[
https://issues.apache.org/jira/browse/MEECROWAVE-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16772348#comment-16772348
]
Julio Vilmar Gesser commented on MEECROWAVE-183:
------------------------------------------------
[~romain.manni-bucau] yeah, that was what I had in mind. But I can't do that
without changing Meecrowave of CXF code.
That's why I suggested change the
org.apache.meecrowave.oauth2.configuration.OAuth2Configurer#preCompute to
accept a custom class for the provider.
But change
org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider#createJwtAccessToken
to set the issuer from a configuration will work for me.
> OAuth2TokenService generated jwt does not include issuer and causes NPE
> -----------------------------------------------------------------------
>
> Key: MEECROWAVE-183
> URL: https://issues.apache.org/jira/browse/MEECROWAVE-183
> Project: Meecrowave
> Issue Type: Bug
> Affects Versions: 1.2.5, 1.2.6
> Reporter: Julio Vilmar Gesser
> Priority: Major
>
> When using the OAuth2TokenService (oauth2/token) to generate a token in the
> JWT format it is generated without the issuer field.
> There is no configuration to define a issuer string to be used. The lack of
> the issuer in the token causes a NPE when using the token to authenticate
> (see stack trace at the end).
> I tried to find a way to provide the issuer, but I couldn't.
> if OAuth2Configurer allowed me to define a custom AbstractOAuthDataProvider I
> would override the method createNewAccessToken and set the issuer. But
> unfortunately the it is not possible yet. I thin this option interesting
> besides the bug I am reporting because would bring more flexibility.
> But any way, should be a way to define the issuer.
>
> The stacktrace of the problem:
> java.lang.NullPointerException: no mapping for iss
> at
> org.apache.johnzon.core.JsonObjectImpl.valueOrExcpetion(JsonObjectImpl.java:49)
> ~[johnzon-core-1.1.10.jar:1.1.10]
> at org.apache.johnzon.core.JsonObjectImpl.getString(JsonObjectImpl.java:82)
> ~[johnzon-core-1.1.10.jar:1.1.10]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.jwt.JwtParser.lambda$parse$0(JwtParser.java:93)
> ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
> at java.util.stream.MatchOps$1MatchSink.accept(MatchOps.java:90)
> ~[?:1.8.0_181]
> at java.util.HashMap$KeySpliterator.tryAdvance(HashMap.java:1574)
> ~[?:1.8.0_181]
> at
> java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:126)
> ~[?:1.8.0_181]
> at
> java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:498)
> ~[?:1.8.0_181]
> at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:485)
> ~[?:1.8.0_181]
> at
> java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
> ~[?:1.8.0_181]
> at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:230)
> ~[?:1.8.0_181]
> at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:196)
> ~[?:1.8.0_181]
> at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
> ~[?:1.8.0_181]
> at java.util.stream.ReferencePipeline.noneMatch(ReferencePipeline.java:459)
> ~[?:1.8.0_181]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.jwt.JwtParser.parse(JwtParser.java:93)
> ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.jwt.JwtParser$$OwbNormalScopeProxy0.parse(org/apache/geronimo/microprofile/impl/jwtauth/jwt/JwtParser.java)
> ~[?:1.0.1]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.servlet.JwtRequest.lambda$new$0(JwtRequest.java:62)
> ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.servlet.JwtRequest.getUserPrincipal(JwtRequest.java:93)
> ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
> at
> javax.servlet.http.HttpServletRequestWrapper.getUserPrincipal(HttpServletRequestWrapper.java:196)
> ~[meecrowave-specs-api-1.2.6.jar:1.2.6]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination$2.getUserPrincipal(AbstractHTTPDestination.java:392)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.getAuthorizationPolicyFromMessage(AbstractHTTPDestination.java:206)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.setupMessage(AbstractHTTPDestination.java:405)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:252)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:225)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
> ~[meecrowave-specs-api-1.2.6.jar:1.2.6]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.meecrowave.cxf.CxfCdiAutoSetup$1.doFilter(CxfCdiAutoSetup.java:121)
> ~[meecrowave-core-1.2.6.jar:1.2.6]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> ~[tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.geronimo.microprofile.opentracing.common.microprofile.server.OpenTracingFilter.doFilter(OpenTracingFilter.java:157)
> ~[geronimo-opentracing-common-1.0.1.jar:1.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> ~[tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.servlet.GeronimoJwtAuthFilter.lambda$doFilter$3(GeronimoJwtAuthFilter.java:83)
> ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension.execute(GeronimoJwtAuthExtension.java:276)
> ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension$$OwbNormalScopeProxy0.execute(org/apache/geronimo/microprofile/impl/jwtauth/cdi/GeronimoJwtAuthExtension.java)
> ~[?:1.0.1]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.servlet.GeronimoJwtAuthFilter.doFilter(GeronimoJwtAuthFilter.java:83)
> ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> ~[tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> [tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> [tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
> [tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> [tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
> [tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
> [tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
> [tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
> [tomcat-coyote-9.0.14.jar:9.0.14]
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> [tomcat-coyote-9.0.14.jar:9.0.14]
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
> [tomcat-coyote-9.0.14.jar:9.0.14]
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
> [tomcat-coyote-9.0.14.jar:9.0.14]
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> [tomcat-coyote-9.0.14.jar:9.0.14]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> [?:1.8.0_181]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> [?:1.8.0_181]
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> [tomcat-util-9.0.14.jar:9.0.14]
> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
