Open mateusparente opened 4 years ago
Looks like the exception is bubbling up all the way to the container handler library and is not being trapped by an exception mapper within Spring: 20-08-08 16:17:43.046ERROR --- [ main] a.s.p.AwsProxyExceptionHandler : Called exception handler...
. We'll try to replicate in our tests
Hey, is there any updated on the issue is appreciable. I am also facing same thing when trying to authenticate in springboot2 with aws-serverless-java-container version 1.9.1. Below is the error: c.a.s.p.internal.LambdaContainerHandler : Error while handling request java.lang.NullPointerException: null at org.springframework.security.web.savedrequest.HttpSessionRequestCache.saveRequest(HttpSessionRequestCache.java:73) ~[task/:na] at org.springframework.security.web.access.ExceptionTranslationFilter.sendStartAuthentication(ExceptionTranslationFilter.java:214) ~[task/:na] at org.springframework.security.web.access.ExceptionTranslationFilter.handleAccessDeniedException(ExceptionTranslationFilter.java:193) ~[task/:na] at org.springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException(ExceptionTranslationFilter.java:174) ~[task/:na] at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:143) ~[task/:na]
Hi @abdulrais, that looks like a different issue to me. Happy to take a look. Can you describe the steps to reproduce it in the pet-store sample or share another small project that I can debug?
Thanks for your response @deki. I am trying to authenticate REST APIs using OAuth2 with azure AD in aws lambda. While sending request in lambda function. I am facing above exception while authenticating it. Below is the even json:
{ "body": "eyJ0ZXN0IjoiYm9keSJ9", "resource": "/api", "path": "/test", "httpMethod": "GET", "isBase64Encoded": true, "queryStringParameters": null, "multiValueQueryStringParameters": null, "pathParameters": null, "stageVariables": null, "headers": { "Authorization": "Bearer token_part" }, "multiValueHeaders": {}, "requestContext": { "accountId": "123456789012", "resourceId": "123456", "stage": "dev", "requestId": "c6af9ac6-7b61-11e6-9a41-93e8deadbeef", "requestTime": "09/Apr/2015:12:34:56 +0000", "requestTimeEpoch": 1428582896000, "identity": { "cognitoIdentityPoolId": null, "accountId": null, "cognitoIdentityId": null, "caller": null, "accessKey": null, "sourceIp": "127.0.0.1", "cognitoAuthenticationType": null, "cognitoAuthenticationProvider": null, "userArn": null, "userAgent": "Custom User Agent String", "user": null }, "path": "/test", "resourcePath": "/api", "httpMethod": "GET", "apiId": "1234567890", "protocol": "HTTP/1.1" } }
Steps:
Step 1 where I am getting exception while testing it in aws lambda.
Exception:
java.lang.NullPointerException: null at org.springframework.security.web.savedrequest.HttpSessionRequestCache.saveRequest(HttpSessionRequestCache.java:73) ~[task/:na] at org.springframework.security.web.access.ExceptionTranslationFilter.sendStartAuthentication(ExceptionTranslationFilter.java:214) ~[task/:na] at org.springframework.security.web.access.ExceptionTranslationFilter.handleAccessDeniedException(ExceptionTranslationFilter.java:193) ~[task/:na] at org.springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException(ExceptionTranslationFilter.java:174) ~[task/:na] at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:143) ~[task/:na] at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116) ~[task/:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[task/:na] at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126) ~[task/:na] at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81) ~[task/:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[task/:na] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109) ~[task/:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[task/:na] at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149) ~[task/:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[task/:na] at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[task/:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[task/:na] at org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter.doFilterInternal(BearerTokenAuthenticationFilter.java:121) ~[task/:na] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[task/:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[task/:na] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) ~[task/:na] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) ~[task/:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[task/:na] at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[task/:na] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[task/:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[task/:na] at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[task/:na] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[task/:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[task/:na] at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[task/:na] at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[task/:na] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[task/:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[task/:na] at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110) ~[task/:na] at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) ~[task/:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[task/:na] at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) ~[task/:na] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[task/:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[task/:na] at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) ~[task/:na] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[task/:na] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) ~[task/:na] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) ~[task/:na] at com.amazonaws.serverless.proxy.internal.servlet.FilterChainHolder.doFilter(FilterChainHolder.java:90) ~[task/:na] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[task/:na] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[task/:na] at com.amazonaws.serverless.proxy.internal.servlet.FilterChainHolder.doFilter(FilterChainHolder.java:90) ~[task/:na] at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[task/:na] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[task/:na] at com.amazonaws.serverless.proxy.internal.servlet.FilterChainHolder.doFilter(FilterChainHolder.java:90) ~[task/:na] at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96) ~[task/:na] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[task/:na] at com.amazonaws.serverless.proxy.internal.servlet.FilterChainHolder.doFilter(FilterChainHolder.java:90) ~[task/:na]
I'm facing same thing with @abdulrais . I've already opened this issue at https://stackoverflow.com/questions/75445394/error-when-spring-on-lambda-calls-azure-ad
@poknovem Thanks, issue #454 seems to be related. I don't have Azure AD setup for testing right now but will try to replicate the setup using the steps you provided on GitHub.
@deki Thank you for your response. I've already made my project public. You can use this https://github.com/poknovem/test-aws-lambda.git with my Azure AD for testing. Step 1. build JAR and directly upload to AWS Lambda Step 2. Call AWS Lambda via AWS API Gateway then you will get the error.
Nice, I will try it out.
thanks, @deki, it will be a huge help.
I've replied to the Stackoverflow post: https://stackoverflow.com/a/75471488/3156607
This issue is about Spring Security exception handling in general, so the issue you were facing doesn't seem related.
thanks @deki. It seems issues was related to Spring security, It works fine for me atleast no more nullPointerException.
Serverless Java Container version:
1.5.1
Implementations:Spring Boot 2
Framework version:2.2.6.RELEASE
Frontend service:REST API
Deployment method:SAM
Scenario
My current WebSecurityConfiguration:
My StreamLambdaHandler:
I throw the exception on:
Locally, when I have a JWT error, like expired token, I received the correct message that is processed on JwtAuthenticationEntryPoint.
On AWS Lambda it seems that there is no authenticationEntryPoint, as it didn't exist, I tried put logs on JwtAuthenticationEntryPoint and these logs didn't appear.
Expected behavior
Http status 403 with correct body.
Actual behavior
On Lambda, I receive
I appreciate any help. Thanks in advance.
Full log output
Lambda function's CloudWatch logs