diff --git a/modules/charon-core/src/main/java/org/wso2/charon3/core/encoder/JSONDecoder.java b/modules/charon-core/src/main/java/org/wso2/charon3/core/encoder/JSONDecoder.java index 0b790254..7ace1c51 100644 --- a/modules/charon-core/src/main/java/org/wso2/charon3/core/encoder/JSONDecoder.java +++ b/modules/charon-core/src/main/java/org/wso2/charon3/core/encoder/JSONDecoder.java @@ -746,13 +746,26 @@ private ComplexAttribute buildComplexValue(AttributeSchema attributeSchema, */ public ArrayList decodeRequest(String scimResourceString) throws BadRequestException { - ArrayList operationList = new ArrayList(); try { //decode the string into json representation JSONObject decodedJsonObj = new JSONObject(new JSONTokener(scimResourceString)); //obtain the Operations values JSONArray operationJsonList = (JSONArray) decodedJsonObj.opt(SCIMConstants.OperationalConstants.OPERATIONS); + + //check if operationJsonList is null + if (operationJsonList == null) { + + //throw appropriate exception based on the key check + if (decodedJsonObj.has(StringUtils.lowerCase(SCIMConstants.OperationalConstants.OPERATIONS))) { + throw new BadRequestException("Invalid JSON schema.", ResponseCodeConstants.INVALID_SYNTAX); + } + + //if the key with lowercase name does not exist, throw this exception + throw new BadRequestException(ResponseCodeConstants.INVALID_SYNTAX); + } + + //for each operation, create a PatchOperation object and add the relevant values to it for (int count = 0; count < operationJsonList.length(); count++) { JSONObject operation = (JSONObject) operationJsonList.get(count);