Hi IS Team,
I have a custom OAuth authenticator installed.It works as intended when a
invalid token is passed as the access token.
But when the request contains a valid access token a null point exception
occurs from " *validateScope*" method in "*DefaultOAuth2TokenValidator*".
Any reason for this behavior ?
Error, log, incoming request and code snippet is given below.
*Code Snippet from the Authenticator Class:*
OAuth2TokenValidationRequestDTO oauthValidationRequest = new
> OAuth2TokenValidationRequestDTO();
// create access token object to validate and populate it
OAuth2TokenValidationRequestDTO.OAuth2AccessToken oAuth2AccessToken =
> oauthValidationRequest
.new OAuth2AccessToken();
oAuth2AccessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
oAuth2AccessToken.setIdentifier(accessToken);
//set the token to the validation request
oauthValidationRequest.setAccessToken(oAuth2AccessToken);
OAuth2TokenValidationService oauthValidationService = new
> OAuth2TokenValidationService();
OAuth2ClientApplicationDTO oauthValidationResponse = oauthValidationService
.findOAuthConsumerIfTokenIsValid(oauthValidationRequest);
return oauthValidationResponse.getAccessTokenValidationResponse().isValid();
*Incoming Request Maker Code Snippit :*
>
>
>
>
>
>
> *var headers = [{ name : "Authorization", value : "Bearer
> bf90ee34984d69e661e7770631a95f0"}];var userStoreRespond = new
> ws.WSRequest();var options = new Array();options.HTTPHeaders =
> headers;options.useSOAP = 1.2;options.useWSA = 1.0;options.action =
> "urn:getSecondaryRealmConfigurations";*
>
> *var payload = '<xsd:getSecondaryRealmConfigurations
> xmlns:xsd="http://org.apache.axis2/xsd <http://org.apache.axis2/xsd>" />';*
> var result;
> try {
>
> *userStoreRespond.open(options,
> "https://10.100.7.102:9443/services/UserStoreConfigAdminService.UserStoreConfigAdminServiceHttpsSoap12Endpoint/
> <https://10.100.7.102:9443/services/UserStoreConfigAdminService.UserStoreConfigAdminServiceHttpsSoap12Endpoint/>",
> false); userStoreRespond.send(payload);*
> result = userStoreRespond.responseE4X;
> } catch (e) {
> log.error(e.toString());
> }
*Error Log:*
>
> [2015-09-28 11:12:39,831] ERROR
> {org.wso2.carbon.server.admin.module.handler.AuthenticationHandler} -
> java.lang.NullPointerException
> at
> org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2TokenValidator.validateScope(DefaultOAuth2TokenValidator.java:52)
> at
> org.wso2.carbon.identity.oauth2.validators.TokenValidationHandler.findOAuthConsumerIfTokenIsValid(TokenValidationHandler.java:245)
> at
> org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService.findOAuthConsumerIfTokenIsValid(OAuth2TokenValidationService.java:65)
> at
> org.wso2.mdm.oauth.extension.OauthAuthenticator.isAuthenticated(OauthAuthenticator.java:74)
> at
> org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.isAuthenticated(AuthenticationHandler.java:187)
> at
> org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.authenticate(AuthenticationHandler.java:96)
> at
> org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.invoke(AuthenticationHandler.java:66)
> at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167)
> at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146)
> at
> org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> at
> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
> at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
> at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> at
> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
> at
> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
> at
> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
> at
> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
> at
> org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler.invoke(WebappAuthenticationHandler.java:43)
> at
> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
> at
> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
> at
> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
> at
> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739)
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
>
Thanks and Regards.
Kamidu Sachith Punchihewa
*Software Engineer*
WSO2, Inc.
lean . enterprise . middleware
Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194>
Disclaimer: This communication may contain privileged or other confidential
information and is intended exclusively for the addressee/s. If you are not
the intended recipient/s, or believe that you may have received this
communication in error, please reply to the sender indicating that fact and
delete the copy you received and in addition, you should not print, copy,
retransmit, disseminate, or otherwise use the information contained in this
communication. Internet communications cannot be guaranteed to be timely,
secure, error or virus-free. The sender does not accept liability for any
errors or omissions.
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
