[jira] [Updated] (CXF-4637) Exception when validating access token on a resource server (OAuth2)

Steven Tippetts (JIRA) Thu, 15 Nov 2012 15:23:14 -0800

     [ 
https://issues.apache.org/jira/browse/CXF-4637?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Steven Tippetts updated CXF-4637:
---------------------------------

    Description: 
When I set scopes and subject on a ServerAccessToken in getAccessToken on the 
OAuth2 server, I get an exception on the resource server when it tries to 
validate the token in AccessTokenValidatorClient at validateAccessToken.

Here is a snippet of code in the getAccessToken method:

1 List<OAuthPermission> scopes = new ArrayList<OAuthPermission>();
2 OAuthPermission p = new OAuthPermission();
3 List<String> v = new ArrayList<String>();
4 v.add("GET");
5 p.setHttpVerbs(v);
6 p.setPermission("read_test_info");
7 scopes.add(p);
8 token.setScopes(scopes);

If I comment line 5, then the exception doesn't happen.

Here is the exception:

[12/11/15 15:40:21:777] 0000000c Wr AbstractJAXBProvider: 
java.lang.UnsupportedOperationException
        at java.util.AbstractList.add(AbstractList.java:131)
        at java.util.AbstractList.add(AbstractList.java:91)
        at 
com.sun.xml.internal.bind.v2.runtime.reflect.Lister$CollectionLister.addToPack(Lister.java:290)
        at 
com.sun.xml.internal.bind.v2.runtime.reflect.Lister$CollectionLister.addToPack(Lister.java:254)
        at 
com.sun.xml.internal.bind.v2.runtime.unmarshaller.Scope.add(Scope.java:106)
        at 
com.sun.xml.internal.bind.v2.runtime.property.ArrayERProperty$ReceiverImpl.receive(ArrayERProperty.java:195)
        at 
com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext.endElement(UnmarshallingContext.java:524)
        at 
com.sun.xml.internal.bind.v2.runtime.unmarshaller.InterningXmlVisitor.endElement(InterningXmlVisitor.java:66)
        at 
com.sun.xml.internal.bind.v2.runtime.unmarshaller.StAXStreamConnector.handleEndElement(StAXStreamConnector.java:206)
        at 
com.sun.xml.internal.bind.v2.runtime.unmarshaller.StAXStreamConnector.bridge(StAXStreamConnector.java:170)
        at 
com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:351)
        at 
com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:323)
        at 
org.apache.cxf.jaxrs.provider.JAXBElementProvider.unmarshalFromInputStream(JAXBElementProvider.java:257)
        at 
org.apache.cxf.jaxrs.provider.JAXBElementProvider.doUnmarshal(JAXBElementProvider.java:214)
        at 
org.apache.cxf.jaxrs.provider.JAXBElementProvider.readFrom(JAXBElementProvider.java:181)
        at 
org.apache.cxf.jaxrs.client.AbstractClient.readBody(AbstractClient.java:445)
        at 
org.apache.cxf.jaxrs.client.WebClient.handleResponse(WebClient.java:832)
        at 
org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:816)
        at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:743)
        at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:717)
        at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:344)
        at org.apache.cxf.jaxrs.client.WebClient.get(WebClient.java:469)
        at 
edu.byu.mtc.servicelayer.service.AccessTokenValidatorClient.validateAccessToken(AccessTokenValidatorClient.java:25)
        at 
edu.byu.mtc.servicelayer.service.AbstractAccessTokenValidator.getAccessTokenValidation(AbstractAccessTokenValidator.java:84)
        at 
edu.byu.mtc.servicelayer.service.OAuthRequestFilter.handleRequest(OAuthRequestFilter.java:34)

The problem is that the AbstractList is an empty collection, which I believe is 
from line 35 in OAuthPermission.java:

    private List<String> httpVerbs = Collections.emptyList();

If I change that line to this then the exception goes away:

    private List<String> httpVerbs = new ArrayList<String>();

This same fix needs to be made to line 36 in OAuthPermission.java for uris and 
to line 34 in UserSubject.java for roles.


  was:
When I set scopes and subject on a ServerAccessToken in getAccessToken on the 
OAuth2 server, I get an exception on the resource server when it tries to 
validate the token in AccessTokenValidatorClient at validateAccessToken.

Here is a snippet of code in the getAccessToken method:

1 List<OAuthPermission> scopes = new ArrayList<OAuthPermission>();
2 OAuthPermission p = new OAuthPermission();
3 List<String> v = new ArrayList<String>();
4 v.add("GET");
5 p.setHttpVerbs(v);
6 p.setPermission("read_test_info");
7 scopes.add(p);
8 token.setScopes(scopes);

If I comment line 5, then the exception doesn't happen.

Here is the exception:

[12/11/15 15:40:21:777] 0000000c Wr AbstractJAXBProvider: 
java.lang.UnsupportedOperationException
        at java.util.AbstractList.add(AbstractList.java:131)
        at java.util.AbstractList.add(AbstractList.java:91)
        at 
com.sun.xml.internal.bind.v2.runtime.reflect.Lister$CollectionLister.addToPack(Lister.java:290)
        at 
com.sun.xml.internal.bind.v2.runtime.reflect.Lister$CollectionLister.addToPack(Lister.java:254)
        at 
com.sun.xml.internal.bind.v2.runtime.unmarshaller.Scope.add(Scope.java:106)
        at 
com.sun.xml.internal.bind.v2.runtime.property.ArrayERProperty$ReceiverImpl.receive(ArrayERProperty.java:195)
        at 
com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext.endElement(UnmarshallingContext.java:524)
        at 
com.sun.xml.internal.bind.v2.runtime.unmarshaller.InterningXmlVisitor.endElement(InterningXmlVisitor.java:66)
        at 
com.sun.xml.internal.bind.v2.runtime.unmarshaller.StAXStreamConnector.handleEndElement(StAXStreamConnector.java:206)
        at 
com.sun.xml.internal.bind.v2.runtime.unmarshaller.StAXStreamConnector.bridge(StAXStreamConnector.java:170)
        at 
com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:351)
        at 
com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:323)
        at 
org.apache.cxf.jaxrs.provider.JAXBElementProvider.unmarshalFromInputStream(JAXBElementProvider.java:257)
        at 
org.apache.cxf.jaxrs.provider.JAXBElementProvider.doUnmarshal(JAXBElementProvider.java:214)
        at 
org.apache.cxf.jaxrs.provider.JAXBElementProvider.readFrom(JAXBElementProvider.java:181)
        at 
org.apache.cxf.jaxrs.client.AbstractClient.readBody(AbstractClient.java:445)
        at 
org.apache.cxf.jaxrs.client.WebClient.handleResponse(WebClient.java:832)
        at 
org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:816)
        at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:743)
        at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:717)
        at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:344)
        at org.apache.cxf.jaxrs.client.WebClient.get(WebClient.java:469)
        at 
edu.byu.mtc.servicelayer.service.AccessTokenValidatorClient.validateAccessToken(AccessTokenValidatorClient.java:25)
        at 
edu.byu.mtc.servicelayer.service.AbstractAccessTokenValidator.getAccessTokenValidation(AbstractAccessTokenValidator.java:84)
        at 
edu.byu.mtc.servicelayer.service.OAuthRequestFilter.handleRequest(OAuthRequestFilter.java:34)

The problem is that the AbstractList is an empty collection, which I believe is 
from line 35 in OAuthPermission.java:

    private List<String> httpVerbs = Collections.emptyList();

If I change that line to this then the exception goes away:

    private List<String> httpVerbs = new ArrayList<String>();

This same fix needs to be made to line 36 in OAuthPermission.java and to line 
34 in UserSubject.java.


    
> Exception when validating access token on a resource server (OAuth2)
> --------------------------------------------------------------------
>
>                 Key: CXF-4637
>                 URL: https://issues.apache.org/jira/browse/CXF-4637
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 2.6.2
>            Reporter: Steven Tippetts
>            Priority: Blocker
>
> When I set scopes and subject on a ServerAccessToken in getAccessToken on the 
> OAuth2 server, I get an exception on the resource server when it tries to 
> validate the token in AccessTokenValidatorClient at validateAccessToken.
> Here is a snippet of code in the getAccessToken method:
> 1 List<OAuthPermission> scopes = new ArrayList<OAuthPermission>();
> 2 OAuthPermission p = new OAuthPermission();
> 3 List<String> v = new ArrayList<String>();
> 4 v.add("GET");
> 5 p.setHttpVerbs(v);
> 6 p.setPermission("read_test_info");
> 7 scopes.add(p);
> 8 token.setScopes(scopes);
> If I comment line 5, then the exception doesn't happen.
> Here is the exception:
> [12/11/15 15:40:21:777] 0000000c Wr AbstractJAXBProvider: 
> java.lang.UnsupportedOperationException
>       at java.util.AbstractList.add(AbstractList.java:131)
>       at java.util.AbstractList.add(AbstractList.java:91)
>       at 
> com.sun.xml.internal.bind.v2.runtime.reflect.Lister$CollectionLister.addToPack(Lister.java:290)
>       at 
> com.sun.xml.internal.bind.v2.runtime.reflect.Lister$CollectionLister.addToPack(Lister.java:254)
>       at 
> com.sun.xml.internal.bind.v2.runtime.unmarshaller.Scope.add(Scope.java:106)
>       at 
> com.sun.xml.internal.bind.v2.runtime.property.ArrayERProperty$ReceiverImpl.receive(ArrayERProperty.java:195)
>       at 
> com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext.endElement(UnmarshallingContext.java:524)
>       at 
> com.sun.xml.internal.bind.v2.runtime.unmarshaller.InterningXmlVisitor.endElement(InterningXmlVisitor.java:66)
>       at 
> com.sun.xml.internal.bind.v2.runtime.unmarshaller.StAXStreamConnector.handleEndElement(StAXStreamConnector.java:206)
>       at 
> com.sun.xml.internal.bind.v2.runtime.unmarshaller.StAXStreamConnector.bridge(StAXStreamConnector.java:170)
>       at 
> com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:351)
>       at 
> com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:323)
>       at 
> org.apache.cxf.jaxrs.provider.JAXBElementProvider.unmarshalFromInputStream(JAXBElementProvider.java:257)
>       at 
> org.apache.cxf.jaxrs.provider.JAXBElementProvider.doUnmarshal(JAXBElementProvider.java:214)
>       at 
> org.apache.cxf.jaxrs.provider.JAXBElementProvider.readFrom(JAXBElementProvider.java:181)
>       at 
> org.apache.cxf.jaxrs.client.AbstractClient.readBody(AbstractClient.java:445)
>       at 
> org.apache.cxf.jaxrs.client.WebClient.handleResponse(WebClient.java:832)
>       at 
> org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:816)
>       at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:743)
>       at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:717)
>       at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:344)
>       at org.apache.cxf.jaxrs.client.WebClient.get(WebClient.java:469)
>       at 
> edu.byu.mtc.servicelayer.service.AccessTokenValidatorClient.validateAccessToken(AccessTokenValidatorClient.java:25)
>       at 
> edu.byu.mtc.servicelayer.service.AbstractAccessTokenValidator.getAccessTokenValidation(AbstractAccessTokenValidator.java:84)
>       at 
> edu.byu.mtc.servicelayer.service.OAuthRequestFilter.handleRequest(OAuthRequestFilter.java:34)
> The problem is that the AbstractList is an empty collection, which I believe 
> is from line 35 in OAuthPermission.java:
>     private List<String> httpVerbs = Collections.emptyList();
> If I change that line to this then the exception goes away:
>     private List<String> httpVerbs = new ArrayList<String>();
> This same fix needs to be made to line 36 in OAuthPermission.java for uris 
> and to line 34 in UserSubject.java for roles.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (CXF-4637) Exception when validating access token on a resource server (OAuth2)

Reply via email to