search

SAP / cloud-sdk-java

Use the SAP Cloud SDK for Java to reduce development effort when building applications on SAP Business Technology Platform that communicate with SAP solutions and services such as SAP S/4HANA Cloud, SAP SuccessFactors, and many others.
Apache License 2.0
21 stars 9 forks source link

SecurityContext broken for version 5.9.0 using AMS #438

Closed SAPilot closed 3 weeks ago

SAPilot commented 2 months ago

Issue Description

We got an issue with the new update

com.sap.cloud.sdk:sdk-bom (source) | import | minor | 5.8.0 -> 5.9.0 -- | -- | -- | --

We use AMS as our authorization tool. The issue is the security context is returned as class com.sap.cloud.security.adapter.spring.SpringSecurityContext. In the old version we got following: com.sap.cloud.security.token.SapIdToken

This breaks the token retrieval for AMS.

Impact / Priority

Affected development phase: Development, Release

Impact: e.g. Blocked, since our unit tests do not run anymore

Timeline: e.g. Customer testing next week.

Error Message

com.sap.cds.services.impl.ContextualizedServiceException: Cannot invoke "com.sap.cloud.security.ams.api.Principal.getAttributes()" because "principal" is null (service 'FiscalYearVariantPeriodService', event 'readFromBackend', entity '<no entity>')
    at com.sap.cds.services.impl.ServiceImpl.dispatch(ServiceImpl.java:256)
    at com.sap.cds.services.impl.ServiceImpl.emit(ServiceImpl.java:177)
    at com.sap.cds.services.ServiceDelegator.emit(ServiceDelegator.java:33)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:568)
    at com.sap.cds.services.impl.cds.TypedCqnServiceInvocationHandler.invoke(TypedCqnServiceInvocationHandler.java:70)
    at jdk.proxy2/jdk.proxy2.$Proxy86.emit(Unknown Source)
    at com.sap.cds.adapter.odata.v4.processors.CdsProcessor.operation(CdsProcessor.java:674)
    at com.sap.cds.adapter.odata.v4.processors.CdsProcessor.delegateRequest(CdsProcessor.java:194)
    at com.sap.cds.adapter.odata.v4.processors.CdsProcessor.lambda$processRequest$1(CdsProcessor.java:153)
    at com.sap.cds.services.impl.runtime.RequestContextRunnerImpl.lambda$run$3(RequestContextRunnerImpl.java:213)
    at com.sap.cds.services.impl.runtime.RequestContextRunnerImpl.run(RequestContextRunnerImpl.java:272)
    at com.sap.cds.services.impl.runtime.RequestContextRunnerImpl.run(RequestContextRunnerImpl.java:212)
    at com.sap.cds.adapter.odata.v4.processors.CdsProcessor.processRequest(CdsProcessor.java:150)
    at com.sap.cds.adapter.odata.v4.processors.CdsProcessor.lambda$processRequest$0(CdsProcessor.java:141)
    at com.sap.cds.services.impl.runtime.ChangeSetContextRunnerImpl.open(ChangeSetContextRunnerImpl.java:62)
    at com.sap.cds.services.impl.runtime.ChangeSetContextRunnerImpl.run(ChangeSetContextRunnerImpl.java:41)
    at com.sap.cds.adapter.odata.v4.processors.CdsProcessor.processRequest(CdsProcessor.java:140)
    at com.sap.cds.adapter.odata.v4.processors.AbstractODataProcessor.processRequest(AbstractODataProcessor.java:155)
    at com.sap.cds.adapter.odata.v4.processors.AbstractODataProcessor.processNoContentRequest(AbstractODataProcessor.java:100)
    at com.sap.cds.adapter.odata.v4.processors.OlingoProcessor.processActionVoid(OlingoProcessor.java:198)
    at org.apache.olingo.server.core.ODataDispatcher.handleActionDispatching(ODataDispatcher.java:228)
    at org.apache.olingo.server.core.ODataDispatcher.handleResourceDispatching(ODataDispatcher.java:144)
    at org.apache.olingo.server.core.ODataDispatcher.dispatch(ODataDispatcher.java:120)
    at org.apache.olingo.server.core.ODataHandlerImpl.processInternal(ODataHandlerImpl.java:170)
    at org.apache.olingo.server.core.ODataHandlerImpl.process(ODataHandlerImpl.java:86)
    at org.apache.olingo.server.core.batchhandler.BatchPartHandler.handle(BatchPartHandler.java:74)
    at org.apache.olingo.server.core.batchhandler.BatchPartHandler.handleBatchRequest(BatchPartHandler.java:57)
    at org.apache.olingo.server.core.batchhandler.BatchFacadeImpl.handleBatchRequest(BatchFacadeImpl.java:56)
    at com.sap.cds.adapter.odata.v4.processors.OlingoProcessor.processBatch(OlingoProcessor.java:320)
    at org.apache.olingo.server.core.batchhandler.BatchHandler.process(BatchHandler.java:56)
    at org.apache.olingo.server.core.ODataDispatcher.dispatch(ODataDispatcher.java:126)
    at org.apache.olingo.server.core.ODataHandlerImpl.processInternal(ODataHandlerImpl.java:170)
    at org.apache.olingo.server.core.ODataHandlerImpl.process(ODataHandlerImpl.java:86)
    at org.apache.olingo.server.core.ODataHttpHandlerImpl.process(ODataHttpHandlerImpl.java:75)
    at org.apache.olingo.server.core.ODataHttpHandlerImpl.process(ODataHttpHandlerImpl.java:89)
    at com.sap.cds.adapter.odata.v4.CdsODataV4Servlet.lambda$service$0(CdsODataV4Servlet.java:130)
    at com.sap.cds.services.impl.runtime.RequestContextRunnerImpl.lambda$run$3(RequestContextRunnerImpl.java:213)
    at com.sap.cds.services.impl.runtime.RequestContextRunnerImpl.run(RequestContextRunnerImpl.java:272)
    at com.sap.cds.services.impl.runtime.RequestContextRunnerImpl.run(RequestContextRunnerImpl.java:212)
    at com.sap.cds.adapter.odata.v4.CdsODataV4Servlet.service(CdsODataV4Servlet.java:89)
    at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
    at com.sap.cds.framework.spring.config.adapter.ServletAdapterRestController.handleRequest(ServletAdapterRestController.java:30)
    at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:51)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
    at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914)
    at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:590)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
    at org.springframework.test.web.servlet.TestDispatcherServlet.service(TestDispatcherServlet.java:72)
    at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
    at org.springframework.mock.web.MockFilterChain$ServletFilterProxy.doFilter(MockFilterChain.java:165)
    at org.springframework.mock.web.MockFilterChain.doFilter(MockFilterChain.java:132)
    at com.sap.hcp.cf.logging.servlet.filter.CompositeFilter$InternalFilterChain.doFilter(CompositeFilter.java:86)
    at com.sap.hcp.cf.logging.servlet.filter.GenerateRequestLogFilter.doFilter(GenerateRequestLogFilter.java:95)
    at com.sap.hcp.cf.logging.servlet.filter.GenerateRequestLogFilter.doFilterRequest(GenerateRequestLogFilter.java:62)
    at com.sap.hcp.cf.logging.servlet.filter.AbstractLoggingFilter.doFilter(AbstractLoggingFilter.java:20)
    at com.sap.hcp.cf.logging.servlet.filter.CompositeFilter$InternalFilterChain.doFilter(CompositeFilter.java:84)
    at com.sap.hcp.cf.logging.servlet.filter.AbstractLoggingFilter.doFilterRequest(AbstractLoggingFilter.java:47)
    at com.sap.hcp.cf.logging.servlet.filter.AbstractLoggingFilter.doFilter(AbstractLoggingFilter.java:20)
    at com.sap.hcp.cf.logging.servlet.filter.CompositeFilter$InternalFilterChain.doFilter(CompositeFilter.java:84)
    at com.sap.hcp.cf.logging.servlet.filter.AbstractLoggingFilter.doFilterRequest(AbstractLoggingFilter.java:47)
    at com.sap.hcp.cf.logging.servlet.filter.AbstractLoggingFilter.doFilter(AbstractLoggingFilter.java:20)
    at com.sap.hcp.cf.logging.servlet.filter.CompositeFilter$InternalFilterChain.doFilter(CompositeFilter.java:84)
    at com.sap.hcp.cf.logging.servlet.filter.AbstractLoggingFilter.doFilterRequest(AbstractLoggingFilter.java:47)
    at com.sap.hcp.cf.logging.servlet.filter.AbstractLoggingFilter.doFilter(AbstractLoggingFilter.java:20)
    at com.sap.hcp.cf.logging.servlet.filter.CompositeFilter$InternalFilterChain.doFilter(CompositeFilter.java:84)
    at com.sap.hcp.cf.logging.servlet.filter.AbstractLoggingFilter.doFilterRequest(AbstractLoggingFilter.java:47)
    at com.sap.hcp.cf.logging.servlet.filter.AbstractLoggingFilter.doFilter(AbstractLoggingFilter.java:20)
    at com.sap.hcp.cf.logging.servlet.filter.CompositeFilter$InternalFilterChain.doFilter(CompositeFilter.java:84)
    at com.sap.hcp.cf.logging.servlet.filter.CompositeFilter.doFilter(CompositeFilter.java:59)
    at org.springframework.test.web.servlet.setup.MockMvcFilterDecorator.doFilter(MockMvcFilterDecorator.java:151)
    at org.springframework.mock.web.MockFilterChain.doFilter(MockFilterChain.java:132)
    at com.sap.dwc.util.headers.http.DwcHeaderRequestFilter.doFilterInternal(DwcHeaderRequestFilter.java:43)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
    at org.springframework.test.web.servlet.setup.MockMvcFilterDecorator.doFilter(MockMvcFilterDecorator.java:151)
    at org.springframework.mock.web.MockFilterChain.doFilter(MockFilterChain.java:132)
    at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:108)
    at org.springframework.security.web.FilterChainProxy.lambda$doFilterInternal$3(FilterChainProxy.java:231)
    at org.springframework.security.web.ObservationFilterChainDecorator$FilterObservation$SimpleFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:479)
    at org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:340)
    at org.springframework.security.web.ObservationFilterChainDecorator.lambda$wrapSecured$0(ObservationFilterChainDecorator.java:82)
    at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:128)
    at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:100)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
    at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
    at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
    at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
    at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
    at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
    at com.sap.dwc.util.mauth.tls.filter.SpringSecurityTlsMAuthRequestFilter.doFilterInternal(SpringSecurityTlsMAuthRequestFilter.java:56)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
    at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
    at org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter.doFilterInternal(BearerTokenAuthenticationFilter.java:145)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
    at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
    at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
    at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
    at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
    at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
    at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
    at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
    at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
    at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82)
    at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
    at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
    at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
    at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
    at org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323)
    at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224)
    at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)
    at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113)
    at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195)
    at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113)
    at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74)
    at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:230)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268)
    at org.springframework.test.web.servlet.setup.MockMvcFilterDecorator.doFilter(MockMvcFilterDecorator.java:151)
    at org.springframework.mock.web.MockFilterChain.doFilter(MockFilterChain.java:132)
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
    at org.springframework.test.web.servlet.setup.MockMvcFilterDecorator.doFilter(MockMvcFilterDecorator.java:151)
    at org.springframework.mock.web.MockFilterChain.doFilter(MockFilterChain.java:132)
    at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
    at org.springframework.test.web.servlet.setup.MockMvcFilterDecorator.doFilter(MockMvcFilterDecorator.java:151)
    at org.springframework.mock.web.MockFilterChain.doFilter(MockFilterChain.java:132)
    at org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:109)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
    at org.springframework.test.web.servlet.setup.MockMvcFilterDecorator.doFilter(MockMvcFilterDecorator.java:151)
    at org.springframework.mock.web.MockFilterChain.doFilter(MockFilterChain.java:132)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
    at org.springframework.test.web.servlet.setup.MockMvcFilterDecorator.doFilter(MockMvcFilterDecorator.java:151)
    at org.springframework.mock.web.MockFilterChain.doFilter(MockFilterChain.java:132)
    at com.sap.dwc.util.mauth.tls.filter.SpringMvcTlsMAuthRequestFilter.doFilterInternal(SpringMvcTlsMAuthRequestFilter.java:55)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
    at org.springframework.test.web.servlet.setup.MockMvcFilterDecorator.doFilter(MockMvcFilterDecorator.java:151)
    at org.springframework.mock.web.MockFilterChain.doFilter(MockFilterChain.java:132)
    at org.springframework.test.web.servlet.MockMvc.perform(MockMvc.java:201)
    at com.sap.finance.grl.periodcontrol.test.utils.BatchRequestHelperImpl.performBatchCall(BatchRequestHelperImpl.java:77)
    at com.sap.finance.grl.periodcontrol.handlers.fiscalyearvariantperiod.FiscalYearVariantPeriodIntegrationTest.testReadFromBackendOpenCloseJourney(FiscalYearVariantPeriodIntegrationTest.java:159)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:568)
    at org.junit.platform.commons.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:728)
    at org.junit.jupiter.engine.execution.MethodInvocation.proceed(MethodInvocation.java:60)
    at org.junit.jupiter.engine.execution.InvocationInterceptorChain$ValidatingInvocation.proceed(InvocationInterceptorChain.java:131)
    at org.junit.jupiter.engine.extension.TimeoutExtension.intercept(TimeoutExtension.java:156)
    at org.junit.jupiter.engine.extension.TimeoutExtension.interceptTestableMethod(TimeoutExtension.java:147)
    at org.junit.jupiter.engine.extension.TimeoutExtension.interceptTestMethod(TimeoutExtension.java:86)
    at org.junit.jupiter.engine.execution.InterceptingExecutableInvoker$ReflectiveInterceptorCall.lambda$ofVoidMethod$0(InterceptingExecutableInvoker.java:103)
    at org.junit.jupiter.engine.execution.InterceptingExecutableInvoker.lambda$invoke$0(InterceptingExecutableInvoker.java:93)
    at org.junit.jupiter.engine.execution.InvocationInterceptorChain$InterceptedInvocation.proceed(InvocationInterceptorChain.java:106)
    at org.junit.jupiter.engine.execution.InvocationInterceptorChain.proceed(InvocationInterceptorChain.java:64)
    at org.junit.jupiter.engine.execution.InvocationInterceptorChain.chainAndInvoke(InvocationInterceptorChain.java:45)
    at org.junit.jupiter.engine.execution.InvocationInterceptorChain.invoke(InvocationInterceptorChain.java:37)
    at org.junit.jupiter.engine.execution.InterceptingExecutableInvoker.invoke(InterceptingExecutableInvoker.java:92)
    at org.junit.jupiter.engine.execution.InterceptingExecutableInvoker.invoke(InterceptingExecutableInvoker.java:86)
    at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.lambda$invokeTestMethod$7(TestMethodTestDescriptor.java:218)
    at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
    at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.invokeTestMethod(TestMethodTestDescriptor.java:214)
    at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.execute(TestMethodTestDescriptor.java:139)
    at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.execute(TestMethodTestDescriptor.java:69)
    at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$6(NodeTestTask.java:151)
    at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
    at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:141)
    at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
    at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$9(NodeTestTask.java:139)
    at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
    at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:138)
    at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:95)
    at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
    at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:41)
    at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$6(NodeTestTask.java:155)
    at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
    at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:141)
    at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
    at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$9(NodeTestTask.java:139)
    at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
    at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:138)
    at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:95)
    at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
    at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:41)
    at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$6(NodeTestTask.java:155)
    at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
    at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:141)
    at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137)
    at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$9(NodeTestTask.java:139)
    at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
    at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:138)
    at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:95)
    at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.submit(SameThreadHierarchicalTestExecutorService.java:35)
    at org.junit.platform.engine.support.hierarchical.HierarchicalTestExecutor.execute(HierarchicalTestExecutor.java:57)
    at org.junit.platform.engine.support.hierarchical.HierarchicalTestEngine.execute(HierarchicalTestEngine.java:54)
    at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:198)
    at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:169)
    at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:93)
    at org.junit.platform.launcher.core.EngineExecutionOrchestrator.lambda$execute$0(EngineExecutionOrchestrator.java:58)
    at org.junit.platform.launcher.core.EngineExecutionOrchestrator.withInterceptedStreams(EngineExecutionOrchestrator.java:141)
    at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:57)
    at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:103)
    at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:85)
    at org.junit.platform.launcher.core.DelegatingLauncher.execute(DelegatingLauncher.java:47)
    at org.junit.platform.launcher.core.SessionPerRequestLauncher.execute(SessionPerRequestLauncher.java:63)
    at com.intellij.junit5.JUnit5IdeaTestRunner.startRunnerWithArgs(JUnit5IdeaTestRunner.java:57)
    at com.intellij.rt.junit.IdeaTestRunner$Repeater$1.execute(IdeaTestRunner.java:38)
    at com.intellij.rt.execution.junit.TestsRepeater.repeat(TestsRepeater.java:11)
    at com.intellij.rt.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:35)
    at com.intellij.rt.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:232)
    at com.intellij.rt.junit.JUnitStarter.main(JUnitStarter.java:55)
Caused by: java.lang.NullPointerException: Cannot invoke "com.sap.cloud.security.ams.api.Principal.getAttributes()" because "principal" is null
    at com.sap.finance.grl.periodcontrol.generated.common.ams.AmsPolicyEvaluatorImpl.getAttributes(AmsPolicyEvaluatorImpl.java:131)

Project Details

Checklist

newtork commented 2 months ago

(Just a guess) We updated the security library from 3.4.0 to 3.4.3

Could you check what happens if you enforce the previous library version by prepending (or was it appending?) the following to the SDK BOM entry in your POM...?

<!-- SAP Business Technology Platform - Cloud Foundry XSUAA Client -->
<dependency>
  <groupId>com.sap.cloud.security</groupId>
  <artifactId>java-bom</artifactId>
  <version>3.4.0</version>
  <scope>import</scope>
  <type>pom</type>
</dependency>
SAPilot commented 2 months ago

adding this dependency in dependencyManagement with version 3.5.0 fixed the issue temporarily

newtork commented 1 month ago

Could you please share the mvn dependency:tree of the failing project? There seems to be a dependency conflict for transitive com.sap.cloud.security artifacts

SAPilot commented 1 month ago

Updating the security-patched-spring-boot-starter to version 3.2.6-sap-01 fixed the issue

<groupId>com.sap.sgs</groupId>
<artifactId>security-patched-spring-boot-starter</artifactId>
<version>3.2.6-sap-01</version>
SAPilot commented 1 month ago

Issue is not fixed. There is a difference between running all the tests at once and running classes separately. If one is running all the tests, there is no issue. Running a test class e.g. FiscalYearVariantPeriodIntegrationTest is causing Cannot invoke "com.sap.cloud.security.ams.api.Principal.getAttributes()" because "principal" is null

Adding the cloud.security.version 3.5.0 is working at the moment:

<dependencyManagement>
    <dependencies>
       <dependency>
          <groupId>com.sap.cloud.security</groupId>
          <artifactId>java-bom</artifactId>
          <version>${com.sap.cloud.security.version}</version>
          <type>pom</type>
          <scope>import</scope>
       </dependency>
    </dependencies>
</dependencyManagement>

Dependency tree without the dependency above:

com.sap.finance.grl:grl-period-control-srv:jar:1.0.0 +- com.sap.cds:cds-starter-spring-boot:jar:2.9.1:compile | +- com.sap.cds:cds-services-api:jar:2.9.1:compile | | +- com.sap.cds:cds4j-api:jar:2.9.2:compile | | - com.sap.cloud.environment.servicebinding.api:java-core-api:jar:0.10.5:compile | +- com.sap.cds:cds-services-impl:jar:2.9.1:compile | | +- com.sap.cloud.environment.servicebinding.api:java-access-api:jar:0.10.5:compile | | - org.apache.commons:commons-csv:jar:1.10.0:compile | +- com.sap.cds:cds-feature-jdbc:jar:2.9.1:runtime | | +- com.sap.cds:cds4j-runtime:jar:2.9.2:runtime | | | - com.sap.cds:cds4j-jdbc-spi:jar:2.9.2:runtime | | - com.sap.cds:cds4j-tx:jar:2.9.2:runtime | +- com.sap.cds:cds-framework-spring-boot:jar:2.9.1:runtime | +- org.springframework.boot:spring-boot-starter-web:jar:3.2.5:compile | | +- org.springframework.boot:spring-boot-starter-tomcat:jar:3.2.5:compile | | | +- org.apache.tomcat.embed:tomcat-embed-core:jar:10.1.20:compile | | | - org.apache.tomcat.embed:tomcat-embed-websocket:jar:10.1.20:compile | | - org.springframework:spring-webmvc:jar:6.1.6:compile | - org.springframework.boot:spring-boot-starter-jdbc:jar:3.2.5:compile | +- com.zaxxer:HikariCP:jar:5.0.1:compile | - org.springframework:spring-jdbc:jar:6.1.6:compile +- com.sap.cds:cds-adapter-odata-v4:jar:2.9.1:runtime | +- com.sap.cds:cds-adapter-api:jar:2.9.1:compile | +- com.sap.cds:cds-services-utils:jar:2.9.1:compile | | +- com.sap.cloud.sdk.cloudplatform:connectivity-oauth:jar:5.9.0:compile | | +- io.opentelemetry:opentelemetry-api:jar:1.31.0:compile | | | - io.opentelemetry:opentelemetry-context:jar:1.31.0:compile | | +- com.sap.cloud.security.xsuaa:token-client:jar:3.4.3:compile | | - com.sap.cloud.mt:tools:jar:2.9.2:compile | +- com.sap.cds:cds4j-core:jar:2.9.2:compile | +- com.sap.cloud.mt:cds-mtx:jar:2.9.2:compile | | - commons-io:commons-io:jar:2.16.1:compile | +- com.sap.cds.repackaged:odata-v4-lib:jar:2.9.1:runtime | | +- commons-codec:commons-codec:jar:1.16.1:compile | | +- com.fasterxml.jackson.dataformat:jackson-dataformat-xml:jar:2.15.4:runtime | | | - org.codehaus.woodstox:stax2-api:jar:4.2.1:runtime | | - com.fasterxml:aalto-xml:jar:1.3.2:runtime | - org.slf4j:slf4j-api:jar:2.0.13:compile +- com.sap.cds:cds-starter-cloudfoundry:jar:2.9.1:compile | +- com.sap.cds:cds-feature-hana:jar:2.9.1:compile | | - com.sap.cloud.db.jdbc:ngdbc:jar:2.20.17:compile | +- com.sap.cds:cds-feature-mt:jar:2.9.1:compile | | +- com.sap.cds:cds-integration-cloud-sdk:jar:2.9.1:compile | | | - com.sap.cloud.sdk.frameworks:resilience4j:jar:4.30.0:compile | | +- com.sap.cloud.mt:multi-tenant-runtime:jar:2.9.2:compile | | - com.sap.cloud.mt:multi-tenant-subscription:jar:2.9.2:compile | | - com.sap.cloud.instancemanager:client:jar:3.14.0:compile | +- com.sap.cds:cds-feature-cloudfoundry:jar:2.9.1:compile | | - com.sap.cloud.environment.servicebinding:java-sap-vcap-services:jar:0.10.5:compile | +- com.sap.cds:cds-feature-xsuaa:jar:2.9.1:compile | - com.sap.cloud.security.xsuaa:xsuaa-spring-boot-starter:jar:3.4.3:compile | - com.sap.cloud.security.xsuaa:spring-xsuaa:jar:3.4.3:compile | - org.apache.logging.log4j:log4j-to-slf4j:jar:2.21.1:compile | - org.apache.logging.log4j:log4j-api:jar:2.21.1:compile +- com.sap.cds:cds-feature-kafka:jar:2.9.1:compile | +- com.sap.cds:cds-services-messaging:jar:2.9.1:compile | | - jakarta.jms:jakarta.jms-api:jar:3.1.0:compile | - org.apache.kafka:kafka-clients:jar:3.6.2:compile | +- com.github.luben:zstd-jni:jar:1.5.5-1:runtime | +- org.lz4:lz4-java:jar:1.8.0:runtime | - org.xerial.snappy:snappy-java:jar:1.1.10.4:runtime +- com.sap.cds:cds-feature-identity:jar:2.9.1:compile | +- com.sap.cloud.security:java-api:jar:3.4.3:compile | - com.sap.cloud.security:java-security:jar:3.4.3:compile +- org.projectlombok:lombok:jar:1.18.32:provided +- com.sap.hcp.cf.logging:cf-java-logging-support-logback:jar:3.8.3:compile | - com.sap.hcp.cf.logging:cf-java-logging-support-core:jar:3.8.3:compile | - com.fasterxml.jackson.jr:jackson-jr-objects:jar:2.15.4:compile +- com.sap.hcp.cf.logging:cf-java-logging-support-servlet-jakarta:jar:3.8.3:compile | +- com.auth0:java-jwt:jar:4.4.0:compile | - com.fasterxml.jackson.core:jackson-databind:jar:2.17.1:compile +- org.springframework:spring-core:jar:6.1.6:compile | - org.springframework:spring-jcl:jar:6.1.6:compile +- org.springframework:spring-web:jar:6.1.6:compile | +- org.springframework:spring-beans:jar:6.1.6:compile | - io.micrometer:micrometer-observation:jar:1.12.5:compile | - io.micrometer:micrometer-commons:jar:1.12.5:compile +- org.springframework.retry:spring-retry:jar:2.0.5:compile +- org.springframework.boot:spring-boot-starter-actuator:jar:3.2.5:compile | +- org.springframework.boot:spring-boot-starter:jar:3.2.5:compile | | +- org.springframework.boot:spring-boot:jar:3.2.5:compile | | +- org.springframework.boot:spring-boot-starter-logging:jar:3.2.5:compile | | | +- ch.qos.logback:logback-classic:jar:1.4.14:compile | | | | - ch.qos.logback:logback-core:jar:1.4.14:compile | | | - org.slf4j:jul-to-slf4j:jar:2.0.13:compile | | - jakarta.annotation:jakarta.annotation-api:jar:2.1.1:compile | +- org.springframework.boot:spring-boot-actuator-autoconfigure:jar:3.2.5:compile | | - org.springframework.boot:spring-boot-actuator:jar:3.2.5:compile | - io.micrometer:micrometer-jakarta9:jar:1.12.5:compile | - io.micrometer:micrometer-core:jar:1.12.5:compile | +- org.hdrhistogram:HdrHistogram:jar:2.1.12:runtime | - org.latencyutils:LatencyUtils:jar:2.0.3:runtime +- org.springframework.boot:spring-boot-starter-security:jar:3.2.5:compile | +- org.springframework:spring-aop:jar:6.1.6:compile | +- org.springframework.security:spring-security-config:jar:6.2.4:compile | | - org.springframework:spring-context:jar:6.1.6:compile | - org.springframework.security:spring-security-web:jar:6.2.4:compile | - org.springframework:spring-expression:jar:6.1.6:compile +- org.springframework.boot:spring-boot-starter-aop:jar:3.2.5:compile | - org.aspectj:aspectjweaver:jar:1.9.22:compile +- org.springframework.boot:spring-boot-starter-validation:jar:3.2.5:compile | +- org.apache.tomcat.embed:tomcat-embed-el:jar:10.1.20:compile | - org.hibernate.validator:hibernate-validator:jar:8.0.1.Final:compile | +- org.jboss.logging:jboss-logging:jar:3.5.3.Final:compile | - com.fasterxml:classmate:jar:1.6.0:compile +- com.sap.dwc:util-cap:jar:2.3.8:compile | +- org.apache.httpcomponents.client5:httpclient5:jar:5.2.3:compile | | +- org.apache.httpcomponents.core5:httpcore5:jar:5.2.4:compile | | - org.apache.httpcomponents.core5:httpcore5-h2:jar:5.2.4:compile | - com.sap.dwc.commons:commons-util:jar:2.23.0:compile +- com.sap.dwc:util-headers:jar:2.3.8:compile | - com.sap.dwc:util-model:jar:2.3.8:compile +- com.sap.dwc:util-product-config:jar:2.3.8:compile +- com.sap.dwc:util-mutual-authentication:jar:2.3.8:compile | +- org.bouncycastle:bcprov-jdk18on:jar:1.77:compile | - org.bouncycastle:bcpkix-jdk18on:jar:1.78.1:compile | - org.bouncycastle:bcutil-jdk18on:jar:1.78.1:compile +- com.sap.dwc:util-btp-security-lib-integration:jar:2.3.8:compile | - com.jayway.jsonpath:json-path:jar:2.9.0:compile +- com.sap.dwc:util-routing:jar:2.3.8:compile +- com.sap.calm.x:calm-kafka-clientlib:jar:2.1.2-20240514134521_dcf171eca96141e071f99ee50be94b32d425ee8d:compile | +- io.cloudevents:cloudevents-json-jackson:jar:3.0.0:compile | | - io.cloudevents:cloudevents-core:jar:3.0.0:compile | | - io.cloudevents:cloudevents-api:jar:3.0.0:compile | +- io.cloudevents:cloudevents-kafka:jar:3.0.0:compile | +- org.apache.avro:avro:jar:1.11.3:compile | +- org.apache.commons:commons-compress:jar:1.26.0:compile | +- org.immutables:value:jar:2.10.1:compile | +- com.fasterxml.jackson.core:jackson-core:jar:2.17.1:compile | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.17.1:compile | +- com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar:2.15.4:compile | +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.17.1:compile | +- jakarta.validation:jakarta.validation-api:jar:3.0.2:compile | +- com.sap.cloud.sdk.cloudplatform:connectivity-dwc:jar:5.9.0:compile | +- org.jsoup:jsoup:jar:1.15.3:compile | +- org.springframework.security:spring-security-oauth2-client:jar:6.2.4:compile | | +- org.springframework.security:spring-security-oauth2-core:jar:6.2.4:compile | | - com.nimbusds:oauth2-oidc-sdk:jar:9.43.3:compile | | +- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile | | +- com.nimbusds:content-type:jar:2.2:compile | | - com.nimbusds:lang-tag:jar:1.7:compile | +- org.springframework.kafka:spring-kafka:jar:3.1.4:compile | | +- org.springframework:spring-messaging:jar:6.1.6:compile | | - org.springframework:spring-tx:jar:6.1.6:compile | +- io.pivotal.cfenv:java-cfenv:jar:3.1.5:compile | | - com.cedarsoftware:json-io:jar:4.19.1:compile | | - com.novell.ldap:jldap:jar:2009-10-07:compile | +- org.apache.commons:commons-collections4:jar:4.4:compile | +- com.google.code.gson:gson:jar:2.10.1:compile | +- org.springframework.cloud:spring-cloud-context:jar:4.1.2:compile | | - org.springframework.security:spring-security-crypto:jar:6.2.4:compile | - org.apache.commons:commons-text:jar:1.12.0:compile +- com.sap.cloud.tenantlifecycle:euporie-api:jar:2.0.0-20240509122112_728368f5a0a8fe4a41ee5bc1db6f3859eaca64e1:compile | +- org.springframework.boot:spring-boot-starter-json:jar:3.2.5:compile | | +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.15.4:compile | | - com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.15.4:compile | - com.sap.cloud.tenantlifecycle:euporie-api-domain:jar:2.0.0-20240509122112_728368f5a0a8fe4a41ee5bc1db6f3859eaca64e1:compile +- com.sap.cloud.tenantlifecycle:hegemone-specs:jar:2.0.0-20240513130705_00f533e420545e0e839cf760869d2eb3facaa160:compile +- com.sap.cloud.sdk.cloudplatform:dwc-cf:jar:5.9.0:compile | - com.sap.cloud.sdk:sdk-core:jar:5.9.0:compile | +- com.sap.cloud.sdk.cloudplatform:connectivity-destination-service:jar:5.9.0:compile | - com.sap.cloud.sdk.cloudplatform:servlet-jakarta:jar:5.9.0:compile +- com.sap.cloud.sdk.cloudplatform:resilience:jar:5.9.0:compile | +- com.sap.cloud.sdk.cloudplatform:resilience-api:jar:5.9.0:compile | - com.sap.cloud.sdk.cloudplatform:resilience4j:jar:5.9.0:compile | +- io.github.resilience4j:resilience4j-circuitbreaker:jar:2.2.0:compile | | - io.github.resilience4j:resilience4j-core:jar:2.2.0:compile | +- io.github.resilience4j:resilience4j-bulkhead:jar:2.2.0:compile | +- io.github.resilience4j:resilience4j-timelimiter:jar:2.2.0:compile | +- io.github.resilience4j:resilience4j-retry:jar:2.2.0:compile | +- io.github.resilience4j:resilience4j-ratelimiter:jar:2.2.0:compile | - javax.cache:cache-api:jar:1.1.1:compile +- com.sap.cloud.sdk.cloudplatform:connectivity-apache-httpclient4:jar:5.9.0:compile | +- com.sap.cloud.sdk.cloudplatform:cloudplatform-core:jar:5.9.0:compile | +- com.sap.cloud.sdk.cloudplatform:cloudplatform-connectivity:jar:5.9.0:compile | | - com.mikesamuel:json-sanitizer:jar:1.2.3:compile | +- com.sap.cloud.sdk.cloudplatform:caching:jar:5.9.0:compile | +- com.sap.cloud.sdk.cloudplatform:tenant:jar:5.9.0:compile | +- com.sap.cloud.sdk.cloudplatform:security:jar:5.9.0:compile | +- org.slf4j:jcl-over-slf4j:jar:2.0.13:runtime | +- io.vavr:vavr:jar:0.10.4:compile | | - io.vavr:vavr-match:jar:0.10.4:compile | +- com.google.guava:guava:jar:33.2.0-jre:compile | | +- com.google.guava:failureaccess:jar:1.0.2:compile | | +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile | | +- org.checkerframework:checker-qual:jar:3.43.0:compile | | +- com.google.errorprone:error_prone_annotations:jar:2.27.1:compile | | - com.google.j2objc:j2objc-annotations:jar:3.0.0:compile | +- com.github.ben-manes.caffeine:caffeine:jar:3.1.8:compile | +- org.apache.httpcomponents:httpcore:jar:4.4.16:compile | +- org.apache.httpcomponents:httpclient:jar:4.5.14:compile | - org.apache.commons:commons-lang3:jar:3.14.0:compile +- com.sap.cp.auditlog:audit-java-client-api:jar:2.6.0:compile +- com.sap.cp.auditlog:audit-java-client-impl:jar:2.6.0:compile | +- com.sap.cloud.security:env:jar:3.4.3:compile | | +- com.sap.cloud.environment.servicebinding:java-sap-service-operator:jar:0.10.5:compile | | +- com.sap.cloud.environment.servicebinding.api:java-consumption-api:jar:0.10.5:compile | | - org.json:json:jar:20231013:compile | - com.sap.cp.auditlog:auditlog-common:jar:2.2.16:compile +- io.swagger.core.v3:swagger-annotations:jar:2.2.21:compile +- org.openapitools:jackson-databind-nullable:jar:0.2.6:compile +- com.sap.cloud.security:resourceserver-security-spring-boot-starter:jar:3.4.3:compile | +- com.sap.cloud.security:spring-security:jar:3.4.3:compile | | +- com.nimbusds:nimbus-jose-jwt:jar:9.37.3:compile | | - io.projectreactor:reactor-core:jar:3.6.5:compile | | - org.reactivestreams:reactive-streams:jar:1.0.4:compile | +- org.springframework.security:spring-security-oauth2-jose:jar:6.2.4:compile | +- org.springframework.security:spring-security-oauth2-resource-server:jar:6.2.4:compile | - org.springframework.boot:spring-boot-autoconfigure:jar:3.2.5:compile +- com.sap.cloud.security.ams.client:cap-support:jar:1.4.0:compile | - com.sap.cloud.security.ams.dcl:client:jar:0.20.0:compile +- com.sap.cloud.security.ams.client:jakarta-ams:jar:1.4.0:compile | - com.sap.cloud.security.ams.dcl:rt.opa:jar:0.20.0:runtime | - com.sap.cloud.security.ams.dcl:spi:jar:0.20.0:runtime +- com.sap.cloud.security.ams.client:spring-boot-starter-ams-resourceserver:jar:1.4.0:compile | - com.sap.cloud.security.ams.client:spring-ams:jar:1.4.0:compile +- org.yaml:snakeyaml:jar:2.2:compile +- org.springframework.boot:spring-boot-starter-test:jar:3.2.5:test | +- org.springframework.boot:spring-boot-test:jar:3.2.5:test | +- org.springframework.boot:spring-boot-test-autoconfigure:jar:3.2.5:test | +- jakarta.xml.bind:jakarta.xml.bind-api:jar:4.0.2:test | | - jakarta.activation:jakarta.activation-api:jar:2.1.3:test | +- net.minidev:json-smart:jar:2.5.1:compile | | - net.minidev:accessors-smart:jar:2.5.1:compile | | - org.ow2.asm:asm:jar:9.6:compile | +- org.assertj:assertj-core:jar:3.24.2:test | | - net.bytebuddy:byte-buddy:jar:1.14.13:test | +- org.awaitility:awaitility:jar:4.2.1:test | +- org.hamcrest:hamcrest:jar:2.2:test | +- org.mockito:mockito-core:jar:5.7.0:test | | +- net.bytebuddy:byte-buddy-agent:jar:1.14.13:test | | - org.objenesis:objenesis:jar:3.3:test | +- org.mockito:mockito-junit-jupiter:jar:5.7.0:test | +- org.skyscreamer:jsonassert:jar:1.5.1:test | +- org.springframework:spring-test:jar:6.1.6:test | - org.xmlunit:xmlunit-core:jar:2.9.1:test +- org.junit.jupiter:junit-jupiter:jar:5.10.2:test | - org.junit.jupiter:junit-jupiter-api:jar:5.10.2:test | +- org.opentest4j:opentest4j:jar:1.3.0:test | - org.junit.platform:junit-platform-commons:jar:1.10.2:test +- org.junit.jupiter:junit-jupiter-engine:jar:5.10.2:test | +- org.junit.platform:junit-platform-engine:jar:1.10.2:test | - org.apiguardian:apiguardian-api:jar:1.1.2:test +- org.junit.jupiter:junit-jupiter-params:jar:5.10.2:test +- com.h2database:h2:jar:2.2.224:test +- org.springframework.security:spring-security-test:jar:6.2.4:test | - org.springframework.security:spring-security-core:jar:6.2.4:compile +- com.sap.cloud.security.ams.client:spring-boot-starter-ams-test:jar:1.4.0:test +- com.sap.cloud.security.ams.client:java-ams-test:jar:1.4.0:test | - com.sap.cloud.security.opa:binaries:pom:0.60.0-sap-0.3.7:test | +- com.sap.cloud.security.opa:binaries.linux:jar:0.60.0-sap-0.3.7:test | +- com.sap.cloud.security.opa:binaries.macos:jar:0.60.0-sap-0.3.7:test | - com.sap.cloud.security.opa:binaries.windows:jar:0.60.0-sap-0.3.7:test +- com.sap.cumulus.jiralinking:jira-annotation:jar:3.5.3:test +- com.sap.cloud.security:java-security-test:jar:3.4.3:test | +- junit:junit:jar:4.13.2:test | | - org.hamcrest:hamcrest-core:jar:2.2:test | +- org.eclipse.jetty:jetty-server:jar:12.0.8:test | | +- org.eclipse.jetty:jetty-http:jar:12.0.8:test | | | - org.eclipse.jetty:jetty-util:jar:12.0.8:test | | - org.eclipse.jetty:jetty-io:jar:12.0.8:test | +- org.eclipse.jetty.ee10:jetty-ee10-servlet:jar:12.0.8:test | | +- jakarta.servlet:jakarta.servlet-api:jar:6.0.0:test | | +- org.eclipse.jetty:jetty-security:jar:12.0.8:test | | - org.eclipse.jetty:jetty-session:jar:12.0.8:test | +- org.eclipse.jetty.ee10:jetty-ee10-webapp:jar:12.0.8:test | | - org.eclipse.jetty:jetty-xml:jar:12.0.8:test | - org.wiremock:wiremock-standalone:jar:3.5.4:test +- com.tngtech.archunit:archunit:jar:1.3.0:test +- com.google.code.bean-matchers:bean-matchers:jar:0.14:test - org.reflections:reflections:jar:0.10.2:test +- org.javassist:javassist:jar:3.28.0-GA:test - com.google.code.findbugs:jsr305:jar:3.0.2:compile

newtork commented 1 month ago

However when I downgrade SDK to 5.8.0, then I still observed the same error.

While debugging I've definitely noticed some incompatibilities between SAP Security Library and DwC Library ## Debugging protocol Policy Evaluator calls `com.sap.cloud.security.ams.api.Principal.create()`
(Screenshot) ![image](https://github.com/SAP/cloud-sdk-java/assets/22489773/aacc97c6-f7b7-42db-b492-1bb48029f7b6)
calls `com.sap.cloud.security.ams.api.PrincipalBuilder#createPrincipalFromSecurityContext( class com.sap.cloud.security.adapter.spring.SpringSecurityContext )`
(Screenshot) ![image](https://github.com/SAP/cloud-sdk-java/assets/22489773/b9cac963-dd45-4079-add0-54744fb39805)
calls `com.sap.cloud.security.adapter.spring.SpringSecurityContext#getToken()`
(Screenshot) ![image](https://github.com/SAP/cloud-sdk-java/assets/22489773/57c73799-3e0d-4225-b2ba-0ed54ace2504)
SAP Spring Security Library does not have logic implemented to resolve a token from `DwcPrincipal`. Returning `null`. **My observation**: When `getToken()` resolves to `null` then a `Principal` will not be created, leading to `NullPointerException`.
SAPilot commented 1 month ago

Thank you for your help. I created the follow up issue in DwC https://github.tools.sap/deploy-with-confidence/issues/issues/2373