stack trace of the cast exception?
- 2019-04-17T15:59:35+00:00

Connect2id OSS

for (String value: entry.getValue())

is essentially

List<String> someList = ....;
for(String value: someList)

2019-04-17T16:02:03+00:00

Connect2id OSS
Here is a similar issue - arising from an incorrect call of the method:

https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/issues/262/list-to-string-cast-exception-on-urlutils

(possibly the OAuth 2.0 SDK got updated in ADAL4j without recompiling the code / running tests)
- 2019-04-17T16:18:17+00:00
Craig Tobe reporter
Yes that's exactly it. I had to roll this version back in Microsoft's oauth implementation for it to work.
- 2019-04-17T17:30:06+00:00
Log in to comment

Assignee: –

Type: bug

Priority: critical

Status: invalid

Milestone: –

Votes: 0

Watchers: 1