Bug: Infinite loop in SearchRequestBuilder.invoke() due to improper JSON parser token handling #272
Description
Describe the bug
Hi,
I’m experiencing an infinite loop issue when using SearchRequestBuilder.invoke() with a JSON response from SAP. The SCIM response looks like this:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1884,
"itemsPerPage": 1,
"startIndex": 1,
"Resources": [...],
"startId": null,
"nextId": null
}
Problem:
The parsing loop in SearchRequestBuilder.invoke() processes JSON fields correctly but does not detect when the parser has reached the final } (END_OBJECT). As a result, it enters an infinite loop after reading the last property (e.g., nextId), because parser.nextToken() call in the default switch case skips over JsonToken.END_OBJECT.
default:
if (SchemaUtils.isUrn(field))
{
resultHandler.extension(field, parser.readValueAsTree());
}
else
{
// Just skip this field
parser.nextToken();
}
}
To Reproduce
Steps to reproduce the behavior:
Perform a SCIM search request against a SAP SCIM-compliant server using SearchRequestBuilder.invoke().
Ensure the server returns a valid SCIM response with additional fields like startId or nextId.
Observe that the client enters an infinite loop while parsing the response.
Expected behavior
The response parser should recognize the end of the JSON object and exit the loop cleanly without requiring every field to be known in advance.
Suggested Fix
Update the loop to check parser.isClosed() instead of relying solely on parser.nextToken() != JsonToken.END_OBJECT.
while (proceed && **!parser.isClosed** && parser.nextToken() != JsonToken.END_OBJECT)
{
String field = String.valueOf(parser.currentName());
parser.nextToken();
.....
Additional context
Add any other context about the problem here. For example:
- Java version: [Java version "21.0.7"]
- SCIM 2 SDK-client 4.1