[Dev] API Manager - periodic failure of OAuth2Service for AccessTokens via the publisher API
We are periodically seeing failures when trying to request Access Tokens via
the APIM publisher API. An instance of APIM will perform correctly returning
AccessTokens for a time. Occasionally, after restart it will fail when
requesting access tokens via the publisher API. After subsequent restarts the
same instance may or may not then return to operating correctly. The test
scenario in all cases is the same.
Note that if the user (that is being used to request an access token) logs into
the API store of the APIM instance, subsequent requests via the Publisher API
will then succeed. This appears to be reproducible.
On failure the typical stack trace below is seen:
[2016-09-19 09:52:31,163] INFO - TokenMgtDAO Thread pool size for session
persistent consumer : 100
[2016-09-19 09:52:31,262] INFO - OAuthServerConfiguration The default OAuth
token issuer will be used. No custom token generator is set.
[2016-09-19 09:52:31,263] INFO - OAuthServerConfiguration The default Identity
OAuth token issuer will be used. No custom token generator is set.
[2016-09-19 09:52:33,516] WARN - AccessConfiguration Error loading properties
from file: access-log.properties
[2016-09-19 09:52:33,594] INFO - TimeoutHandler This engine will expire all
callbacks after : 120 seconds, irrespective of the timeout action, after the
specified or optional timeout
[2016-09-19 09:52:33,798] ERROR - OAuth2Service Error occurred while issuing
the access token for Client ID : ***, User ID
, Scope : [apim:api_create] and Grant Type : password
java.lang.NullPointerException
at
org.wso2.carbon.apimgt.impl.utils.APIUtil.getRESTAPIScopesFromConfig(APIUtil.java:5130)
at
org.wso2.carbon.apimgt.keymgt.ScopesIssuer.setScopes(ScopesIssuer.java:100)
at
org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler.validateScope(ExtendedPasswordGrantHandler.java:168)
at
org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:226)
at
org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:219)
at
org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.getAccessToken(OAuth2TokenEndpoint.java:246)
at
org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:110)
<http://www.spidasolutions.com/>
Alan Tucker <mailto:a...@spidasolutions.com>
Spida Solutions <http://spidasolutions.com/>
London • Bath • UK
+44 (0)78 0308 4376
+44 (0)12 4981 5081
www.spidasolutions.com <http://spidasolutions.com/>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] APIM 2.0.0 Unable to push resources to the registry using the Java API
Hi,
Using the Java API to push resources to the registry of APIM 2.0.0 fails. The
same code used against APIM 1.10.0 succeeds.
Example code to reproduce is of the sort
> public class RegClient {
> public static void main (String args[]) throws RegistryException,
> MalformedURLException {
> System.out.println("Accessing Registry Resource");
>
> String tenantDomain = “mytenant.com <http://mytenant.com/>";
> String url = "https://localhost:9443/t/
> <http://gatewaymgt.api.cloud.wso2.com/t/>"+tenantDomain+"/registry";
> String userName = “ad...@mytenant.com
> <mailto:p...@spidasolutions.com>";
>
> String password = “admin";
>
> System.setProperty("carbon.repo.write.mode", "true");
>
>
> //Get the file which needs to be added to the registry
> File file = new File(“/home/bob/Desktop/myPayload.json");
> RemoteRegistry remote_registry = new RemoteRegistry(new URL(url),
> userName, password);
>
> //Import the file to config registry
> RegistryClientUtils.importToRegistry(file ,"/_system/config"
> ,remote_registry);
>
> //Export from registry
> //RegistryClientUtils.exportFromRegistry(file
> ,"/_system/governance/SomePayload.json" ,remote_registry);
>
> System.out.println("Done");
> }
>
> }
the call to RegistryClientUtils.importToRegistry(file ,"/_system/config"
,remote_registry); will fail.
Regards,
Alan
Typical exception is:
Caused by: org.wso2.carbon.registry.core.exceptions.RegistryException: Add
resource fail. Suggested Path:
/_system/governance/apimgt/applicationdata/customdata/somedata, Response
Status: 403, Response Type: CLIENT_ERROR
at
org.wso2.carbon.registry.app.RemoteRegistry.put(RemoteRegistry.java:543)
at
org.wso2.carbon.registry.core.utils.RegistryClientUtils.processImport(RegistryClientUtils.java:113)
at
org.wso2.carbon.registry.core.utils.RegistryClientUtils.processImport(RegistryClientUtils.java:102)
at
org.wso2.carbon.registry.core.utils.RegistryClientUtils.processImport(RegistryClientUtils.java:102)
at
org.wso2.carbon.registry.core.utils.RegistryClientUtils.processImport(RegistryClientUtils.java:102)
at
org.wso2.carbon.registry.core.utils.RegistryClientUtils.importToRegistry(RegistryClientUtils.java:65)
And in the APIM log we see typically
[2016-08-18 15:57:34,699] WARN - JavaLogger potential cross-site request
forgery (CSRF) attack thwarted (user:, ip:127.0.0.1, method:POST,
uri:/registry/atom/_system/governance/apimgt/applicationdata/customdata/somedata,
error:required token is missing from the request)
<http://www.spidasolutions.com/>
Alan Tucker <mailto:a...@spidasolutions.com>
Spida Solutions <http://spidasolutions.com/>
London • Bath • UK
+44 (0)78 0308 4376
+44 (0)12 4981 5081
www.spidasolutions.com <http://spidasolutions.com/>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
