Re: [Dev] [IS] Generate token with auth code grant - Using same code twice

2017-12-24 Thread Mahesh Chinthaka 
Many thanks Omindu..!!!

On Sun, Dec 24, 2017 at 2:23 PM, Omindu Rathnaweera  wrote:

> Hi Mahesh,
>
> This issue was fixed with a WUM update.
>
> Regards,
> Omindu.
>
> On Sun, Dec 24, 2017 at 5:47 PM, Mahesh Chinthaka 
> wrote:
>
>> Hi Maduranga/ Danushka,
>>
>> I got the same NPE error while doing the same. After setting
>> EnableOAuthCache to true in identity.xml, error disappeared.
>> According to IDENTITY-5830 seems like it got fixed in 5.4.0-M1, here Im
>> using 5.3.0
>>
>> Do we have a backported fix for this ? Or is it ok if I keep that change
>> as it is (EnableOAuthCache=true)
>> Note this is for a production setup.
>>
>> Please advise.
>>
>> On Thu, Mar 23, 2017 at 5:06 AM, Danushka Fernando 
>> wrote:
>>
>>> Createed https://wso2.org/jira/browse/IDENTITY-5830 to track this
>>>
>>> Thanks & Regards
>>> Danushka Fernando
>>> Senior Software Engineer
>>> WSO2 inc. http://wso2.com/
>>> Mobile : +94716332729 <+94%2071%20633%202729>
>>>
>>> On Thu, Mar 23, 2017 at 9:22 AM, Maduranga Siriwardena <
>>> madura...@wso2.com> wrote:
>>>
 Sorry the code line should be [1]. Previous line I pointed [2] has the
 same issue.

 [1] https://github.com/wso2-extensions/identity-inbound-auth
 -oauth/blob/v5.3.4/components/org.wso2.carbon.identity.oauth
 /src/main/java/org/wso2/carbon/identity/oauth2/token/handler
 s/grant/AuthorizationCodeGrantHandler.java#L121
 [2] https://github.com/wso2-extensions/identity-inbound-auth
 -oauth/blob/v5.3.4/components/org.wso2.carbon.identity.oauth
 /src/main/java/org/wso2/carbon/identity/oauth2/token/handler
 s/grant/AuthorizationCodeGrantHandler.java#L184

 Thanks,

 On Wed, Mar 22, 2017 at 10:49 PM, Maduranga Siriwardena <
 madura...@wso2.com> wrote:

> Hi Danushka,
>
> The problem seems to be oauthCache is only initialized when
> EnableOAuthCache is set to true in identity.xml. Default value is false. 
> So
> oauthCache is null and when we try to clear the cache entry [1] it gives
> NPE.
>
> [1] https://github.com/wso2-extensions/identity-inbound-auth
> -oauth/blob/v5.3.4/components/org.wso2.carbon.identity.oauth
> /src/main/java/org/wso2/carbon/identity/oauth2/token/handler
> s/grant/AuthorizationCodeGrantHandler.java#L184
>
> Thanks,
>
> On Wed, Mar 22, 2017 at 10:41 PM, Danushka Fernando <
> danush...@wso2.com> wrote:
>
>> Hi All
>> I generated an auth code and used that code to issue an access token.
>> In second time as expected its not giving me an access token if I use 
>> same
>> code. But there is a null pointer.
>>
>> TID: [-1234] [] [2017-03-23 08:46:21,034]  INFO
>> {org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration} -
>>  The default Identity OAuth token issuer will be used. No custom token
>> generator is set.
>> TID: [-1234] [] [2017-03-23 08:47:12,696]  WARN
>> {org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint}
>> -  No session state found for the received Session ID :
>> afbb08c6-d832-4154-9e68-116cc02b7b94
>> TID: [-1234] [] [2017-03-23 08:50:59,399] ERROR
>> {org.wso2.carbon.identity.oauth2.OAuth2Service} -  Error occurred
>> while issuing the access token for Client ID :
>> jF2udC5fHAZwglHYuYVt9rXdgrIa, User ID null, Scope : [] and Grant Type :
>> authorization_code
>> java.lang.NullPointerException
>> at org.wso2.carbon.identity.oauth2.token.handlers.grant.Authori
>> zationCodeGrantHandler.validateGrant(AuthorizationCodeGrantH
>> andler.java:121)
>> at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issu
>> e(AccessTokenIssuer.java:212)
>> at org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessTok
>> en(OAuth2Service.java:223)
>> at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEnd
>> point.getAccessToken(OAuth2TokenEndpoint.java:287)
>> at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEnd
>> point.issueAccessToken(OAuth2TokenEndpoint.java:151)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>> ssorImpl.java:62)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>> thodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> at org.apache.cxf.service.invoker.AbstractInvoker.performInvoca
>> tion(AbstractInvoker.java:188)
>> at org.apache.cxf.service.invoker.AbstractInvoker.invoke(Abstra
>> ctInvoker.java:104)
>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
>> at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(S
>> erviceInvokerInterceptor.java:58)
>> at

Re: [Dev] [IS] Generate token with auth code grant - Using same code twice

2017-12-24 Thread Omindu Rathnaweera 
Hi Mahesh,

This issue was fixed with a WUM update.

Regards,
Omindu.

On Sun, Dec 24, 2017 at 5:47 PM, Mahesh Chinthaka  wrote:

> Hi Maduranga/ Danushka,
>
> I got the same NPE error while doing the same. After setting
> EnableOAuthCache to true in identity.xml, error disappeared.
> According to IDENTITY-5830 seems like it got fixed in 5.4.0-M1, here Im
> using 5.3.0
>
> Do we have a backported fix for this ? Or is it ok if I keep that change
> as it is (EnableOAuthCache=true)
> Note this is for a production setup.
>
> Please advise.
>
> On Thu, Mar 23, 2017 at 5:06 AM, Danushka Fernando 
> wrote:
>
>> Createed https://wso2.org/jira/browse/IDENTITY-5830 to track this
>>
>> Thanks & Regards
>> Danushka Fernando
>> Senior Software Engineer
>> WSO2 inc. http://wso2.com/
>> Mobile : +94716332729 <+94%2071%20633%202729>
>>
>> On Thu, Mar 23, 2017 at 9:22 AM, Maduranga Siriwardena <
>> madura...@wso2.com> wrote:
>>
>>> Sorry the code line should be [1]. Previous line I pointed [2] has the
>>> same issue.
>>>
>>> [1] https://github.com/wso2-extensions/identity-inbound-auth
>>> -oauth/blob/v5.3.4/components/org.wso2.carbon.identity.oauth
>>> /src/main/java/org/wso2/carbon/identity/oauth2/token/handler
>>> s/grant/AuthorizationCodeGrantHandler.java#L121
>>> [2] https://github.com/wso2-extensions/identity-inbound-auth
>>> -oauth/blob/v5.3.4/components/org.wso2.carbon.identity.oauth
>>> /src/main/java/org/wso2/carbon/identity/oauth2/token/handler
>>> s/grant/AuthorizationCodeGrantHandler.java#L184
>>>
>>> Thanks,
>>>
>>> On Wed, Mar 22, 2017 at 10:49 PM, Maduranga Siriwardena <
>>> madura...@wso2.com> wrote:
>>>
 Hi Danushka,

 The problem seems to be oauthCache is only initialized when
 EnableOAuthCache is set to true in identity.xml. Default value is false. So
 oauthCache is null and when we try to clear the cache entry [1] it gives
 NPE.

 [1] https://github.com/wso2-extensions/identity-inbound-auth
 -oauth/blob/v5.3.4/components/org.wso2.carbon.identity.oauth
 /src/main/java/org/wso2/carbon/identity/oauth2/token/handler
 s/grant/AuthorizationCodeGrantHandler.java#L184

 Thanks,

 On Wed, Mar 22, 2017 at 10:41 PM, Danushka Fernando  wrote:

> Hi All
> I generated an auth code and used that code to issue an access token.
> In second time as expected its not giving me an access token if I use same
> code. But there is a null pointer.
>
> TID: [-1234] [] [2017-03-23 08:46:21,034]  INFO
> {org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration} -
>  The default Identity OAuth token issuer will be used. No custom token
> generator is set.
> TID: [-1234] [] [2017-03-23 08:47:12,696]  WARN
> {org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint} -
>  No session state found for the received Session ID :
> afbb08c6-d832-4154-9e68-116cc02b7b94
> TID: [-1234] [] [2017-03-23 08:50:59,399] ERROR
> {org.wso2.carbon.identity.oauth2.OAuth2Service} -  Error occurred
> while issuing the access token for Client ID :
> jF2udC5fHAZwglHYuYVt9rXdgrIa, User ID null, Scope : [] and Grant Type :
> authorization_code
> java.lang.NullPointerException
> at org.wso2.carbon.identity.oauth2.token.handlers.grant.Authori
> zationCodeGrantHandler.validateGrant(AuthorizationCodeGrantH
> andler.java:121)
> at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issu
> e(AccessTokenIssuer.java:212)
> at org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessTok
> en(OAuth2Service.java:223)
> at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEnd
> point.getAccessToken(OAuth2TokenEndpoint.java:287)
> at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEnd
> point.issueAccessToken(OAuth2TokenEndpoint.java:151)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
> ssorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
> thodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.cxf.service.invoker.AbstractInvoker.performInvoca
> tion(AbstractInvoker.java:188)
> at org.apache.cxf.service.invoker.AbstractInvoker.invoke(Abstra
> ctInvoker.java:104)
> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
> at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(S
> erviceInvokerInterceptor.java:58)
> at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleM
> essage(ServiceInvokerInterceptor.java:94)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(Phase
> InterceptorChain.java:272)
> at org.apache.cxf.transport.ChainInitiationObserver.onMessage(C

Re: [Dev] [IS] Generate token with auth code grant - Using same code twice

2017-12-24 Thread Mahesh Chinthaka 
Hi Maduranga/ Danushka,

I got the same NPE error while doing the same. After setting
EnableOAuthCache to true in identity.xml, error disappeared.
According to IDENTITY-5830 seems like it got fixed in 5.4.0-M1, here Im
using 5.3.0

Do we have a backported fix for this ? Or is it ok if I keep that change as
it is (EnableOAuthCache=true)
Note this is for a production setup.

Please advise.

On Thu, Mar 23, 2017 at 5:06 AM, Danushka Fernando 
wrote:

> Createed https://wso2.org/jira/browse/IDENTITY-5830 to track this
>
> Thanks & Regards
> Danushka Fernando
> Senior Software Engineer
> WSO2 inc. http://wso2.com/
> Mobile : +94716332729 <+94%2071%20633%202729>
>
> On Thu, Mar 23, 2017 at 9:22 AM, Maduranga Siriwardena  > wrote:
>
>> Sorry the code line should be [1]. Previous line I pointed [2] has the
>> same issue.
>>
>> [1] https://github.com/wso2-extensions/identity-inbound-auth
>> -oauth/blob/v5.3.4/components/org.wso2.carbon.identity.
>> oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/
>> handlers/grant/AuthorizationCodeGrantHandler.java#L121
>> [2] https://github.com/wso2-extensions/identity-inbound-auth
>> -oauth/blob/v5.3.4/components/org.wso2.carbon.identity.
>> oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/
>> handlers/grant/AuthorizationCodeGrantHandler.java#L184
>>
>> Thanks,
>>
>> On Wed, Mar 22, 2017 at 10:49 PM, Maduranga Siriwardena <
>> madura...@wso2.com> wrote:
>>
>>> Hi Danushka,
>>>
>>> The problem seems to be oauthCache is only initialized when
>>> EnableOAuthCache is set to true in identity.xml. Default value is false. So
>>> oauthCache is null and when we try to clear the cache entry [1] it gives
>>> NPE.
>>>
>>> [1] https://github.com/wso2-extensions/identity-inbound-auth
>>> -oauth/blob/v5.3.4/components/org.wso2.carbon.identity.oauth
>>> /src/main/java/org/wso2/carbon/identity/oauth2/token/handler
>>> s/grant/AuthorizationCodeGrantHandler.java#L184
>>>
>>> Thanks,
>>>
>>> On Wed, Mar 22, 2017 at 10:41 PM, Danushka Fernando 
>>> wrote:
>>>
 Hi All
 I generated an auth code and used that code to issue an access token.
 In second time as expected its not giving me an access token if I use same
 code. But there is a null pointer.

 TID: [-1234] [] [2017-03-23 08:46:21,034]  INFO
 {org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration} -
  The default Identity OAuth token issuer will be used. No custom token
 generator is set.
 TID: [-1234] [] [2017-03-23 08:47:12,696]  WARN
 {org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint} -
  No session state found for the received Session ID :
 afbb08c6-d832-4154-9e68-116cc02b7b94
 TID: [-1234] [] [2017-03-23 08:50:59,399] ERROR
 {org.wso2.carbon.identity.oauth2.OAuth2Service} -  Error occurred
 while issuing the access token for Client ID :
 jF2udC5fHAZwglHYuYVt9rXdgrIa, User ID null, Scope : [] and Grant Type :
 authorization_code
 java.lang.NullPointerException
 at org.wso2.carbon.identity.oauth2.token.handlers.grant.Authori
 zationCodeGrantHandler.validateGrant(AuthorizationCodeGrantH
 andler.java:121)
 at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issu
 e(AccessTokenIssuer.java:212)
 at org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessTok
 en(OAuth2Service.java:223)
 at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEnd
 point.getAccessToken(OAuth2TokenEndpoint.java:287)
 at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEnd
 point.issueAccessToken(OAuth2TokenEndpoint.java:151)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
 ssorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
 thodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at org.apache.cxf.service.invoker.AbstractInvoker.performInvoca
 tion(AbstractInvoker.java:188)
 at org.apache.cxf.service.invoker.AbstractInvoker.invoke(Abstra
 ctInvoker.java:104)
 at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
 at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
 at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(S
 erviceInvokerInterceptor.java:58)
 at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleM
 essage(ServiceInvokerInterceptor.java:94)
 at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(Phase
 InterceptorChain.java:272)
 at org.apache.cxf.transport.ChainInitiationObserver.onMessage(C
 hainInitiationObserver.java:121)
 at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke
 (AbstractHTTPDestination.java:249)
 at org.apache.cxf.transport.servlet.ServletController.invokeDes
 tination(ServletController.java:248)
 at

Re: [Dev] [IS] Generate token with auth code grant - Using same code twice

2017-03-22 Thread Danushka Fernando 
Createed https://wso2.org/jira/browse/IDENTITY-5830 to track this

Thanks & Regards
Danushka Fernando
Senior Software Engineer
WSO2 inc. http://wso2.com/
Mobile : +94716332729

On Thu, Mar 23, 2017 at 9:22 AM, Maduranga Siriwardena 
wrote:

> Sorry the code line should be [1]. Previous line I pointed [2] has the
> same issue.
>
> [1] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/v5.3.4/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/
> oauth2/token/handlers/grant/AuthorizationCodeGrantHandler.java#L121
> [2] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/v5.3.4/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/
> oauth2/token/handlers/grant/AuthorizationCodeGrantHandler.java#L184
>
> Thanks,
>
> On Wed, Mar 22, 2017 at 10:49 PM, Maduranga Siriwardena <
> madura...@wso2.com> wrote:
>
>> Hi Danushka,
>>
>> The problem seems to be oauthCache is only initialized when
>> EnableOAuthCache is set to true in identity.xml. Default value is false. So
>> oauthCache is null and when we try to clear the cache entry [1] it gives
>> NPE.
>>
>> [1] https://github.com/wso2-extensions/identity-inbound-auth
>> -oauth/blob/v5.3.4/components/org.wso2.carbon.identity.
>> oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/
>> handlers/grant/AuthorizationCodeGrantHandler.java#L184
>>
>> Thanks,
>>
>> On Wed, Mar 22, 2017 at 10:41 PM, Danushka Fernando 
>> wrote:
>>
>>> Hi All
>>> I generated an auth code and used that code to issue an access token. In
>>> second time as expected its not giving me an access token if I use same
>>> code. But there is a null pointer.
>>>
>>> TID: [-1234] [] [2017-03-23 08:46:21,034]  INFO
>>> {org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration} -  The
>>> default Identity OAuth token issuer will be used. No custom token generator
>>> is set.
>>> TID: [-1234] [] [2017-03-23 08:47:12,696]  WARN
>>> {org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint} -
>>>  No session state found for the received Session ID :
>>> afbb08c6-d832-4154-9e68-116cc02b7b94
>>> TID: [-1234] [] [2017-03-23 08:50:59,399] ERROR
>>> {org.wso2.carbon.identity.oauth2.OAuth2Service} -  Error occurred while
>>> issuing the access token for Client ID : jF2udC5fHAZwglHYuYVt9rXdgrIa, User
>>> ID null, Scope : [] and Grant Type : authorization_code
>>> java.lang.NullPointerException
>>> at org.wso2.carbon.identity.oauth2.token.handlers.grant.Authori
>>> zationCodeGrantHandler.validateGrant(AuthorizationCodeGrantH
>>> andler.java:121)
>>> at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issu
>>> e(AccessTokenIssuer.java:212)
>>> at org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessTok
>>> en(OAuth2Service.java:223)
>>> at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEnd
>>> point.getAccessToken(OAuth2TokenEndpoint.java:287)
>>> at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEnd
>>> point.issueAccessToken(OAuth2TokenEndpoint.java:151)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>>> ssorImpl.java:62)
>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>>> thodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>> at org.apache.cxf.service.invoker.AbstractInvoker.performInvoca
>>> tion(AbstractInvoker.java:188)
>>> at org.apache.cxf.service.invoker.AbstractInvoker.invoke(Abstra
>>> ctInvoker.java:104)
>>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
>>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
>>> at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(S
>>> erviceInvokerInterceptor.java:58)
>>> at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleM
>>> essage(ServiceInvokerInterceptor.java:94)
>>> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(Phase
>>> InterceptorChain.java:272)
>>> at org.apache.cxf.transport.ChainInitiationObserver.onMessage(C
>>> hainInitiationObserver.java:121)
>>> at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke
>>> (AbstractHTTPDestination.java:249)
>>> at org.apache.cxf.transport.servlet.ServletController.invokeDes
>>> tination(ServletController.java:248)
>>> at org.apache.cxf.transport.servlet.ServletController.invoke(Se
>>> rvletController.java:222)
>>> at org.apache.cxf.transport.servlet.ServletController.invoke(Se
>>> rvletController.java:153)
>>> at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(
>>> CXFNonSpringServlet.java:171)
>>> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleR
>>> equest(AbstractHTTPServlet.java:289)
>>> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(
>>> AbstractHTTPServlet.java:209)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
>>> at

Re: [Dev] [IS] Generate token with auth code grant - Using same code twice

2017-03-22 Thread Maduranga Siriwardena 
Sorry the code line should be [1]. Previous line I pointed [2] has the same
issue.

[1]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/v5.3.4/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AuthorizationCodeGrantHandler.java#L121
[2]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/v5.3.4/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AuthorizationCodeGrantHandler.java#L184

Thanks,

On Wed, Mar 22, 2017 at 10:49 PM, Maduranga Siriwardena 
wrote:

> Hi Danushka,
>
> The problem seems to be oauthCache is only initialized when
> EnableOAuthCache is set to true in identity.xml. Default value is false. So
> oauthCache is null and when we try to clear the cache entry [1] it gives
> NPE.
>
> [1] https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/blob/v5.3.4/components/org.wso2.carbon.
> identity.oauth/src/main/java/org/wso2/carbon/identity/
> oauth2/token/handlers/grant/AuthorizationCodeGrantHandler.java#L184
>
> Thanks,
>
> On Wed, Mar 22, 2017 at 10:41 PM, Danushka Fernando 
> wrote:
>
>> Hi All
>> I generated an auth code and used that code to issue an access token. In
>> second time as expected its not giving me an access token if I use same
>> code. But there is a null pointer.
>>
>> TID: [-1234] [] [2017-03-23 08:46:21,034]  INFO
>> {org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration} -  The
>> default Identity OAuth token issuer will be used. No custom token generator
>> is set.
>> TID: [-1234] [] [2017-03-23 08:47:12,696]  WARN
>> {org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint} -
>>  No session state found for the received Session ID :
>> afbb08c6-d832-4154-9e68-116cc02b7b94
>> TID: [-1234] [] [2017-03-23 08:50:59,399] ERROR
>> {org.wso2.carbon.identity.oauth2.OAuth2Service} -  Error occurred while
>> issuing the access token for Client ID : jF2udC5fHAZwglHYuYVt9rXdgrIa, User
>> ID null, Scope : [] and Grant Type : authorization_code
>> java.lang.NullPointerException
>> at org.wso2.carbon.identity.oauth2.token.handlers.grant.Authori
>> zationCodeGrantHandler.validateGrant(AuthorizationCodeGrantH
>> andler.java:121)
>> at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.
>> issue(AccessTokenIssuer.java:212)
>> at org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessTok
>> en(OAuth2Service.java:223)
>> at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEnd
>> point.getAccessToken(OAuth2TokenEndpoint.java:287)
>> at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEnd
>> point.issueAccessToken(OAuth2TokenEndpoint.java:151)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>> ssorImpl.java:62)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>> thodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> at org.apache.cxf.service.invoker.AbstractInvoker.performInvoca
>> tion(AbstractInvoker.java:188)
>> at org.apache.cxf.service.invoker.AbstractInvoker.invoke(
>> AbstractInvoker.java:104)
>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
>> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
>> at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(
>> ServiceInvokerInterceptor.java:58)
>> at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleM
>> essage(ServiceInvokerInterceptor.java:94)
>> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(Phase
>> InterceptorChain.java:272)
>> at org.apache.cxf.transport.ChainInitiationObserver.onMessage(C
>> hainInitiationObserver.java:121)
>> at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke
>> (AbstractHTTPDestination.java:249)
>> at org.apache.cxf.transport.servlet.ServletController.invokeDes
>> tination(ServletController.java:248)
>> at org.apache.cxf.transport.servlet.ServletController.invoke(
>> ServletController.java:222)
>> at org.apache.cxf.transport.servlet.ServletController.invoke(
>> ServletController.java:153)
>> at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(
>> CXFNonSpringServlet.java:171)
>> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleR
>> equest(AbstractHTTPServlet.java:289)
>> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(
>> AbstractHTTPServlet.java:209)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
>> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service
>> (AbstractHTTPServlet.java:265)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>> lter(ApplicationFilterChain.java:303)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>> licationFilterChain.java:208)
>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>> at

Re: [Dev] [IS] Generate token with auth code grant - Using same code twice

2017-03-22 Thread Maduranga Siriwardena 
Hi Danushka,

The problem seems to be oauthCache is only initialized when
EnableOAuthCache is set to true in identity.xml. Default value is false. So
oauthCache is null and when we try to clear the cache entry [1] it gives
NPE.

[1]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/v5.3.4/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AuthorizationCodeGrantHandler.java#L184

Thanks,

On Wed, Mar 22, 2017 at 10:41 PM, Danushka Fernando 
wrote:

> Hi All
> I generated an auth code and used that code to issue an access token. In
> second time as expected its not giving me an access token if I use same
> code. But there is a null pointer.
>
> TID: [-1234] [] [2017-03-23 08:46:21,034]  INFO {org.wso2.carbon.identity.
> oauth.config.OAuthServerConfiguration} -  The default Identity OAuth
> token issuer will be used. No custom token generator is set.
> TID: [-1234] [] [2017-03-23 08:47:12,696]  WARN {org.wso2.carbon.identity.
> oauth.endpoint.authz.OAuth2AuthzEndpoint} -  No session state found for
> the received Session ID : afbb08c6-d832-4154-9e68-116cc02b7b94
> TID: [-1234] [] [2017-03-23 08:50:59,399] ERROR 
> {org.wso2.carbon.identity.oauth2.OAuth2Service}
> -  Error occurred while issuing the access token for Client ID :
> jF2udC5fHAZwglHYuYVt9rXdgrIa, User ID null, Scope : [] and Grant Type :
> authorization_code
> java.lang.NullPointerException
> at org.wso2.carbon.identity.oauth2.token.handlers.grant.
> AuthorizationCodeGrantHandler.validateGrant(AuthorizationCodeGrantHandler.
> java:121)
> at org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(
> AccessTokenIssuer.java:212)
> at org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(
> OAuth2Service.java:223)
> at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.
> getAccessToken(OAuth2TokenEndpoint.java:287)
> at org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.
> issueAccessToken(OAuth2TokenEndpoint.java:151)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(
> AbstractInvoker.java:188)
> at org.apache.cxf.service.invoker.AbstractInvoker.
> invoke(AbstractInvoker.java:104)
> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
> at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
> at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.
> run(ServiceInvokerInterceptor.java:58)
> at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(
> ServiceInvokerInterceptor.java:94)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:272)
> at org.apache.cxf.transport.ChainInitiationObserver.onMessage(
> ChainInitiationObserver.java:121)
> at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(
> AbstractHTTPDestination.java:249)
> at org.apache.cxf.transport.servlet.ServletController.invokeDestination(
> ServletController.java:248)
> at org.apache.cxf.transport.servlet.ServletController.
> invoke(ServletController.java:222)
> at org.apache.cxf.transport.servlet.ServletController.
> invoke(ServletController.java:153)
> at org.apache.cxf.transport.servlet.CXFNonSpringServlet.
> invoke(CXFNonSpringServlet.java:171)
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(
> AbstractHTTPServlet.java:289)
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.
> doPost(AbstractHTTPServlet.java:209)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
> at org.apache.cxf.transport.servlet.AbstractHTTPServlet.
> service(AbstractHTTPServlet.java:265)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:303)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(
> HttpHeaderSecurityFilter.java:120)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:241)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
> at org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:218)
> at org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:122)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
>

[Dev] [IS] Generate token with auth code grant - Using same code twice

2017-03-22 Thread Danushka Fernando 
Hi All
I generated an auth code and used that code to issue an access token. In
second time as expected its not giving me an access token if I use same
code. But there is a null pointer.

TID: [-1234] [] [2017-03-23 08:46:21,034]  INFO
{org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration} -  The
default Identity OAuth token issuer will be used. No custom token generator
is set.
TID: [-1234] [] [2017-03-23 08:47:12,696]  WARN
{org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint} -  No
session state found for the received Session ID :
afbb08c6-d832-4154-9e68-116cc02b7b94
TID: [-1234] [] [2017-03-23 08:50:59,399] ERROR
{org.wso2.carbon.identity.oauth2.OAuth2Service} -  Error occurred while
issuing the access token for Client ID : jF2udC5fHAZwglHYuYVt9rXdgrIa, User
ID null, Scope : [] and Grant Type : authorization_code
java.lang.NullPointerException
at
org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationCodeGrantHandler.validateGrant(AuthorizationCodeGrantHandler.java:121)
at
org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer.issue(AccessTokenIssuer.java:212)
at
org.wso2.carbon.identity.oauth2.OAuth2Service.issueAccessToken(OAuth2Service.java:223)
at
org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.getAccessToken(OAuth2TokenEndpoint.java:287)
at
org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint.issueAccessToken(OAuth2TokenEndpoint.java:151)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
at
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
at
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:209)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at
org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:72)
at
org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:91)
at
org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:60)
at
org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at
org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at