[ https://issues.apache.org/jira/browse/MEECROWAVE-174?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Romain Manni-Bucau reassigned MEECROWAVE-174: --------------------------------------------- Assignee: Romain Manni-Bucau > OAuth2TokenService does not work with JWT access token format > ------------------------------------------------------------- > > Key: MEECROWAVE-174 > URL: https://issues.apache.org/jira/browse/MEECROWAVE-174 > Project: Meecrowave > Issue Type: Bug > Affects Versions: 1.2.4 > Reporter: Julio Vilmar Gesser > Assignee: Romain Manni-Bucau > Priority: Major > > When the JWT format for access tokens is enabled > (_oauth2-use-jwt-format-for-access-token_) the *"rs.security.*"* properties > are not forwarded to the message context. > This results in an error when the *oalth2/token* is invoked (see stacktrace > below). > OAuth2Configurer class is responsible for forwarding these properties, but it > only do that when the accept method is called from > RedirectionBasedGrantService. > In my case it is being called from AccessTokenService. > > *Stacktrace:* > org.apache.cxf.rs.security.jose.common.JoseException: No keystore file has > been configured > at > org.apache.cxf.rs.security.jose.common.KeyManagementUtils.loadPersistKeyStore(KeyManagementUtils.java:285) > ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6] > at > org.apache.cxf.rs.security.jose.common.KeyManagementUtils.loadPrivateKey(KeyManagementUtils.java:273) > ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6] > at > org.apache.cxf.rs.security.jose.jws.JwsUtils.loadSignatureProvider(JwsUtils.java:334) > ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6] > at > org.apache.cxf.rs.security.jose.jws.JwsUtils.loadSignatureProvider(JwsUtils.java:278) > ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6] > at > org.apache.cxf.rs.security.jose.jws.JwsUtils.loadSignatureProvider(JwsUtils.java:227) > ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6] > at > org.apache.cxf.rs.security.jose.common.AbstractJoseProducer.getInitializedSignatureProvider(AbstractJoseProducer.java:39) > ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6] > at > org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer.processJwt(JoseJwtProducer.java:53) > ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6] > at > org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer.processJwt(JoseJwtProducer.java:31) > ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6] > at > org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider.processJwtAccessToken(AbstractOAuthDataProvider.java:635) > ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6] > at > org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider.doCreateAccessToken(AbstractOAuthDataProvider.java:102) > ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6] > at > org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider.createAccessToken(AbstractOAuthDataProvider.java:69) > ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6] > at > org.apache.meecrowave.oauth2.data.RefreshTokenEnabledProvider.createAccessToken(RefreshTokenEnabledProvider.java:68) > ~[meecrowave-oauth2-1.2.4.jar:1.2.4] > at > org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler.doCreateAccessToken(AbstractGrantHandler.java:135) > ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6] > at > org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler.doCreateAccessToken(AbstractGrantHandler.java:105) > ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6] > at > org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler.doCreateAccessToken(AbstractGrantHandler.java:87) > ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6] > at > org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler.createAccessToken(ResourceOwnerGrantHandler.java:56) > ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6] > at > org.apache.cxf.rs.security.oauth2.services.AccessTokenService.handleTokenRequest(AccessTokenService.java:124) > [cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6] > at > org.apache.meecrowave.oauth2.resource.OAuth2TokenService$LazyImpl$$OwbNormalScopeProxy0.handleTokenRequest(org/apache/meecrowave/oauth2/resource/OAuth2TokenService$LazyImpl.java) > [?:1.2.4] > at > org.apache.meecrowave.oauth2.resource.OAuth2TokenService.handleTokenRequest(OAuth2TokenService.java:54) > [meecrowave-oauth2-1.2.4.jar:1.2.4] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:1.8.0_181] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:1.8.0_181] > at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] > at > org.apache.webbeans.intercept.AbstractInvocationContext.directProceed(AbstractInvocationContext.java:113) > [openwebbeans-impl-2.0.7.jar:2.0.7] > at > org.apache.webbeans.intercept.AbstractInvocationContext.proceed(AbstractInvocationContext.java:106) > [openwebbeans-impl-2.0.7.jar:2.0.7] > at > org.apache.webbeans.intercept.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:78) > [openwebbeans-impl-2.0.7.jar:2.0.7] > at > org.apache.meecrowave.cxf.JAXRSFieldInjectionInterceptor.lazyInjectContexts(JAXRSFieldInjectionInterceptor.java:64) > [meecrowave-core-1.2.4.jar:1.2.4] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:1.8.0_181] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:1.8.0_181] > at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] > at > org.apache.webbeans.component.InterceptorBean.intercept(InterceptorBean.java:136) > [openwebbeans-impl-2.0.7.jar:2.0.7] > at > org.apache.webbeans.intercept.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:65) > [openwebbeans-impl-2.0.7.jar:2.0.7] > at > org.apache.webbeans.intercept.DefaultInterceptorHandler.invoke(DefaultInterceptorHandler.java:139) > [openwebbeans-impl-2.0.7.jar:2.0.7] > at > org.apache.meecrowave.oauth2.resource.OAuth2TokenService$$OwbInterceptProxy0.handleTokenRequest(org/apache/meecrowave/oauth2/resource/OAuth2TokenService.java) > [?:1.2.4] > at > org.apache.meecrowave.oauth2.resource.OAuth2TokenService$$OwbNormalScopeProxy0.handleTokenRequest(org/apache/meecrowave/oauth2/resource/OAuth2TokenService.java) > [?:1.2.4] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:1.8.0_181] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:1.8.0_181] > at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] > at > org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179) > [cxf-core-3.2.7.jar:3.2.7] > at > org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96) > [cxf-core-3.2.7.jar:3.2.7] > at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:193) > [cxf-rt-frontend-jaxrs-3.2.7.jar:3.2.7] > at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:103) > [cxf-rt-frontend-jaxrs-3.2.7.jar:3.2.7] > at > org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59) > [cxf-core-3.2.7.jar:3.2.7] > at > org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96) > [cxf-core-3.2.7.jar:3.2.7] > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > [cxf-core-3.2.7.jar:3.2.7] > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > [cxf-core-3.2.7.jar:3.2.7] > at > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) > [cxf-rt-transports-http-3.2.7.jar:3.2.7] > at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) > [cxf-rt-transports-http-3.2.7.jar:3.2.7] > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) > [cxf-rt-transports-http-3.2.7.jar:3.2.7] > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) > [cxf-rt-transports-http-3.2.7.jar:3.2.7] > at > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216) > [cxf-rt-transports-http-3.2.7.jar:3.2.7] > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) > [cxf-rt-transports-http-3.2.7.jar:3.2.7] > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) > [cxf-rt-transports-http-3.2.7.jar:3.2.7] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:660) > [meecrowave-specs-api-1.2.4.jar:1.2.4] > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) > [cxf-rt-transports-http-3.2.7.jar:3.2.7] > at > org.apache.meecrowave.cxf.CxfCdiAutoSetup$1.doFilter(CxfCdiAutoSetup.java:121) > [meecrowave-core-1.2.4.jar:1.2.4] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > [tomcat-catalina-9.0.12.jar:9.0.12] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > [tomcat-catalina-9.0.12.jar:9.0.12] > at > com.philips.bifrost.admin.EmbeddedServerCommand$FilterListener.doFilter(EmbeddedServerCommand.java:119) > [main/:?] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > [tomcat-catalina-9.0.12.jar:9.0.12] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > [tomcat-catalina-9.0.12.jar:9.0.12] > at > org.apache.geronimo.microprofile.opentracing.common.microprofile.server.OpenTracingFilter.doFilter(OpenTracingFilter.java:157) > [geronimo-opentracing-common-1.0.1.jar:1.0.1] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > [tomcat-catalina-9.0.12.jar:9.0.12] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > [tomcat-catalina-9.0.12.jar:9.0.12] > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) > [tomcat-catalina-9.0.12.jar:9.0.12] > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) > [tomcat-catalina-9.0.12.jar:9.0.12] > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) > [tomcat-catalina-9.0.12.jar:9.0.12] > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) > [tomcat-catalina-9.0.12.jar:9.0.12] > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) > [tomcat-catalina-9.0.12.jar:9.0.12] > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) > [tomcat-catalina-9.0.12.jar:9.0.12] > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) > [tomcat-catalina-9.0.12.jar:9.0.12] > at > org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) > [tomcat-coyote-9.0.12.jar:9.0.12] > at > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > [tomcat-coyote-9.0.12.jar:9.0.12] > at > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770) > [tomcat-coyote-9.0.12.jar:9.0.12] > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415) > [tomcat-coyote-9.0.12.jar:9.0.12] > at > org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) > [tomcat-coyote-9.0.12.jar:9.0.12] > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > [?:1.8.0_181] > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > [?:1.8.0_181] > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > [tomcat-util-9.0.12.jar:9.0.12] > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181] > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)