You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openwebbeans.apache.org by "Romain Manni-Bucau (JIRA)" <ji...@apache.org> on 2019/01/13 18:00:00 UTC
[jira] [Assigned] (MEECROWAVE-174) OAuth2TokenService does not work
with JWT access token format
[ https://issues.apache.org/jira/browse/MEECROWAVE-174?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Romain Manni-Bucau reassigned MEECROWAVE-174:
---------------------------------------------
Assignee: Romain Manni-Bucau
> OAuth2TokenService does not work with JWT access token format
> -------------------------------------------------------------
>
> Key: MEECROWAVE-174
> URL: https://issues.apache.org/jira/browse/MEECROWAVE-174
> Project: Meecrowave
> Issue Type: Bug
> Affects Versions: 1.2.4
> Reporter: Julio Vilmar Gesser
> Assignee: Romain Manni-Bucau
> Priority: Major
>
> When the JWT format for access tokens is enabled (_oauth2-use-jwt-format-for-access-token_) the *"rs.security.*"* properties are not forwarded to the message context.
> This results in an error when the *oalth2/token* is invoked (see stacktrace below).
> OAuth2Configurer class is responsible for forwarding these properties, but it only do that when the accept method is called from RedirectionBasedGrantService.
> In my case it is being called from AccessTokenService.
>
> *Stacktrace:*
> org.apache.cxf.rs.security.jose.common.JoseException: No keystore file has been configured
> at org.apache.cxf.rs.security.jose.common.KeyManagementUtils.loadPersistKeyStore(KeyManagementUtils.java:285) ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
> at org.apache.cxf.rs.security.jose.common.KeyManagementUtils.loadPrivateKey(KeyManagementUtils.java:273) ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
> at org.apache.cxf.rs.security.jose.jws.JwsUtils.loadSignatureProvider(JwsUtils.java:334) ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
> at org.apache.cxf.rs.security.jose.jws.JwsUtils.loadSignatureProvider(JwsUtils.java:278) ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
> at org.apache.cxf.rs.security.jose.jws.JwsUtils.loadSignatureProvider(JwsUtils.java:227) ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
> at org.apache.cxf.rs.security.jose.common.AbstractJoseProducer.getInitializedSignatureProvider(AbstractJoseProducer.java:39) ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
> at org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer.processJwt(JoseJwtProducer.java:53) ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
> at org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer.processJwt(JoseJwtProducer.java:31) ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
> at org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider.processJwtAccessToken(AbstractOAuthDataProvider.java:635) ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
> at org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider.doCreateAccessToken(AbstractOAuthDataProvider.java:102) ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
> at org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider.createAccessToken(AbstractOAuthDataProvider.java:69) ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
> at org.apache.meecrowave.oauth2.data.RefreshTokenEnabledProvider.createAccessToken(RefreshTokenEnabledProvider.java:68) ~[meecrowave-oauth2-1.2.4.jar:1.2.4]
> at org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler.doCreateAccessToken(AbstractGrantHandler.java:135) ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
> at org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler.doCreateAccessToken(AbstractGrantHandler.java:105) ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
> at org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler.doCreateAccessToken(AbstractGrantHandler.java:87) ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
> at org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler.createAccessToken(ResourceOwnerGrantHandler.java:56) ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
> at org.apache.cxf.rs.security.oauth2.services.AccessTokenService.handleTokenRequest(AccessTokenService.java:124) [cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
> at org.apache.meecrowave.oauth2.resource.OAuth2TokenService$LazyImpl$$OwbNormalScopeProxy0.handleTokenRequest(org/apache/meecrowave/oauth2/resource/OAuth2TokenService$LazyImpl.java) [?:1.2.4]
> at org.apache.meecrowave.oauth2.resource.OAuth2TokenService.handleTokenRequest(OAuth2TokenService.java:54) [meecrowave-oauth2-1.2.4.jar:1.2.4]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
> at org.apache.webbeans.intercept.AbstractInvocationContext.directProceed(AbstractInvocationContext.java:113) [openwebbeans-impl-2.0.7.jar:2.0.7]
> at org.apache.webbeans.intercept.AbstractInvocationContext.proceed(AbstractInvocationContext.java:106) [openwebbeans-impl-2.0.7.jar:2.0.7]
> at org.apache.webbeans.intercept.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:78) [openwebbeans-impl-2.0.7.jar:2.0.7]
> at org.apache.meecrowave.cxf.JAXRSFieldInjectionInterceptor.lazyInjectContexts(JAXRSFieldInjectionInterceptor.java:64) [meecrowave-core-1.2.4.jar:1.2.4]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
> at org.apache.webbeans.component.InterceptorBean.intercept(InterceptorBean.java:136) [openwebbeans-impl-2.0.7.jar:2.0.7]
> at org.apache.webbeans.intercept.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:65) [openwebbeans-impl-2.0.7.jar:2.0.7]
> at org.apache.webbeans.intercept.DefaultInterceptorHandler.invoke(DefaultInterceptorHandler.java:139) [openwebbeans-impl-2.0.7.jar:2.0.7]
> at org.apache.meecrowave.oauth2.resource.OAuth2TokenService$$OwbInterceptProxy0.handleTokenRequest(org/apache/meecrowave/oauth2/resource/OAuth2TokenService.java) [?:1.2.4]
> at org.apache.meecrowave.oauth2.resource.OAuth2TokenService$$OwbNormalScopeProxy0.handleTokenRequest(org/apache/meecrowave/oauth2/resource/OAuth2TokenService.java) [?:1.2.4]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
> at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179) [cxf-core-3.2.7.jar:3.2.7]
> at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96) [cxf-core-3.2.7.jar:3.2.7]
> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:193) [cxf-rt-frontend-jaxrs-3.2.7.jar:3.2.7]
> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:103) [cxf-rt-frontend-jaxrs-3.2.7.jar:3.2.7]
> at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59) [cxf-core-3.2.7.jar:3.2.7]
> at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96) [cxf-core-3.2.7.jar:3.2.7]
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) [cxf-core-3.2.7.jar:3.2.7]
> at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-core-3.2.7.jar:3.2.7]
> at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) [cxf-rt-transports-http-3.2.7.jar:3.2.7]
> at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) [cxf-rt-transports-http-3.2.7.jar:3.2.7]
> at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) [cxf-rt-transports-http-3.2.7.jar:3.2.7]
> at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) [cxf-rt-transports-http-3.2.7.jar:3.2.7]
> at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216) [cxf-rt-transports-http-3.2.7.jar:3.2.7]
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) [cxf-rt-transports-http-3.2.7.jar:3.2.7]
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) [cxf-rt-transports-http-3.2.7.jar:3.2.7]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:660) [meecrowave-specs-api-1.2.4.jar:1.2.4]
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) [cxf-rt-transports-http-3.2.7.jar:3.2.7]
> at org.apache.meecrowave.cxf.CxfCdiAutoSetup$1.doFilter(CxfCdiAutoSetup.java:121) [meecrowave-core-1.2.4.jar:1.2.4]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-catalina-9.0.12.jar:9.0.12]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-catalina-9.0.12.jar:9.0.12]
> at com.philips.bifrost.admin.EmbeddedServerCommand$FilterListener.doFilter(EmbeddedServerCommand.java:119) [main/:?]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-catalina-9.0.12.jar:9.0.12]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-catalina-9.0.12.jar:9.0.12]
> at org.apache.geronimo.microprofile.opentracing.common.microprofile.server.OpenTracingFilter.doFilter(OpenTracingFilter.java:157) [geronimo-opentracing-common-1.0.1.jar:1.0.1]
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-catalina-9.0.12.jar:9.0.12]
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-catalina-9.0.12.jar:9.0.12]
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) [tomcat-catalina-9.0.12.jar:9.0.12]
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-catalina-9.0.12.jar:9.0.12]
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) [tomcat-catalina-9.0.12.jar:9.0.12]
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-catalina-9.0.12.jar:9.0.12]
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-catalina-9.0.12.jar:9.0.12]
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-catalina-9.0.12.jar:9.0.12]
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-catalina-9.0.12.jar:9.0.12]
> at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) [tomcat-coyote-9.0.12.jar:9.0.12]
> at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-coyote-9.0.12.jar:9.0.12]
> at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770) [tomcat-coyote-9.0.12.jar:9.0.12]
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415) [tomcat-coyote-9.0.12.jar:9.0.12]
> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote-9.0.12.jar:9.0.12]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_181]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_181]
> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util-9.0.12.jar:9.0.12]
> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)