[jira] [Resolved] (MEECROWAVE-183) OAuth2TokenService generated jwt does not include issuer and causes NPE

Romain Manni-Bucau (JIRA) Tue, 19 Feb 2019 14:04:12 -0800


     [ 
https://issues.apache.org/jira/browse/MEECROWAVE-183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Romain Manni-Bucau resolved MEECROWAVE-183.
-------------------------------------------
       Resolution: Fixed
         Assignee: Romain Manni-Bucau
    Fix Version/s: 1.2.6

> OAuth2TokenService generated jwt does not include issuer and causes NPE
> -----------------------------------------------------------------------
>
>                 Key: MEECROWAVE-183
>                 URL: https://issues.apache.org/jira/browse/MEECROWAVE-183
>             Project: Meecrowave
>          Issue Type: Bug
>    Affects Versions: 1.2.5, 1.2.6
>            Reporter: Julio Vilmar Gesser
>            Assignee: Romain Manni-Bucau
>            Priority: Major
>             Fix For: 1.2.6
>
>
> When using the OAuth2TokenService (oauth2/token) to generate a token in the 
> JWT format it is generated without the issuer field.
> There is no configuration to define a issuer string to be used. The lack of 
> the issuer in the token causes a NPE when using the token to authenticate 
> (see stack trace at the end).
> I tried to find a way to provide the issuer, but I couldn't.
> if OAuth2Configurer allowed me to define a custom AbstractOAuthDataProvider I 
> would override the method createNewAccessToken and set the issuer. But 
> unfortunately the it is not possible yet. I thin this option interesting 
> besides the bug I am reporting because would bring more flexibility.
> But any way, should be a way to define the issuer.
>  
> The stacktrace of the problem:
> java.lang.NullPointerException: no mapping for iss
>  at 
> org.apache.johnzon.core.JsonObjectImpl.valueOrExcpetion(JsonObjectImpl.java:49)
>  ~[johnzon-core-1.1.10.jar:1.1.10]
>  at org.apache.johnzon.core.JsonObjectImpl.getString(JsonObjectImpl.java:82) 
> ~[johnzon-core-1.1.10.jar:1.1.10]
>  at 
> org.apache.geronimo.microprofile.impl.jwtauth.jwt.JwtParser.lambda$parse$0(JwtParser.java:93)
>  ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
>  at java.util.stream.MatchOps$1MatchSink.accept(MatchOps.java:90) 
> ~[?:1.8.0_181]
>  at java.util.HashMap$KeySpliterator.tryAdvance(HashMap.java:1574) 
> ~[?:1.8.0_181]
>  at 
> java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:126)
>  ~[?:1.8.0_181]
>  at 
> java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:498)
>  ~[?:1.8.0_181]
>  at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:485) 
> ~[?:1.8.0_181]
>  at 
> java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) 
> ~[?:1.8.0_181]
>  at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:230) 
> ~[?:1.8.0_181]
>  at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:196) 
> ~[?:1.8.0_181]
>  at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) 
> ~[?:1.8.0_181]
>  at java.util.stream.ReferencePipeline.noneMatch(ReferencePipeline.java:459) 
> ~[?:1.8.0_181]
>  at 
> org.apache.geronimo.microprofile.impl.jwtauth.jwt.JwtParser.parse(JwtParser.java:93)
>  ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
>  at 
> org.apache.geronimo.microprofile.impl.jwtauth.jwt.JwtParser$$OwbNormalScopeProxy0.parse(org/apache/geronimo/microprofile/impl/jwtauth/jwt/JwtParser.java)
>  ~[?:1.0.1]
>  at 
> org.apache.geronimo.microprofile.impl.jwtauth.servlet.JwtRequest.lambda$new$0(JwtRequest.java:62)
>  ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
>  at 
> org.apache.geronimo.microprofile.impl.jwtauth.servlet.JwtRequest.getUserPrincipal(JwtRequest.java:93)
>  ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
>  at 
> javax.servlet.http.HttpServletRequestWrapper.getUserPrincipal(HttpServletRequestWrapper.java:196)
>  ~[meecrowave-specs-api-1.2.6.jar:1.2.6]
>  at 
> org.apache.cxf.transport.http.AbstractHTTPDestination$2.getUserPrincipal(AbstractHTTPDestination.java:392)
>  ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
>  at 
> org.apache.cxf.transport.http.AbstractHTTPDestination.getAuthorizationPolicyFromMessage(AbstractHTTPDestination.java:206)
>  ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
>  at 
> org.apache.cxf.transport.http.AbstractHTTPDestination.setupMessage(AbstractHTTPDestination.java:405)
>  ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
>  at 
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:252)
>  ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
>  at 
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
>  ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
>  at 
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
>  ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
>  at 
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
>  ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
>  at 
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
>  ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
>  at 
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
>  ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
>  at 
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:225)
>  ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) 
> ~[meecrowave-specs-api-1.2.6.jar:1.2.6]
>  at 
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
>  ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
>  at 
> org.apache.meecrowave.cxf.CxfCdiAutoSetup$1.doFilter(CxfCdiAutoSetup.java:121)
>  ~[meecrowave-core-1.2.6.jar:1.2.6]
>  at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>  ~[tomcat-catalina-9.0.14.jar:9.0.14]
>  at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>  ~[tomcat-catalina-9.0.14.jar:9.0.14]
>  at 
> org.apache.geronimo.microprofile.opentracing.common.microprofile.server.OpenTracingFilter.doFilter(OpenTracingFilter.java:157)
>  ~[geronimo-opentracing-common-1.0.1.jar:1.0.1]
>  at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>  ~[tomcat-catalina-9.0.14.jar:9.0.14]
>  at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>  ~[tomcat-catalina-9.0.14.jar:9.0.14]
>  at 
> org.apache.geronimo.microprofile.impl.jwtauth.servlet.GeronimoJwtAuthFilter.lambda$doFilter$3(GeronimoJwtAuthFilter.java:83)
>  ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
>  at 
> org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension.execute(GeronimoJwtAuthExtension.java:276)
>  ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
>  at 
> org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension$$OwbNormalScopeProxy0.execute(org/apache/geronimo/microprofile/impl/jwtauth/cdi/GeronimoJwtAuthExtension.java)
>  ~[?:1.0.1]
>  at 
> org.apache.geronimo.microprofile.impl.jwtauth.servlet.GeronimoJwtAuthFilter.doFilter(GeronimoJwtAuthFilter.java:83)
>  ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
>  at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
>  ~[tomcat-catalina-9.0.14.jar:9.0.14]
>  at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
>  ~[tomcat-catalina-9.0.14.jar:9.0.14]
>  at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
>  [tomcat-catalina-9.0.14.jar:9.0.14]
>  at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
>  [tomcat-catalina-9.0.14.jar:9.0.14]
>  at 
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
>  [tomcat-catalina-9.0.14.jar:9.0.14]
>  at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) 
> [tomcat-catalina-9.0.14.jar:9.0.14]
>  at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) 
> [tomcat-catalina-9.0.14.jar:9.0.14]
>  at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
>  [tomcat-catalina-9.0.14.jar:9.0.14]
>  at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) 
> [tomcat-catalina-9.0.14.jar:9.0.14]
>  at 
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) 
> [tomcat-coyote-9.0.14.jar:9.0.14]
>  at 
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
>  [tomcat-coyote-9.0.14.jar:9.0.14]
>  at 
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
>  [tomcat-coyote-9.0.14.jar:9.0.14]
>  at 
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
>  [tomcat-coyote-9.0.14.jar:9.0.14]
>  at 
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>  [tomcat-coyote-9.0.14.jar:9.0.14]
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  [?:1.8.0_181]
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  [?:1.8.0_181]
>  at 
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>  [tomcat-util-9.0.14.jar:9.0.14]
>  at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (MEECROWAVE-183) OAuth2TokenService generated jwt does not include issuer and causes NPE

Reply via email to