search

SAP / cloud-security-services-integration-library

Integration libraries and samples for authenticating users and clients bound to XSUAA authentication and authorization service or Identity authentication service.
Apache License 2.0
151 stars 135 forks source link

Null pointer exception thrown when trying to retrieve xsappname information #370

Closed abhishekramesh closed 4 years ago

abhishekramesh commented 4 years ago

We are migrating our applications from Classic to JAVA NG SDK and also migrating to the new security library. https://github.wdf.sap.corp/CSI/outbound/pull/197/commits/c5c68f1269edfb14151135647260bf29564cfc2a Our reuse service is bound to only one xsuaa instance.

We referred the following example Config file and guide, we have changed our WebSecurityConfig, but we are having issues when retrieving xsappname.

Our Config file : https://github.wdf.sap.corp/CSI/outbound/blob/017526ab00dc5d32f613799891df0891eccab284/java-outbound-service/src/main/java/com/sap/is/retail/csi/outbound/config/WebSecurityConfig.java

On using xsuaaServiceConfiguration to retrive xsAppName, we get the following exception: Caused by: java.lang.NullPointerException: while trying to invoke the method com.sap.cloud.security.xsuaa.XsuaaServiceConfiguration.getAppId() of a null object loaded from static field

could you please provide your suggestion on what might be causing this?

Thanks Abhishek

nenaraab commented 4 years ago

Hi @abhishekramesh

when does the issue occur? during test, on cloud foundry, when you run your application locally?

In case of cloud foundry? Please provide me cf env <your cf-appname>via email.

In case of local test setup: https://github.com/SAP/cloud-security-xsuaa-integration/blob/master/spring-xsuaa/Migration_JavaContainerSecurityProjects.md#testing

abhishekramesh commented 4 years ago

Hi Nena,

The error occurs during deployment to cloud foundry. Error starting application "outbound-service-green": Some instances have crashed. Check the logs of your application for more information. Download the application logs via the dmol command and check them for more information. A step of the process has failed. Retrying it may solve the issue. Process failed: Error starting application "outbound-service-green": Some instances have crashed. Check the logs of your application for more information. Download the application logs via the dmol command and check them for more information.

Our application logs: [],"msg":"Application run failed","stacktrace":["java.lang.IllegalStateException: Unable to load cache item","tat org.springframework.cglib.core.internal.LoadingCache.createEntry(LoadingCache.java:79) "Caused by: java.lang.NullPointerException: while trying to invoke the method com.sap.cloud.security.xsuaa.XsuaaServiceConfiguration.getAppId() of a null object loaded from static field com.sap.is.retail.csi.outbound.config.WebSecurityConfig.xsuaaServiceConfiguration","tat com.sap.is.retail.csi.outbound.config.WebSecurityConfig.getXsAppName(WebSecurityConfig.java:64)","tat com.sap.is.retail.csi.outbound.config.WebSecurityConfig.(WebSecurityConfig.java:33)"

Locally we are able to run the spring boot application successfully. I have attached the logs after performing cf env.

cflogs.txt

Best regards Abhishek

hassler-d commented 4 years ago

Hi Abhishek,

the problem is that XSAPPNAME is static and therefore initialized at the start of the execution. Since it accesses the xsuaaServiceConfiguration you also had to make xsuaaServiceConfiguration static otherwise this would not compile. But this cannot work! The xsuaaServiceConfiguration is not static, is it is injected at runtime by spring. I don't even know if field injection works on static fields. The error you are getting makes sense since xsuaaServiceConfiguration is accessed when it is (still) null.

You have to make xsuaaServiceConfiguration non static and remove the XSAPPNAME field. If you need to access the xsappname in lots of places in your code I would suggest that either inject the xsuaaServiceConfiguration (non-static) in those places as well or that you create your own bean that gives you the properties from the xsuaaServiceConfiguration you need.

Best Regards Daniel

abhishekramesh commented 4 years ago

Hi Daniel,

Thank you for the response. We will create our bean to retrieve xsappname information from xsuaaServiceConfiguration .

In our config class : https://github.wdf.sap.corp/CSI/outbound/blob/CAP2/java-outbound-service/src/main/java/com/sap/is/retail/csi/outbound/config/WebSecurityConfig.java

We have modified our web expression from String hasScopeView = "#oauth2.hasScopeMatching('" + VIEW_SCOPE + "')"; to use String hasScopeView = VIEW_SCOPE; to authorize our requests.

After deployment, when we test our GET endpoints we get a 404 Not found error message:

Our request: GET: https://cs-intelligence-acceptance-outbound-service.cfapps.sap.hana.ondemand.com/v4/OutboundService/UserRequest**

Response: 404 Not found.

We have authorized our request, could you please provide your suggestion? We have enabled debugging, please find the logs below.

404Notfoundlogs.txt

Thanks and regards Abhishek

hassler-d commented 4 years ago

Hi Abhishek,

the expression looks good. HTTP 404 means that the endpoint you tested does not exist. This has nothing to do with the security configuration. Which endpoint did you test? When I do a HTTP GET on https://cs-intelligence-acceptance-outbound-service.cfapps.sap.hana.ondemand.com/v4/OutboundService/UserRequest I get a 401 response (which is expected I guess)

Best Regards Daniel

abhishekramesh commented 4 years ago

Sorry there was a typo in the endpoint. We are able to authenticate now. Thank you Abhishek