[
https://issues.apache.org/jira/browse/MEECROWAVE-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16773065#comment-16773065
]
Julio Vilmar Gesser commented on MEECROWAVE-183:
------------------------------------------------
Thank you [~romain.manni-bucau]. This fix will work.
The default values doesn't work because the NPE happens during the jwt
deserialization, in which was coming without the issuer.
I'm blocked again because this issue, please start release with this fix.
> OAuth2TokenService generated jwt does not include issuer and causes NPE
> -----------------------------------------------------------------------
>
> Key: MEECROWAVE-183
> URL: https://issues.apache.org/jira/browse/MEECROWAVE-183
> Project: Meecrowave
> Issue Type: Bug
> Affects Versions: 1.2.5, 1.2.6
> Reporter: Julio Vilmar Gesser
> Assignee: Romain Manni-Bucau
> Priority: Major
> Fix For: 1.2.6
>
>
> When using the OAuth2TokenService (oauth2/token) to generate a token in the
> JWT format it is generated without the issuer field.
> There is no configuration to define a issuer string to be used. The lack of
> the issuer in the token causes a NPE when using the token to authenticate
> (see stack trace at the end).
> I tried to find a way to provide the issuer, but I couldn't.
> if OAuth2Configurer allowed me to define a custom AbstractOAuthDataProvider I
> would override the method createNewAccessToken and set the issuer. But
> unfortunately the it is not possible yet. I thin this option interesting
> besides the bug I am reporting because would bring more flexibility.
> But any way, should be a way to define the issuer.
>
> The stacktrace of the problem:
> java.lang.NullPointerException: no mapping for iss
> at
> org.apache.johnzon.core.JsonObjectImpl.valueOrExcpetion(JsonObjectImpl.java:49)
> ~[johnzon-core-1.1.10.jar:1.1.10]
> at org.apache.johnzon.core.JsonObjectImpl.getString(JsonObjectImpl.java:82)
> ~[johnzon-core-1.1.10.jar:1.1.10]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.jwt.JwtParser.lambda$parse$0(JwtParser.java:93)
> ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
> at java.util.stream.MatchOps$1MatchSink.accept(MatchOps.java:90)
> ~[?:1.8.0_181]
> at java.util.HashMap$KeySpliterator.tryAdvance(HashMap.java:1574)
> ~[?:1.8.0_181]
> at
> java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:126)
> ~[?:1.8.0_181]
> at
> java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:498)
> ~[?:1.8.0_181]
> at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:485)
> ~[?:1.8.0_181]
> at
> java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
> ~[?:1.8.0_181]
> at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:230)
> ~[?:1.8.0_181]
> at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:196)
> ~[?:1.8.0_181]
> at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
> ~[?:1.8.0_181]
> at java.util.stream.ReferencePipeline.noneMatch(ReferencePipeline.java:459)
> ~[?:1.8.0_181]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.jwt.JwtParser.parse(JwtParser.java:93)
> ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.jwt.JwtParser$$OwbNormalScopeProxy0.parse(org/apache/geronimo/microprofile/impl/jwtauth/jwt/JwtParser.java)
> ~[?:1.0.1]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.servlet.JwtRequest.lambda$new$0(JwtRequest.java:62)
> ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.servlet.JwtRequest.getUserPrincipal(JwtRequest.java:93)
> ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
> at
> javax.servlet.http.HttpServletRequestWrapper.getUserPrincipal(HttpServletRequestWrapper.java:196)
> ~[meecrowave-specs-api-1.2.6.jar:1.2.6]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination$2.getUserPrincipal(AbstractHTTPDestination.java:392)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.getAuthorizationPolicyFromMessage(AbstractHTTPDestination.java:206)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.setupMessage(AbstractHTTPDestination.java:405)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:252)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:225)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
> ~[meecrowave-specs-api-1.2.6.jar:1.2.6]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
> ~[cxf-rt-transports-http-3.3.0.jar:3.3.0]
> at
> org.apache.meecrowave.cxf.CxfCdiAutoSetup$1.doFilter(CxfCdiAutoSetup.java:121)
> ~[meecrowave-core-1.2.6.jar:1.2.6]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> ~[tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.geronimo.microprofile.opentracing.common.microprofile.server.OpenTracingFilter.doFilter(OpenTracingFilter.java:157)
> ~[geronimo-opentracing-common-1.0.1.jar:1.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> ~[tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.servlet.GeronimoJwtAuthFilter.lambda$doFilter$3(GeronimoJwtAuthFilter.java:83)
> ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension.execute(GeronimoJwtAuthExtension.java:276)
> ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.cdi.GeronimoJwtAuthExtension$$OwbNormalScopeProxy0.execute(org/apache/geronimo/microprofile/impl/jwtauth/cdi/GeronimoJwtAuthExtension.java)
> ~[?:1.0.1]
> at
> org.apache.geronimo.microprofile.impl.jwtauth.servlet.GeronimoJwtAuthFilter.doFilter(GeronimoJwtAuthFilter.java:83)
> ~[geronimo-jwt-auth-1.0.1.jar:1.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> ~[tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> [tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> [tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
> [tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> [tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
> [tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
> [tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
> [tomcat-catalina-9.0.14.jar:9.0.14]
> at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
> [tomcat-coyote-9.0.14.jar:9.0.14]
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> [tomcat-coyote-9.0.14.jar:9.0.14]
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
> [tomcat-coyote-9.0.14.jar:9.0.14]
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
> [tomcat-coyote-9.0.14.jar:9.0.14]
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> [tomcat-coyote-9.0.14.jar:9.0.14]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> [?:1.8.0_181]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> [?:1.8.0_181]
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> [tomcat-util-9.0.14.jar:9.0.14]
> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
