Julio Vilmar Gesser created MEECROWAVE-183:
----------------------------------------------
Summary: OAuth2TokenService generated jwt does not include issuer
and causes NPE
Key: MEECROWAVE-183
URL: https://issues.apache.org/jira/browse/MEECROWAVE-183
Project: Meecrowave
Issue Type: Bug
Affects Versions: 1.2.5, 1.2.6
Reporter: Julio Vilmar Gesser
When using the OAuth2TokenService (oauth2/token) to generate a token in the JWT
format it is generated without the issuer field.
There is no configuration to define a issuer string to be used. The lack of the
issuer in the token causes a NPE when using the token to authenticate (see
stack trace at the end).
I tried to find a way to provide the issuer, but I couldn't.
if OAuth2Configurer allowed me to define a custom AbstractOAuthDataProvider I
would override the method createNewAccessToken and set the issuer. But
unfortunately the it is not possible yet. I thin this option interesting
besides the bug I am reporting because would bring more flexibility.
But any way, should be a way to define the issuer.
The stacktrace of the problem:
java.lang.NullPointerException: no mapping for iss
at
org.apache.johnzon.core.JsonObjectImpl.valueOrExcpetion(JsonObjectImpl.java:49)
~[johnzon-core-1.1.10.jar:1.1.10]
at org.apache.johnzon.core.JsonObjectImpl.getString(JsonObjectImpl.java:82)
~[johnzon-core-1.1.10.jar:1.1.10]
at
org.apache.geronimo.microprofile.impl.jwtauth.jwt.JwtParser.lambda$parse$0(JwtParser.java:93)
~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
at java.util.stream.MatchOps$1MatchSink.accept(MatchOps.java:90) ~[?:1.8.0_181]
at java.util.HashMap$KeySpliterator.tryAdvance(HashMap.java:1574)
~[?:1.8.0_181]
at
java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:126)
~[?:1.8.0_181]
at
java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:498)
~[?:1.8.0_181]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:485)
~[?:1.8.0_181]
at
java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
~[?:1.8.0_181]
at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:230)
~[?:1.8.0_181]
at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:196)
~[?:1.8.0_181]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
~[?:1.8.0_181]
at java.util.stream.ReferencePipeline.noneMatch(ReferencePipeline.java:459)
~[?:1.8.0_181]
at
org.apache.geronimo.microprofile.impl.jwtauth.jwt.JwtParser.parse(JwtParser.java:93)
~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
at
org.apache.geronimo.microprofile.impl.jwtauth.jwt.JwtParser$$OwbNormalScopeProxy0.parse(org/apache/geronimo/microprofile/impl/jwtauth/jwt/JwtParser.java)
~[?:1.0.1]
at
org.apache.geronimo.microprofile.impl.jwtauth.servlet.JwtRequest.lambda$new$0(JwtRequest.java:62)
~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
at
org.apache.geronimo.microprofile.impl.jwtauth.servlet.JwtRequest.getUserPrincipal(JwtRequest.java:93)
~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
at
javax.servlet.http.HttpServletRequestWrapper.getUserPrincipal(HttpServletRequestWrapper.java:196)
~[meecrowave-specs-api-1.2.6.jar:1.2.6]
at
org.apache.cxf.transport.http.AbstractHTTPDestination$2.getUserPrincipal(AbstractHTTPDestination.java:392)
~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
at
org.apache.cxf.transport.http.AbstractHTTPDestination.getAuthorizationPolicyFromMessage(AbstractHTTPDestination.java:206)
~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
at
org.apache.cxf.transport.http.AbstractHTTPDestination.setupMessage(AbstractHTTPDestination.java:405)
~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:252)
~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:225)
~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
~[meecrowave-specs-api-1.2.6.jar:1.2.6]
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
at
org.apache.meecrowave.cxf.CxfCdiAutoSetup$1.doFilter(CxfCdiAutoSetup.java:121)
~[meecrowave-core-1.2.6.jar:1.2.6]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-catalina-9.0.14.jar:9.0.14]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-catalina-9.0.14.jar:9.0.14]
at
org.apache.geronimo.microprofile.opentracing.common.microprofile.server.OpenTracingFilter.doFilter(OpenTracingFilter.java:157)
~[geronimo-opentracing-common-1.0.1.jar:1.0.1]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-catalina-9.0.14.jar:9.0.14]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-catalina-9.0.14.jar:9.0.14]
at
org.apache.geronimo.microprofile.impl.jwtauth.servlet.GeronimoJwtAuthFilter.lambda$doFilter$3(GeronimoJwtAuthFilter.java:83)
~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
at
org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension.execute(GeronimoJwtAuthExtension.java:276)
~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
at
org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension$$OwbNormalScopeProxy0.execute(org/apache/geronimo/microprofile/impl/jwtauth/cdi/GeronimoJwtAuthExtension.java)
~[?:1.0.1]
at
org.apache.geronimo.microprofile.impl.jwtauth.servlet.GeronimoJwtAuthFilter.doFilter(GeronimoJwtAuthFilter.java:83)
~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
~[tomcat-catalina-9.0.14.jar:9.0.14]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
~[tomcat-catalina-9.0.14.jar:9.0.14]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
[tomcat-catalina-9.0.14.jar:9.0.14]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
[tomcat-catalina-9.0.14.jar:9.0.14]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
[tomcat-catalina-9.0.14.jar:9.0.14]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
[tomcat-catalina-9.0.14.jar:9.0.14]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
[tomcat-catalina-9.0.14.jar:9.0.14]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
[tomcat-catalina-9.0.14.jar:9.0.14]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
[tomcat-catalina-9.0.14.jar:9.0.14]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
[tomcat-coyote-9.0.14.jar:9.0.14]
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
[tomcat-coyote-9.0.14.jar:9.0.14]
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
[tomcat-coyote-9.0.14.jar:9.0.14]
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
[tomcat-coyote-9.0.14.jar:9.0.14]
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
[tomcat-coyote-9.0.14.jar:9.0.14]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[?:1.8.0_181]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[?:1.8.0_181]
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
[tomcat-util-9.0.14.jar:9.0.14]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
