[jira] [Commented] (OFBIZ-10817) Configure stackTrace displaying on ftl rendering
[ https://issues.apache.org/jira/browse/OFBIZ-10817?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16749600#comment-16749600 ] Jacques Le Roux commented on OFBIZ-10817: - I can't really see what it renders (actually no time to check) but I trust you, thanks Nicolas > Configure stackTrace displaying on ftl rendering > > > Key: OFBIZ-10817 > URL: https://issues.apache.org/jira/browse/OFBIZ-10817 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Nicolas Malin >Assignee: Nicolas Malin >Priority: Minor > Attachments: Failure.png, FailureSafe.png, OFBIZ-10817.patch, > OFBIZ-10817.patch > > > Currently when freemarker failed to execute a template, you have on end > screen rendered all java stack trace generate. > I propose to improve this to display the stack trace only when the property > widget.verbose is true, no regression during development and when you switch > to production site, in general your widget.verbose is false so end user > haven't stack trace (that totally unused for them). > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10814) Error parsing JWT
[
https://issues.apache.org/jira/browse/OFBIZ-10814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16749599#comment-16749599
]
Jacques Le Roux commented on OFBIZ-10814:
-
You are right, this is now useless. I forgot to remove it when I put in the
SecuredUserLoginId cookies. Fixed with OFBIZ-10307
> Error parsing JWT
> -
>
> Key: OFBIZ-10814
> URL: https://issues.apache.org/jira/browse/OFBIZ-10814
> Project: OFBiz
> Issue Type: Bug
> Components: framework
>Affects Versions: Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Attachments: Apache OFBiz JWT Test.postman_collection.json,
> OFBIZ-10814_JWT_parsing_error.patch
>
>
> I have problems using the Authorization: Bearer header value for requests
> towards OFBiz. OFBiz has problems parsing externally generated JSON Web
> Tokens.
> I have generated them using both [1] and [2] using HS512 and the default
> secret.
> The JWT check fails because of a parsing error:
> {noformat}
> 2019-01-17 16:48:36,233 |jsse-nio-8443-exec-7 |JavaEventHandler
> |E| Problems Processing Event
> io.jsonwebtoken.MalformedJwtException: Unable to read JSON value:
> �z��'G�#�$�uB"�&�r#�$�3S"
> at
> io.jsonwebtoken.impl.DefaultJwtParser.readValue(DefaultJwtParser.java:554)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:252)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> org.apache.ofbiz.webapp.control.JWTManager.validateToken(JWTManager.java:124)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.jwtValidation(ExternalLoginKeysManager.java:292)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.checkJWTLogin(ExternalLoginKeysManager.java:196)
> ~[ofbiz.jar:?]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[?:1.8.0_152]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_152]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_152]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
> at
> org.apache.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:86)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:774)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:407)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:208)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:191)
> [ofbiz.jar:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:156)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:127)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
>
[jira] [Commented] (OFBIZ-10307) Navigate from a domain to another with automated signed in authentication
[ https://issues.apache.org/jira/browse/OFBIZ-10307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16749597#comment-16749597 ] Jacques Le Roux commented on OFBIZ-10307: - At OFBIZ-10814 Michael spotted that: bq. The OfbizUtil.js functions sendJwt and loadJwt have a parameter webAppName which seems to be unused. Am I correct and can webAppName be removed? He was are right, this is now useless. I forgot to remove it when I put in the SecuredUserLoginId cookies. Fixed in trunk r1851885 R18 r1851886+r1851887(plugins) > Navigate from a domain to another with automated signed in authentication > - > > Key: OFBIZ-10307 > URL: https://issues.apache.org/jira/browse/OFBIZ-10307 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Major > Fix For: Upcoming Branch > > Attachments: OFBIZ-10307-test from example.patch, OFBIZ-10307-test > from example.patch, OFBIZ-10307-test from example.patch, > OFBIZ-10307-test.patch, OFBIZ-10307-test.patch, OFBIZ-10307-test.patch, > OFBIZ-10307-test.patch, OFBIZ-10307.patch, OFBIZ-10307.patch, > OFBIZ-10307.patch, OFBIZ-10307.patch, OFBIZ-10307.patch, OFBIZ-10307.patch, > OFBIZ-10307.patch, OFBIZ-10307.patch, OFBIZ-10307.patch, OFBIZ-10307.patch, > OFBIZ-10307.patch, OFBIZ-10307.patch > > > This will use a JWT Token authentication to get from one domain, where you > are signed in, to another domain where you get signed in automatically. > Something like ExternalLoginKey or Tomcat SSO, but not on the same domain. > This will build upon the initial work done at OFBIZ-9833 which has been > partially reverted in trunk with r1827439 (see OFBIZ-10304) and r1827441. I > explained why and what I did at [https://s.apache.org/a5Km] > I turned to Ajax for the "Authorization" header sending. I initially thought > I'd just pass an "Authorization" header and use it in the > externalServerLoginCheck preprocessor, et voilà. > But I stumbled upon something I did not know well : CORS! And in particular > the upstream control (Pre-verified requests): > > [https://en.wikipedia.org/wiki/Cross-origin_resource_sharing#Preflight_example] > [https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS] > [https://www.w3.org/TR/cors/] > To be able to pass an "Authorization" header, the server must respond > positively in the Preflight HTTP response (OPTIONS). To do this, either you > use a Tomcat filter (or your own filter, there are examples on the Net) or > use HTTPD (or Nginx) configuration on the target server. > I tried Tomcat first, without success. With HTTPD it's easier just 3 lines. > For my tests, future tests by OFBiz users and as an example, I asked infra to > put them in our HTTPD trunk demo config: > Header set Access-Control-Allow-Origin "https://localhost:8443; > Header set Access-Control-Allow-Headers "Authorization" > Header set Access-Control-Allow-Credentials "true" > No code change (either in all web.xml files for Tomcat or Java for own > filter), and more safety. It does not give more right to outsiders than what > we give with the admin credential. > In Header set Access-Control-Allow-Origin you can put more domains. I just > used [https://localhost:8443|https://localhost:8443/] for the tests. > It works in Chrome, Firefox and Opera and partially in IE11 (not tested in > Edge). I did not test Safari, but I guess like other modern browsers it > should work. > For those (very few I guess) interested by IE11 (for Edge test yourself and > report please), here is the solution > > [https://stackoverflow.com/questions/12643960/internet-explorer-10-is-ignoring-xmlhttprequest-xhr-withcredentials-true] > > [https://web.archive.org/web/20130308142134/http://msdn.microsoft.com/en-us/library/ms537343%28v=vs.85%29.aspx] > > [https://blogs.msdn.microsoft.com/ieinternals/2013/09/17/a-quick-look-at-p3p/] > TODO (maybe) in the future, use the new Fetch API (not available yet): > [https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API] > > Here is a complement about the way it's architectured: > # A change to cookies was introduced with OFBIZ-4959. Actually it was not > really a bug rather a clean-up. The autoLogin cookies were only used by the > ecommerce component and maybe webpos. But all applications were creating such > cookies with a one year duration. They were useless until I needed them for > the feature of this Jira issue. But even if they were safe (httponly) then I > needed them to be clean, not a one year duration (to be as safe as possible, > temporary cookies are better). So after doing it crudely, [inspired by > Taher's suggestion|https://s.apache.org/qLGC] I
[jira] [Closed] (OFBIZ-10818) Fix the EntitySync Push and Pull functionality
[ https://issues.apache.org/jira/browse/OFBIZ-10818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arun Patidar closed OFBIZ-10818. > Fix the EntitySync Push and Pull functionality > -- > > Key: OFBIZ-10818 > URL: https://issues.apache.org/jira/browse/OFBIZ-10818 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Trunk, 16.11.05 >Reporter: Arun Patidar >Assignee: Arun Patidar >Priority: Major > Fix For: 17.12.01, 16.11.06, 18.12.01 > > > Pull and Push functionality of EntitySync is breaking on various places. Need > to test and fix the work flow. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (OFBIZ-10818) Fix the EntitySync Push and Pull functionality
[ https://issues.apache.org/jira/browse/OFBIZ-10818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arun Patidar resolved OFBIZ-10818. -- Resolution: Fixed Fix Version/s: 18.12.01 Changes has been committed in trunk at r1851805 in release 18.12 at r1851881 in release 17.12 at r1851812 in release 16.11 at r1851882 > Fix the EntitySync Push and Pull functionality > -- > > Key: OFBIZ-10818 > URL: https://issues.apache.org/jira/browse/OFBIZ-10818 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Trunk, 16.11.05 >Reporter: Arun Patidar >Assignee: Arun Patidar >Priority: Major > Fix For: 17.12.01, 16.11.06, 18.12.01 > > > Pull and Push functionality of EntitySync is breaking on various places. Need > to test and fix the work flow. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10817) Configure stackTrace displaying on ftl rendering
[ https://issues.apache.org/jira/browse/OFBIZ-10817?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16749069#comment-16749069 ] Nicolas Malin commented on OFBIZ-10817: --- [~deepak.dixit], [~jacques.le.roux] thanks for your comments :) , I created this issue quickly to didn't lost the code and idea from Grégoire Fruleux on old ofbiz version. I updated the patch correctly with trunk and your remarks. to display something on error I choose the unicode "∎" [^OFBIZ-10817.patch] > Configure stackTrace displaying on ftl rendering > > > Key: OFBIZ-10817 > URL: https://issues.apache.org/jira/browse/OFBIZ-10817 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Nicolas Malin >Assignee: Nicolas Malin >Priority: Minor > Attachments: Failure.png, FailureSafe.png, OFBIZ-10817.patch, > OFBIZ-10817.patch > > > Currently when freemarker failed to execute a template, you have on end > screen rendered all java stack trace generate. > I propose to improve this to display the stack trace only when the property > widget.verbose is true, no regression during development and when you switch > to production site, in general your widget.verbose is false so end user > haven't stack trace (that totally unused for them). > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OFBIZ-10817) Configure stackTrace displaying on ftl rendering
[ https://issues.apache.org/jira/browse/OFBIZ-10817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nicolas Malin updated OFBIZ-10817: -- Attachment: OFBIZ-10817.patch > Configure stackTrace displaying on ftl rendering > > > Key: OFBIZ-10817 > URL: https://issues.apache.org/jira/browse/OFBIZ-10817 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Nicolas Malin >Assignee: Nicolas Malin >Priority: Minor > Attachments: Failure.png, FailureSafe.png, OFBIZ-10817.patch, > OFBIZ-10817.patch > > > Currently when freemarker failed to execute a template, you have on end > screen rendered all java stack trace generate. > I propose to improve this to display the stack trace only when the property > widget.verbose is true, no regression during development and when you switch > to production site, in general your widget.verbose is false so end user > haven't stack trace (that totally unused for them). > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10814) Error parsing JWT
[
https://issues.apache.org/jira/browse/OFBIZ-10814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16749058#comment-16749058
]
Michael Brohl commented on OFBIZ-10814:
---
Actually the webappName is passed to sendJWT and then carried to loadJWT. See
bottom of FormWidgetExampleForms.xml.
Yes, I've seen that. It is taken as a parameter but I cannot see where it is
actually used inside the code?!
{code:java}
function loadJWT(webAppName) {
var JwtToken = "";
jQuery.ajax({
url: "loadJWT",
type: "POST",
async: false,
dataType: "text",
success: function(response) {
JwtToken = response;
},
error: function(textStatus, errorThrown){
alert('Failure, errorThrown: ' + errorThrown);
}
});
return JwtToken;
}{code}
Do I miss something?
> Error parsing JWT
> -
>
> Key: OFBIZ-10814
> URL: https://issues.apache.org/jira/browse/OFBIZ-10814
> Project: OFBiz
> Issue Type: Bug
> Components: framework
>Affects Versions: Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Attachments: Apache OFBiz JWT Test.postman_collection.json,
> OFBIZ-10814_JWT_parsing_error.patch
>
>
> I have problems using the Authorization: Bearer header value for requests
> towards OFBiz. OFBiz has problems parsing externally generated JSON Web
> Tokens.
> I have generated them using both [1] and [2] using HS512 and the default
> secret.
> The JWT check fails because of a parsing error:
> {noformat}
> 2019-01-17 16:48:36,233 |jsse-nio-8443-exec-7 |JavaEventHandler
> |E| Problems Processing Event
> io.jsonwebtoken.MalformedJwtException: Unable to read JSON value:
> �z��'G�#�$�uB"�&�r#�$�3S"
> at
> io.jsonwebtoken.impl.DefaultJwtParser.readValue(DefaultJwtParser.java:554)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:252)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> org.apache.ofbiz.webapp.control.JWTManager.validateToken(JWTManager.java:124)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.jwtValidation(ExternalLoginKeysManager.java:292)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.checkJWTLogin(ExternalLoginKeysManager.java:196)
> ~[ofbiz.jar:?]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[?:1.8.0_152]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_152]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_152]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
> at
> org.apache.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:86)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:774)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:407)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:208)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:191)
> [ofbiz.jar:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:156)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:127)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
>
[jira] [Commented] (OFBIZ-10814) Error parsing JWT
[
https://issues.apache.org/jira/browse/OFBIZ-10814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16748881#comment-16748881
]
Jacques Le Roux commented on OFBIZ-10814:
-
Hi Michael,
Actually the webappName is passed to sendJWT and then carried to loadJWT. See
bottom of FormWidgetExampleForms.xml.
Also checkJWTLogin and the TokenFilter are 2 different things. checkJWTLogin is
only used in case of SSO between 2 OFBiz instances. TokenFilter has a wider
expected usage but is indeed not used yet. IMO it should be kept as it can be
implemented by custom projects. But it's the community to decide, after having
carefully reviewed the feature...
> Error parsing JWT
> -
>
> Key: OFBIZ-10814
> URL: https://issues.apache.org/jira/browse/OFBIZ-10814
> Project: OFBiz
> Issue Type: Bug
> Components: framework
>Affects Versions: Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Attachments: Apache OFBiz JWT Test.postman_collection.json,
> OFBIZ-10814_JWT_parsing_error.patch
>
>
> I have problems using the Authorization: Bearer header value for requests
> towards OFBiz. OFBiz has problems parsing externally generated JSON Web
> Tokens.
> I have generated them using both [1] and [2] using HS512 and the default
> secret.
> The JWT check fails because of a parsing error:
> {noformat}
> 2019-01-17 16:48:36,233 |jsse-nio-8443-exec-7 |JavaEventHandler
> |E| Problems Processing Event
> io.jsonwebtoken.MalformedJwtException: Unable to read JSON value:
> �z��'G�#�$�uB"�&�r#�$�3S"
> at
> io.jsonwebtoken.impl.DefaultJwtParser.readValue(DefaultJwtParser.java:554)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:252)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> org.apache.ofbiz.webapp.control.JWTManager.validateToken(JWTManager.java:124)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.jwtValidation(ExternalLoginKeysManager.java:292)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.checkJWTLogin(ExternalLoginKeysManager.java:196)
> ~[ofbiz.jar:?]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[?:1.8.0_152]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_152]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_152]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
> at
> org.apache.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:86)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:774)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:407)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:208)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:191)
> [ofbiz.jar:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:156)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:127)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
>
[jira] [Commented] (OFBIZ-10814) Error parsing JWT
[
https://issues.apache.org/jira/browse/OFBIZ-10814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16748815#comment-16748815
]
Michael Brohl commented on OFBIZ-10814:
---
Hi [~jacques.le.roux],
another question: the OfbizUtil.js functions sendJwt and loadJwt have a
parameter webAppName which seems to be unused.
Am I correct and can webAppName be removed?
> Error parsing JWT
> -
>
> Key: OFBIZ-10814
> URL: https://issues.apache.org/jira/browse/OFBIZ-10814
> Project: OFBiz
> Issue Type: Bug
> Components: framework
>Affects Versions: Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Attachments: Apache OFBiz JWT Test.postman_collection.json,
> OFBIZ-10814_JWT_parsing_error.patch
>
>
> I have problems using the Authorization: Bearer header value for requests
> towards OFBiz. OFBiz has problems parsing externally generated JSON Web
> Tokens.
> I have generated them using both [1] and [2] using HS512 and the default
> secret.
> The JWT check fails because of a parsing error:
> {noformat}
> 2019-01-17 16:48:36,233 |jsse-nio-8443-exec-7 |JavaEventHandler
> |E| Problems Processing Event
> io.jsonwebtoken.MalformedJwtException: Unable to read JSON value:
> �z��'G�#�$�uB"�&�r#�$�3S"
> at
> io.jsonwebtoken.impl.DefaultJwtParser.readValue(DefaultJwtParser.java:554)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:252)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> org.apache.ofbiz.webapp.control.JWTManager.validateToken(JWTManager.java:124)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.jwtValidation(ExternalLoginKeysManager.java:292)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.checkJWTLogin(ExternalLoginKeysManager.java:196)
> ~[ofbiz.jar:?]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[?:1.8.0_152]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_152]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_152]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
> at
> org.apache.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:86)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:774)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:407)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:208)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:191)
> [ofbiz.jar:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:156)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:127)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
>
[jira] [Commented] (OFBIZ-10814) Error parsing JWT
[
https://issues.apache.org/jira/browse/OFBIZ-10814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16748777#comment-16748777
]
Michael Brohl commented on OFBIZ-10814:
---
Hi [~deepak.dixit],
if I understand it correctly, the token based authentication is processed
through the preprocessor checkJWTLogin and the TokenFilter is not used
currently.
I see the filter as a good way to have a token based authentication for single
webapps instead of using the preprocessor for all through the
common-controller.xml.
On the other hand, if it is not used OOTB we should decide if it should stay in
the codebase or if it should be removed?
If we keep it, it must also be enhanced with the check if the userLogin is
enabled.
> Error parsing JWT
> -
>
> Key: OFBIZ-10814
> URL: https://issues.apache.org/jira/browse/OFBIZ-10814
> Project: OFBiz
> Issue Type: Bug
> Components: framework
>Affects Versions: Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Attachments: Apache OFBiz JWT Test.postman_collection.json,
> OFBIZ-10814_JWT_parsing_error.patch
>
>
> I have problems using the Authorization: Bearer header value for requests
> towards OFBiz. OFBiz has problems parsing externally generated JSON Web
> Tokens.
> I have generated them using both [1] and [2] using HS512 and the default
> secret.
> The JWT check fails because of a parsing error:
> {noformat}
> 2019-01-17 16:48:36,233 |jsse-nio-8443-exec-7 |JavaEventHandler
> |E| Problems Processing Event
> io.jsonwebtoken.MalformedJwtException: Unable to read JSON value:
> �z��'G�#�$�uB"�&�r#�$�3S"
> at
> io.jsonwebtoken.impl.DefaultJwtParser.readValue(DefaultJwtParser.java:554)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:252)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> org.apache.ofbiz.webapp.control.JWTManager.validateToken(JWTManager.java:124)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.jwtValidation(ExternalLoginKeysManager.java:292)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.checkJWTLogin(ExternalLoginKeysManager.java:196)
> ~[ofbiz.jar:?]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[?:1.8.0_152]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_152]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_152]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
> at
> org.apache.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:86)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:774)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:407)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:208)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:191)
> [ofbiz.jar:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:156)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:127)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
>
[jira] [Assigned] (OFBIZ-10816) URL not encoding in FTL
[ https://issues.apache.org/jira/browse/OFBIZ-10816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kumar Rahul reassigned OFBIZ-10816: --- Assignee: (was: Kumar Rahul) > URL not encoding in FTL > > > Key: OFBIZ-10816 > URL: https://issues.apache.org/jira/browse/OFBIZ-10816 > Project: OFBiz > Issue Type: Bug > Components: ALL COMPONENTS >Affects Versions: Release Branch 16.11 >Reporter: Murugeswari >Priority: Major > > Hi, > I have created Product as TEST#01 in [demo > site|https://demo-trunk.ofbiz.apache.org/catalog/control/EditProduct?productId=TEST%2301] > and attached the Same to category 101. In the category master searched for > category 101 went to product tab, when I am trying to open a product master, > link is generated > [like|https://demo-trunk.ofbiz.apache.org/catalog/control/EditProduct?productId=TEST#01] > and asking for creating new product. But in product search and menu click is > working fine problem is from ftl url are not getting encoded...Don`t know > whats happening on FTL printing -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (OFBIZ-10816) URL not encoding in FTL
[ https://issues.apache.org/jira/browse/OFBIZ-10816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kumar Rahul reassigned OFBIZ-10816: --- Assignee: Kumar Rahul > URL not encoding in FTL > > > Key: OFBIZ-10816 > URL: https://issues.apache.org/jira/browse/OFBIZ-10816 > Project: OFBiz > Issue Type: Bug > Components: ALL COMPONENTS >Affects Versions: Release Branch 16.11 >Reporter: Murugeswari >Assignee: Kumar Rahul >Priority: Major > > Hi, > I have created Product as TEST#01 in [demo > site|https://demo-trunk.ofbiz.apache.org/catalog/control/EditProduct?productId=TEST%2301] > and attached the Same to category 101. In the category master searched for > category 101 went to product tab, when I am trying to open a product master, > link is generated > [like|https://demo-trunk.ofbiz.apache.org/catalog/control/EditProduct?productId=TEST#01] > and asking for creating new product. But in product search and menu click is > working fine problem is from ftl url are not getting encoded...Don`t know > whats happening on FTL printing -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10814) Error parsing JWT
[
https://issues.apache.org/jira/browse/OFBIZ-10814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16748664#comment-16748664
]
Deepak Dixit commented on OFBIZ-10814:
--
Hi [~mbrohl],
Its filter and if we want to user token as authentication then we need to add
this filter in web.xml
> Error parsing JWT
> -
>
> Key: OFBIZ-10814
> URL: https://issues.apache.org/jira/browse/OFBIZ-10814
> Project: OFBiz
> Issue Type: Bug
> Components: framework
>Affects Versions: Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Attachments: Apache OFBiz JWT Test.postman_collection.json,
> OFBIZ-10814_JWT_parsing_error.patch
>
>
> I have problems using the Authorization: Bearer header value for requests
> towards OFBiz. OFBiz has problems parsing externally generated JSON Web
> Tokens.
> I have generated them using both [1] and [2] using HS512 and the default
> secret.
> The JWT check fails because of a parsing error:
> {noformat}
> 2019-01-17 16:48:36,233 |jsse-nio-8443-exec-7 |JavaEventHandler
> |E| Problems Processing Event
> io.jsonwebtoken.MalformedJwtException: Unable to read JSON value:
> �z��'G�#�$�uB"�&�r#�$�3S"
> at
> io.jsonwebtoken.impl.DefaultJwtParser.readValue(DefaultJwtParser.java:554)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:252)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> org.apache.ofbiz.webapp.control.JWTManager.validateToken(JWTManager.java:124)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.jwtValidation(ExternalLoginKeysManager.java:292)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.checkJWTLogin(ExternalLoginKeysManager.java:196)
> ~[ofbiz.jar:?]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[?:1.8.0_152]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_152]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_152]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
> at
> org.apache.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:86)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:774)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:407)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:208)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:191)
> [ofbiz.jar:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:156)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:127)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
>
[jira] [Comment Edited] (OFBIZ-10814) Error parsing JWT
[
https://issues.apache.org/jira/browse/OFBIZ-10814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16748664#comment-16748664
]
Deepak Dixit edited comment on OFBIZ-10814 at 1/22/19 12:12 PM:
Hi [~mbrohl],
Its filter and if we want to use token for authentication then we need to add
this filter in web.xml
was (Author: deepak.dixit):
Hi [~mbrohl],
Its filter and if we want to user token as authentication then we need to add
this filter in web.xml
> Error parsing JWT
> -
>
> Key: OFBIZ-10814
> URL: https://issues.apache.org/jira/browse/OFBIZ-10814
> Project: OFBiz
> Issue Type: Bug
> Components: framework
>Affects Versions: Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Attachments: Apache OFBiz JWT Test.postman_collection.json,
> OFBIZ-10814_JWT_parsing_error.patch
>
>
> I have problems using the Authorization: Bearer header value for requests
> towards OFBiz. OFBiz has problems parsing externally generated JSON Web
> Tokens.
> I have generated them using both [1] and [2] using HS512 and the default
> secret.
> The JWT check fails because of a parsing error:
> {noformat}
> 2019-01-17 16:48:36,233 |jsse-nio-8443-exec-7 |JavaEventHandler
> |E| Problems Processing Event
> io.jsonwebtoken.MalformedJwtException: Unable to read JSON value:
> �z��'G�#�$�uB"�&�r#�$�3S"
> at
> io.jsonwebtoken.impl.DefaultJwtParser.readValue(DefaultJwtParser.java:554)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:252)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> org.apache.ofbiz.webapp.control.JWTManager.validateToken(JWTManager.java:124)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.jwtValidation(ExternalLoginKeysManager.java:292)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.checkJWTLogin(ExternalLoginKeysManager.java:196)
> ~[ofbiz.jar:?]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[?:1.8.0_152]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_152]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_152]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
> at
> org.apache.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:86)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:774)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:407)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:208)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:191)
> [ofbiz.jar:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:156)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:127)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
>
[jira] [Commented] (OFBIZ-10814) Error parsing JWT
[
https://issues.apache.org/jira/browse/OFBIZ-10814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16748662#comment-16748662
]
Michael Brohl commented on OFBIZ-10814:
---
Another question, [~deepak.dixit] and [~jacques.le.roux]: the class TokenFilter
does not seem to be used anywhere in the code.
Do we still need it or is it an obsolete artifact from the merge between your
two solutions?
> Error parsing JWT
> -
>
> Key: OFBIZ-10814
> URL: https://issues.apache.org/jira/browse/OFBIZ-10814
> Project: OFBiz
> Issue Type: Bug
> Components: framework
>Affects Versions: Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Attachments: Apache OFBiz JWT Test.postman_collection.json,
> OFBIZ-10814_JWT_parsing_error.patch
>
>
> I have problems using the Authorization: Bearer header value for requests
> towards OFBiz. OFBiz has problems parsing externally generated JSON Web
> Tokens.
> I have generated them using both [1] and [2] using HS512 and the default
> secret.
> The JWT check fails because of a parsing error:
> {noformat}
> 2019-01-17 16:48:36,233 |jsse-nio-8443-exec-7 |JavaEventHandler
> |E| Problems Processing Event
> io.jsonwebtoken.MalformedJwtException: Unable to read JSON value:
> �z��'G�#�$�uB"�&�r#�$�3S"
> at
> io.jsonwebtoken.impl.DefaultJwtParser.readValue(DefaultJwtParser.java:554)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:252)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> org.apache.ofbiz.webapp.control.JWTManager.validateToken(JWTManager.java:124)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.jwtValidation(ExternalLoginKeysManager.java:292)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.checkJWTLogin(ExternalLoginKeysManager.java:196)
> ~[ofbiz.jar:?]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[?:1.8.0_152]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_152]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_152]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
> at
> org.apache.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:86)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:774)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:407)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:208)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:191)
> [ofbiz.jar:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:156)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:127)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
>
[jira] [Commented] (OFBIZ-10814) Error parsing JWT
[
https://issues.apache.org/jira/browse/OFBIZ-10814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16748637#comment-16748637
]
Deepak Dixit commented on OFBIZ-10814:
--
Thanks Michael,
Indeed these are the separate issue and can be fixed in another ticket. :)
> Error parsing JWT
> -
>
> Key: OFBIZ-10814
> URL: https://issues.apache.org/jira/browse/OFBIZ-10814
> Project: OFBiz
> Issue Type: Bug
> Components: framework
>Affects Versions: Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Attachments: Apache OFBiz JWT Test.postman_collection.json,
> OFBIZ-10814_JWT_parsing_error.patch
>
>
> I have problems using the Authorization: Bearer header value for requests
> towards OFBiz. OFBiz has problems parsing externally generated JSON Web
> Tokens.
> I have generated them using both [1] and [2] using HS512 and the default
> secret.
> The JWT check fails because of a parsing error:
> {noformat}
> 2019-01-17 16:48:36,233 |jsse-nio-8443-exec-7 |JavaEventHandler
> |E| Problems Processing Event
> io.jsonwebtoken.MalformedJwtException: Unable to read JSON value:
> �z��'G�#�$�uB"�&�r#�$�3S"
> at
> io.jsonwebtoken.impl.DefaultJwtParser.readValue(DefaultJwtParser.java:554)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:252)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> org.apache.ofbiz.webapp.control.JWTManager.validateToken(JWTManager.java:124)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.jwtValidation(ExternalLoginKeysManager.java:292)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.checkJWTLogin(ExternalLoginKeysManager.java:196)
> ~[ofbiz.jar:?]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[?:1.8.0_152]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_152]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_152]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
> at
> org.apache.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:86)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:774)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:407)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:208)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:191)
> [ofbiz.jar:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:156)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:127)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
>
[jira] [Commented] (OFBIZ-10814) Error parsing JWT
[
https://issues.apache.org/jira/browse/OFBIZ-10814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16748611#comment-16748611
]
Michael Brohl commented on OFBIZ-10814:
---
Hi [~deepak.dixit],
One minor improvement in ExternalLoginKeysManager.getUserlogin method, if
userLogin found then we need to check if its enabled or not.
{quote}wouldn't it be better to do a LoginWorker.checkLogout after retrieving
the userLogin from the JWT token?
{quote}
In my view, the same applies for the checkExternalLoginKey method which also
does not check for base permission and if the user is enabled.
The more I look at the code, the more I feel the urge to refactor... but this
would be another issue.
> Error parsing JWT
> -
>
> Key: OFBIZ-10814
> URL: https://issues.apache.org/jira/browse/OFBIZ-10814
> Project: OFBiz
> Issue Type: Bug
> Components: framework
>Affects Versions: Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Attachments: Apache OFBiz JWT Test.postman_collection.json,
> OFBIZ-10814_JWT_parsing_error.patch
>
>
> I have problems using the Authorization: Bearer header value for requests
> towards OFBiz. OFBiz has problems parsing externally generated JSON Web
> Tokens.
> I have generated them using both [1] and [2] using HS512 and the default
> secret.
> The JWT check fails because of a parsing error:
> {noformat}
> 2019-01-17 16:48:36,233 |jsse-nio-8443-exec-7 |JavaEventHandler
> |E| Problems Processing Event
> io.jsonwebtoken.MalformedJwtException: Unable to read JSON value:
> �z��'G�#�$�uB"�&�r#�$�3S"
> at
> io.jsonwebtoken.impl.DefaultJwtParser.readValue(DefaultJwtParser.java:554)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:252)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> org.apache.ofbiz.webapp.control.JWTManager.validateToken(JWTManager.java:124)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.jwtValidation(ExternalLoginKeysManager.java:292)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.checkJWTLogin(ExternalLoginKeysManager.java:196)
> ~[ofbiz.jar:?]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[?:1.8.0_152]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_152]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_152]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
> at
> org.apache.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:86)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:774)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:407)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:208)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:191)
> [ofbiz.jar:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:156)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:127)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
>
[jira] [Commented] (OFBIZ-10595) The query iCalendar/CALENDAR_PUB_DEMO/ no longer works
[ https://issues.apache.org/jira/browse/OFBIZ-10595?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16748565#comment-16748565 ] Jyri Sillanpää commented on OFBIZ-10595: This patch can be applied to the trunk [^iCalendar.patch] it will disable the previous workaround for the CALENDAR_PUB_DEMO. It it self is an workaround though so some one who knows the code better would need to refactor it in I think. Best Jyri > The query iCalendar/CALENDAR_PUB_DEMO/ no longer works > -- > > Key: OFBIZ-10595 > URL: https://issues.apache.org/jira/browse/OFBIZ-10595 > Project: OFBiz > Issue Type: Bug > Components: workeffort >Affects Versions: Trunk, Release Branch 16.11, Release Branch 17.12 >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Major > Fix For: 16.11.06 > > Attachments: iCalendar.patch, iCalendar.patch > > > ControlFilter does not allow the untypical iCalendar/CALENDAR_PUB_DEMO/ query > to pass. > This feature works in the stable version. So it's a change since then > Thanks to Jyri Sillanpaa for the detailled report: > https://markmail.org/message/pfd62nom3ftnpgll -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OFBIZ-10595) The query iCalendar/CALENDAR_PUB_DEMO/ no longer works
[ https://issues.apache.org/jira/browse/OFBIZ-10595?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jyri Sillanpää updated OFBIZ-10595: --- Attachment: iCalendar.patch > The query iCalendar/CALENDAR_PUB_DEMO/ no longer works > -- > > Key: OFBIZ-10595 > URL: https://issues.apache.org/jira/browse/OFBIZ-10595 > Project: OFBiz > Issue Type: Bug > Components: workeffort >Affects Versions: Trunk, Release Branch 16.11, Release Branch 17.12 >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Major > Fix For: 16.11.06 > > Attachments: iCalendar.patch, iCalendar.patch > > > ControlFilter does not allow the untypical iCalendar/CALENDAR_PUB_DEMO/ query > to pass. > This feature works in the stable version. So it's a change since then > Thanks to Jyri Sillanpaa for the detailled report: > https://markmail.org/message/pfd62nom3ftnpgll -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10814) Error parsing JWT
[
https://issues.apache.org/jira/browse/OFBIZ-10814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16748504#comment-16748504
]
Jacques Le Roux commented on OFBIZ-10814:
-
Good idea Deepak,
Michael, I commented in the dev ML
> Error parsing JWT
> -
>
> Key: OFBIZ-10814
> URL: https://issues.apache.org/jira/browse/OFBIZ-10814
> Project: OFBiz
> Issue Type: Bug
> Components: framework
>Affects Versions: Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Attachments: Apache OFBiz JWT Test.postman_collection.json,
> OFBIZ-10814_JWT_parsing_error.patch
>
>
> I have problems using the Authorization: Bearer header value for requests
> towards OFBiz. OFBiz has problems parsing externally generated JSON Web
> Tokens.
> I have generated them using both [1] and [2] using HS512 and the default
> secret.
> The JWT check fails because of a parsing error:
> {noformat}
> 2019-01-17 16:48:36,233 |jsse-nio-8443-exec-7 |JavaEventHandler
> |E| Problems Processing Event
> io.jsonwebtoken.MalformedJwtException: Unable to read JSON value:
> �z��'G�#�$�uB"�&�r#�$�3S"
> at
> io.jsonwebtoken.impl.DefaultJwtParser.readValue(DefaultJwtParser.java:554)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:252)
> ~[jjwt-0.9.1.jar:0.9.1]
> at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
> ~[jjwt-0.9.1.jar:0.9.1]
> at
> org.apache.ofbiz.webapp.control.JWTManager.validateToken(JWTManager.java:124)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.jwtValidation(ExternalLoginKeysManager.java:292)
> ~[ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ExternalLoginKeysManager.checkJWTLogin(ExternalLoginKeysManager.java:196)
> ~[ofbiz.jar:?]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[?:1.8.0_152]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_152]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_152]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_152]
> at
> org.apache.ofbiz.webapp.event.JavaEventHandler.invoke(JavaEventHandler.java:86)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:774)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:407)
> [ofbiz.jar:?]
> at
> org.apache.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:208)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:191)
> [ofbiz.jar:?]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:156)
> [ofbiz.jar:?]
> at javax.servlet.http.HttpFilter.doFilter(HttpFilter.java:127)
> [javax.servlet-api-4.0.1.jar:4.0.1]
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
> [tomcat-catalina-9.0.13.jar:9.0.13]
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
>
