[
https://issues.apache.org/jira/browse/MEECROWAVE-174?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Julio Vilmar Gesser updated MEECROWAVE-174:
-------------------------------------------
Description:
When the JWT format for access tokens is enabled
(_oauth2-use-jwt-format-for-access-token_) the *"rs.security.*"* properties are
not forwarded to the message context.
This results in an error when the *oauth2/token* is invoked (see stacktrace
below).
OAuth2Configurer class is responsible for forwarding these properties, but it
only do that when the accept method is called from RedirectionBasedGrantService.
In my case it is being called from AccessTokenService.
*Stacktrace:*
org.apache.cxf.rs.security.jose.common.JoseException: No keystore file has been
configured
at
org.apache.cxf.rs.security.jose.common.KeyManagementUtils.loadPersistKeyStore(KeyManagementUtils.java:285)
~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.jose.common.KeyManagementUtils.loadPrivateKey(KeyManagementUtils.java:273)
~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.jose.jws.JwsUtils.loadSignatureProvider(JwsUtils.java:334)
~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.jose.jws.JwsUtils.loadSignatureProvider(JwsUtils.java:278)
~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.jose.jws.JwsUtils.loadSignatureProvider(JwsUtils.java:227)
~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.jose.common.AbstractJoseProducer.getInitializedSignatureProvider(AbstractJoseProducer.java:39)
~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer.processJwt(JoseJwtProducer.java:53)
~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer.processJwt(JoseJwtProducer.java:31)
~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider.processJwtAccessToken(AbstractOAuthDataProvider.java:635)
~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider.doCreateAccessToken(AbstractOAuthDataProvider.java:102)
~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider.createAccessToken(AbstractOAuthDataProvider.java:69)
~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
at
org.apache.meecrowave.oauth2.data.RefreshTokenEnabledProvider.createAccessToken(RefreshTokenEnabledProvider.java:68)
~[meecrowave-oauth2-1.2.4.jar:1.2.4]
at
org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler.doCreateAccessToken(AbstractGrantHandler.java:135)
~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler.doCreateAccessToken(AbstractGrantHandler.java:105)
~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler.doCreateAccessToken(AbstractGrantHandler.java:87)
~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler.createAccessToken(ResourceOwnerGrantHandler.java:56)
~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.oauth2.services.AccessTokenService.handleTokenRequest(AccessTokenService.java:124)
[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
at
org.apache.meecrowave.oauth2.resource.OAuth2TokenService$LazyImpl$$OwbNormalScopeProxy0.handleTokenRequest(org/apache/meecrowave/oauth2/resource/OAuth2TokenService$LazyImpl.java)
[?:1.2.4]
at
org.apache.meecrowave.oauth2.resource.OAuth2TokenService.handleTokenRequest(OAuth2TokenService.java:54)
[meecrowave-oauth2-1.2.4.jar:1.2.4]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_181]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_181]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
at
org.apache.webbeans.intercept.AbstractInvocationContext.directProceed(AbstractInvocationContext.java:113)
[openwebbeans-impl-2.0.7.jar:2.0.7]
at
org.apache.webbeans.intercept.AbstractInvocationContext.proceed(AbstractInvocationContext.java:106)
[openwebbeans-impl-2.0.7.jar:2.0.7]
at
org.apache.webbeans.intercept.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:78)
[openwebbeans-impl-2.0.7.jar:2.0.7]
at
org.apache.meecrowave.cxf.JAXRSFieldInjectionInterceptor.lazyInjectContexts(JAXRSFieldInjectionInterceptor.java:64)
[meecrowave-core-1.2.4.jar:1.2.4]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_181]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_181]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
at
org.apache.webbeans.component.InterceptorBean.intercept(InterceptorBean.java:136)
[openwebbeans-impl-2.0.7.jar:2.0.7]
at
org.apache.webbeans.intercept.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:65)
[openwebbeans-impl-2.0.7.jar:2.0.7]
at
org.apache.webbeans.intercept.DefaultInterceptorHandler.invoke(DefaultInterceptorHandler.java:139)
[openwebbeans-impl-2.0.7.jar:2.0.7]
at
org.apache.meecrowave.oauth2.resource.OAuth2TokenService$$OwbInterceptProxy0.handleTokenRequest(org/apache/meecrowave/oauth2/resource/OAuth2TokenService.java)
[?:1.2.4]
at
org.apache.meecrowave.oauth2.resource.OAuth2TokenService$$OwbNormalScopeProxy0.handleTokenRequest(org/apache/meecrowave/oauth2/resource/OAuth2TokenService.java)
[?:1.2.4]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_181]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_181]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
at
org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179)
[cxf-core-3.2.7.jar:3.2.7]
at
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
[cxf-core-3.2.7.jar:3.2.7]
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:193)
[cxf-rt-frontend-jaxrs-3.2.7.jar:3.2.7]
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:103)
[cxf-rt-frontend-jaxrs-3.2.7.jar:3.2.7]
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
[cxf-core-3.2.7.jar:3.2.7]
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
[cxf-core-3.2.7.jar:3.2.7]
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
[cxf-core-3.2.7.jar:3.2.7]
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
[cxf-core-3.2.7.jar:3.2.7]
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
[cxf-rt-transports-http-3.2.7.jar:3.2.7]
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
[cxf-rt-transports-http-3.2.7.jar:3.2.7]
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
[cxf-rt-transports-http-3.2.7.jar:3.2.7]
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
[cxf-rt-transports-http-3.2.7.jar:3.2.7]
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
[cxf-rt-transports-http-3.2.7.jar:3.2.7]
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
[cxf-rt-transports-http-3.2.7.jar:3.2.7]
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220)
[cxf-rt-transports-http-3.2.7.jar:3.2.7]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
[meecrowave-specs-api-1.2.4.jar:1.2.4]
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
[cxf-rt-transports-http-3.2.7.jar:3.2.7]
at
org.apache.meecrowave.cxf.CxfCdiAutoSetup$1.doFilter(CxfCdiAutoSetup.java:121)
[meecrowave-core-1.2.4.jar:1.2.4]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
com.philips.bifrost.admin.EmbeddedServerCommand$FilterListener.doFilter(EmbeddedServerCommand.java:119)
[main/:?]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.geronimo.microprofile.opentracing.common.microprofile.server.OpenTracingFilter.doFilter(OpenTracingFilter.java:157)
[geronimo-opentracing-common-1.0.1.jar:1.0.1]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
[tomcat-catalina-9.0.12.jar:9.0.12]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
[tomcat-catalina-9.0.12.jar:9.0.12]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
[tomcat-coyote-9.0.12.jar:9.0.12]
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
[tomcat-coyote-9.0.12.jar:9.0.12]
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770)
[tomcat-coyote-9.0.12.jar:9.0.12]
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
[tomcat-coyote-9.0.12.jar:9.0.12]
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
[tomcat-coyote-9.0.12.jar:9.0.12]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[?:1.8.0_181]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[?:1.8.0_181]
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
[tomcat-util-9.0.12.jar:9.0.12]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
was:
When the JWT format for access tokens is enabled
(_oauth2-use-jwt-format-for-access-token_) the *"rs.security.*"* properties are
not forwarded to the message context.
This results in an error when the *oalth2/token* is invoked (see stacktrace
below).
OAuth2Configurer class is responsible for forwarding these properties, but it
only do that when the accept method is called from RedirectionBasedGrantService.
In my case it is being called from AccessTokenService.
*Stacktrace:*
org.apache.cxf.rs.security.jose.common.JoseException: No keystore file has been
configured
at
org.apache.cxf.rs.security.jose.common.KeyManagementUtils.loadPersistKeyStore(KeyManagementUtils.java:285)
~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.jose.common.KeyManagementUtils.loadPrivateKey(KeyManagementUtils.java:273)
~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.jose.jws.JwsUtils.loadSignatureProvider(JwsUtils.java:334)
~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.jose.jws.JwsUtils.loadSignatureProvider(JwsUtils.java:278)
~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.jose.jws.JwsUtils.loadSignatureProvider(JwsUtils.java:227)
~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.jose.common.AbstractJoseProducer.getInitializedSignatureProvider(AbstractJoseProducer.java:39)
~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer.processJwt(JoseJwtProducer.java:53)
~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer.processJwt(JoseJwtProducer.java:31)
~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider.processJwtAccessToken(AbstractOAuthDataProvider.java:635)
~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider.doCreateAccessToken(AbstractOAuthDataProvider.java:102)
~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider.createAccessToken(AbstractOAuthDataProvider.java:69)
~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
at
org.apache.meecrowave.oauth2.data.RefreshTokenEnabledProvider.createAccessToken(RefreshTokenEnabledProvider.java:68)
~[meecrowave-oauth2-1.2.4.jar:1.2.4]
at
org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler.doCreateAccessToken(AbstractGrantHandler.java:135)
~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler.doCreateAccessToken(AbstractGrantHandler.java:105)
~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler.doCreateAccessToken(AbstractGrantHandler.java:87)
~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler.createAccessToken(ResourceOwnerGrantHandler.java:56)
~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
at
org.apache.cxf.rs.security.oauth2.services.AccessTokenService.handleTokenRequest(AccessTokenService.java:124)
[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
at
org.apache.meecrowave.oauth2.resource.OAuth2TokenService$LazyImpl$$OwbNormalScopeProxy0.handleTokenRequest(org/apache/meecrowave/oauth2/resource/OAuth2TokenService$LazyImpl.java)
[?:1.2.4]
at
org.apache.meecrowave.oauth2.resource.OAuth2TokenService.handleTokenRequest(OAuth2TokenService.java:54)
[meecrowave-oauth2-1.2.4.jar:1.2.4]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_181]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_181]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
at
org.apache.webbeans.intercept.AbstractInvocationContext.directProceed(AbstractInvocationContext.java:113)
[openwebbeans-impl-2.0.7.jar:2.0.7]
at
org.apache.webbeans.intercept.AbstractInvocationContext.proceed(AbstractInvocationContext.java:106)
[openwebbeans-impl-2.0.7.jar:2.0.7]
at
org.apache.webbeans.intercept.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:78)
[openwebbeans-impl-2.0.7.jar:2.0.7]
at
org.apache.meecrowave.cxf.JAXRSFieldInjectionInterceptor.lazyInjectContexts(JAXRSFieldInjectionInterceptor.java:64)
[meecrowave-core-1.2.4.jar:1.2.4]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_181]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_181]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
at
org.apache.webbeans.component.InterceptorBean.intercept(InterceptorBean.java:136)
[openwebbeans-impl-2.0.7.jar:2.0.7]
at
org.apache.webbeans.intercept.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:65)
[openwebbeans-impl-2.0.7.jar:2.0.7]
at
org.apache.webbeans.intercept.DefaultInterceptorHandler.invoke(DefaultInterceptorHandler.java:139)
[openwebbeans-impl-2.0.7.jar:2.0.7]
at
org.apache.meecrowave.oauth2.resource.OAuth2TokenService$$OwbInterceptProxy0.handleTokenRequest(org/apache/meecrowave/oauth2/resource/OAuth2TokenService.java)
[?:1.2.4]
at
org.apache.meecrowave.oauth2.resource.OAuth2TokenService$$OwbNormalScopeProxy0.handleTokenRequest(org/apache/meecrowave/oauth2/resource/OAuth2TokenService.java)
[?:1.2.4]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_181]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_181]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
at
org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179)
[cxf-core-3.2.7.jar:3.2.7]
at
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
[cxf-core-3.2.7.jar:3.2.7]
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:193)
[cxf-rt-frontend-jaxrs-3.2.7.jar:3.2.7]
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:103)
[cxf-rt-frontend-jaxrs-3.2.7.jar:3.2.7]
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
[cxf-core-3.2.7.jar:3.2.7]
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
[cxf-core-3.2.7.jar:3.2.7]
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
[cxf-core-3.2.7.jar:3.2.7]
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
[cxf-core-3.2.7.jar:3.2.7]
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
[cxf-rt-transports-http-3.2.7.jar:3.2.7]
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
[cxf-rt-transports-http-3.2.7.jar:3.2.7]
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
[cxf-rt-transports-http-3.2.7.jar:3.2.7]
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
[cxf-rt-transports-http-3.2.7.jar:3.2.7]
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
[cxf-rt-transports-http-3.2.7.jar:3.2.7]
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
[cxf-rt-transports-http-3.2.7.jar:3.2.7]
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220)
[cxf-rt-transports-http-3.2.7.jar:3.2.7]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
[meecrowave-specs-api-1.2.4.jar:1.2.4]
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
[cxf-rt-transports-http-3.2.7.jar:3.2.7]
at
org.apache.meecrowave.cxf.CxfCdiAutoSetup$1.doFilter(CxfCdiAutoSetup.java:121)
[meecrowave-core-1.2.4.jar:1.2.4]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
com.philips.bifrost.admin.EmbeddedServerCommand$FilterListener.doFilter(EmbeddedServerCommand.java:119)
[main/:?]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.geronimo.microprofile.opentracing.common.microprofile.server.OpenTracingFilter.doFilter(OpenTracingFilter.java:157)
[geronimo-opentracing-common-1.0.1.jar:1.0.1]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
[tomcat-catalina-9.0.12.jar:9.0.12]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
[tomcat-catalina-9.0.12.jar:9.0.12]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
[tomcat-catalina-9.0.12.jar:9.0.12]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
[tomcat-coyote-9.0.12.jar:9.0.12]
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
[tomcat-coyote-9.0.12.jar:9.0.12]
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770)
[tomcat-coyote-9.0.12.jar:9.0.12]
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
[tomcat-coyote-9.0.12.jar:9.0.12]
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
[tomcat-coyote-9.0.12.jar:9.0.12]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[?:1.8.0_181]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[?:1.8.0_181]
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
[tomcat-util-9.0.12.jar:9.0.12]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
> OAuth2TokenService does not work with JWT access token format
> -------------------------------------------------------------
>
> Key: MEECROWAVE-174
> URL: https://issues.apache.org/jira/browse/MEECROWAVE-174
> Project: Meecrowave
> Issue Type: Bug
> Affects Versions: 1.2.4
> Reporter: Julio Vilmar Gesser
> Assignee: Romain Manni-Bucau
> Priority: Major
> Fix For: 1.2.6
>
>
> When the JWT format for access tokens is enabled
> (_oauth2-use-jwt-format-for-access-token_) the *"rs.security.*"* properties
> are not forwarded to the message context.
> This results in an error when the *oauth2/token* is invoked (see stacktrace
> below).
> OAuth2Configurer class is responsible for forwarding these properties, but it
> only do that when the accept method is called from
> RedirectionBasedGrantService.
> In my case it is being called from AccessTokenService.
>
> *Stacktrace:*
> org.apache.cxf.rs.security.jose.common.JoseException: No keystore file has
> been configured
> at
> org.apache.cxf.rs.security.jose.common.KeyManagementUtils.loadPersistKeyStore(KeyManagementUtils.java:285)
> ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
> at
> org.apache.cxf.rs.security.jose.common.KeyManagementUtils.loadPrivateKey(KeyManagementUtils.java:273)
> ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
> at
> org.apache.cxf.rs.security.jose.jws.JwsUtils.loadSignatureProvider(JwsUtils.java:334)
> ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
> at
> org.apache.cxf.rs.security.jose.jws.JwsUtils.loadSignatureProvider(JwsUtils.java:278)
> ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
> at
> org.apache.cxf.rs.security.jose.jws.JwsUtils.loadSignatureProvider(JwsUtils.java:227)
> ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
> at
> org.apache.cxf.rs.security.jose.common.AbstractJoseProducer.getInitializedSignatureProvider(AbstractJoseProducer.java:39)
> ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
> at
> org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer.processJwt(JoseJwtProducer.java:53)
> ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
> at
> org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer.processJwt(JoseJwtProducer.java:31)
> ~[cxf-rt-rs-security-jose-3.2.6.jar:3.2.6]
> at
> org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider.processJwtAccessToken(AbstractOAuthDataProvider.java:635)
> ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
> at
> org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider.doCreateAccessToken(AbstractOAuthDataProvider.java:102)
> ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
> at
> org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider.createAccessToken(AbstractOAuthDataProvider.java:69)
> ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
> at
> org.apache.meecrowave.oauth2.data.RefreshTokenEnabledProvider.createAccessToken(RefreshTokenEnabledProvider.java:68)
> ~[meecrowave-oauth2-1.2.4.jar:1.2.4]
> at
> org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler.doCreateAccessToken(AbstractGrantHandler.java:135)
> ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
> at
> org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler.doCreateAccessToken(AbstractGrantHandler.java:105)
> ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
> at
> org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler.doCreateAccessToken(AbstractGrantHandler.java:87)
> ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
> at
> org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler.createAccessToken(ResourceOwnerGrantHandler.java:56)
> ~[cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
> at
> org.apache.cxf.rs.security.oauth2.services.AccessTokenService.handleTokenRequest(AccessTokenService.java:124)
> [cxf-rt-rs-security-oauth2-3.2.6.jar:3.2.6]
> at
> org.apache.meecrowave.oauth2.resource.OAuth2TokenService$LazyImpl$$OwbNormalScopeProxy0.handleTokenRequest(org/apache/meecrowave/oauth2/resource/OAuth2TokenService$LazyImpl.java)
> [?:1.2.4]
> at
> org.apache.meecrowave.oauth2.resource.OAuth2TokenService.handleTokenRequest(OAuth2TokenService.java:54)
> [meecrowave-oauth2-1.2.4.jar:1.2.4]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_181]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_181]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
> at
> org.apache.webbeans.intercept.AbstractInvocationContext.directProceed(AbstractInvocationContext.java:113)
> [openwebbeans-impl-2.0.7.jar:2.0.7]
> at
> org.apache.webbeans.intercept.AbstractInvocationContext.proceed(AbstractInvocationContext.java:106)
> [openwebbeans-impl-2.0.7.jar:2.0.7]
> at
> org.apache.webbeans.intercept.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:78)
> [openwebbeans-impl-2.0.7.jar:2.0.7]
> at
> org.apache.meecrowave.cxf.JAXRSFieldInjectionInterceptor.lazyInjectContexts(JAXRSFieldInjectionInterceptor.java:64)
> [meecrowave-core-1.2.4.jar:1.2.4]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_181]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_181]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
> at
> org.apache.webbeans.component.InterceptorBean.intercept(InterceptorBean.java:136)
> [openwebbeans-impl-2.0.7.jar:2.0.7]
> at
> org.apache.webbeans.intercept.InterceptorInvocationContext.proceed(InterceptorInvocationContext.java:65)
> [openwebbeans-impl-2.0.7.jar:2.0.7]
> at
> org.apache.webbeans.intercept.DefaultInterceptorHandler.invoke(DefaultInterceptorHandler.java:139)
> [openwebbeans-impl-2.0.7.jar:2.0.7]
> at
> org.apache.meecrowave.oauth2.resource.OAuth2TokenService$$OwbInterceptProxy0.handleTokenRequest(org/apache/meecrowave/oauth2/resource/OAuth2TokenService.java)
> [?:1.2.4]
> at
> org.apache.meecrowave.oauth2.resource.OAuth2TokenService$$OwbNormalScopeProxy0.handleTokenRequest(org/apache/meecrowave/oauth2/resource/OAuth2TokenService.java)
> [?:1.2.4]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_181]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_181]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181]
> at
> org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179)
> [cxf-core-3.2.7.jar:3.2.7]
> at
> org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
> [cxf-core-3.2.7.jar:3.2.7]
> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:193)
> [cxf-rt-frontend-jaxrs-3.2.7.jar:3.2.7]
> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:103)
> [cxf-rt-frontend-jaxrs-3.2.7.jar:3.2.7]
> at
> org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
> [cxf-core-3.2.7.jar:3.2.7]
> at
> org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
> [cxf-core-3.2.7.jar:3.2.7]
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> [cxf-core-3.2.7.jar:3.2.7]
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> [cxf-core-3.2.7.jar:3.2.7]
> at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
> [cxf-rt-transports-http-3.2.7.jar:3.2.7]
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
> [cxf-rt-transports-http-3.2.7.jar:3.2.7]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
> [cxf-rt-transports-http-3.2.7.jar:3.2.7]
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
> [cxf-rt-transports-http-3.2.7.jar:3.2.7]
> at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
> [cxf-rt-transports-http-3.2.7.jar:3.2.7]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
> [cxf-rt-transports-http-3.2.7.jar:3.2.7]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220)
> [cxf-rt-transports-http-3.2.7.jar:3.2.7]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
> [meecrowave-specs-api-1.2.4.jar:1.2.4]
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
> [cxf-rt-transports-http-3.2.7.jar:3.2.7]
> at
> org.apache.meecrowave.cxf.CxfCdiAutoSetup$1.doFilter(CxfCdiAutoSetup.java:121)
> [meecrowave-core-1.2.4.jar:1.2.4]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.12.jar:9.0.12]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.12.jar:9.0.12]
> at
> com.philips.bifrost.admin.EmbeddedServerCommand$FilterListener.doFilter(EmbeddedServerCommand.java:119)
> [main/:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.12.jar:9.0.12]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.12.jar:9.0.12]
> at
> org.apache.geronimo.microprofile.opentracing.common.microprofile.server.OpenTracingFilter.doFilter(OpenTracingFilter.java:157)
> [geronimo-opentracing-common-1.0.1.jar:1.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.12.jar:9.0.12]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.12.jar:9.0.12]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> [tomcat-catalina-9.0.12.jar:9.0.12]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> [tomcat-catalina-9.0.12.jar:9.0.12]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
> [tomcat-catalina-9.0.12.jar:9.0.12]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> [tomcat-catalina-9.0.12.jar:9.0.12]
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
> [tomcat-catalina-9.0.12.jar:9.0.12]
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
> [tomcat-catalina-9.0.12.jar:9.0.12]
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
> [tomcat-catalina-9.0.12.jar:9.0.12]
> at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
> [tomcat-coyote-9.0.12.jar:9.0.12]
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> [tomcat-coyote-9.0.12.jar:9.0.12]
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770)
> [tomcat-coyote-9.0.12.jar:9.0.12]
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
> [tomcat-coyote-9.0.12.jar:9.0.12]
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> [tomcat-coyote-9.0.12.jar:9.0.12]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> [?:1.8.0_181]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> [?:1.8.0_181]
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> [tomcat-util-9.0.12.jar:9.0.12]
> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
