search

wso2 / product-apim

Welcome to the WSO2 API Manager source code! For info on working with the WSO2 API Manager repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
840 stars 784 forks source link

Customizing the JWT generation - (JWT(Self Contained) Access Tokens) doesn't work as expected and API invocation fails in WSO2 APIM 3.1.0 #8601

Closed dsmohan closed 4 years ago

dsmohan commented 4 years ago

Hi Team, i have followed the topic (Customizing the JWT generation - (JWT(Self Contained) Access Tokens)) given in the documentation (https://apim.docs.wso2.com/en/latest/learn/api-gateway/passing-end-user-attributes-to-the-backend/passing-enduser-attributes-to-the-backend-using-jwt/) for customizing JWT when invoking an API with JWT access token. I cloned the GIT repository given in the doc.: https://github.com/wso2/samples-apim/tree/master/CustomGatewayJWTGenerator to my local, imported the CustomGatewayJWTGenerator code into eclipse. In the pom.xml changed the packaging from bundle to jar, and then generated the jar using maven 3.6.3. Placed the generated jar file in /repository/components/dropins folder. Did the necessary updates in deployment.toml as shown below.

[apim.jwt**] enable = true encoding = "base64" # base64,base64url generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator" claim_dialect = "http://wso2.org/claims" header = "X-JWT-Assertion" signing_algorithm = "SHA256withRSA" enable_user_claims = true claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever"

[apim.jwt.gateway_generator] impl = "org.wso2.carbon.test.CustomGatewayJWTGenerator"**

Restarted the server and now when i test the API with JWT access token, the invocation fails and getting null pointer exception. Error Details are as shown below:

ERROR {org.apache.synapse.transport.passthru.ServerWorker} - Error processing GET request for : /pizzashack/1.0.0/menu. java.lang.NullPointerException at org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator.generateAndRetrieveJWTToken_aroundBody2(JWTValidator.java:353) at org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator.generateAndRetrieveJWTToken(JWTValidator.java:336) at org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator.authenticate_aroundBody0(JWTValidator.java:319) at org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator.authenticate(JWTValidator.java:110) at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate_aroundBody4(OAuthAuthenticator.java:334) at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.java:109) at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.isAuthenticate_aroundBody42(APIAuthenticationHandler.java:419) at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.isAuthenticate(APIAuthenticationHandler.java:413) at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest_aroundBody36(APIAuthenticationHandler.java:349) at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:320) at org.apache.synapse.rest.API.process(API.java:367) at org.apache.synapse.rest.RESTRequestHandler.apiProcessNonDefaultStrategy(RESTRequestHandler.java:149) at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:95) at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:71) at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:327) at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:98) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:368) at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:189) at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:813)

isharac commented 4 years ago

@dsmohan You should keep the packaging as the bundle and copy the generated jar to /dropins Please try thet.

dsmohan commented 4 years ago

@isharac : I left the packaging as bundle and tried to build it using maven 3.6.3. But the build is failing and it gives out an error as shown below. Seems there is some issue with the jar - "joda-time-2.9.4.wso2v1.jar". I have imported the project "CustomGatewayJWTGenerator" into eclipse as is after cloning it from the GIT link given in the documentation.

[ERROR] Failed to execute goal org.apache.felix:maven-bundle-plugin:3.2.0:bundle (default-bundle) on project CustomGatewayJWTGenerator: Error calculating classpath for project MavenProject: org.example:CustomGatewayJWTGenerator:1.0-SNAPSHOT @ C:\Users\dabbiru.mohan\eclipse-workspace\CustomGatewayJWTGenerator\pom.xml: The JAR/ZIP file (C:\Users\dabbiru.mohan.m2\repository\org\wso2\orbit\joda-time\joda-time\2.9.4.wso2v1\joda-time-2.9.4.wso2v1.jar) seems corrupted, error: invalid CEN header (bad signature)

kahennig commented 4 years ago

Hi, I tried the same documentation in 3.2.0 and also get a NullPointerException as pasted below. Did anybody find a workaround for this, or will this be fixed? Thanks!

[2020-10-06 17:14:36,664] ERROR - ServerWorker Error processing GET request for : /pizzashack/1.0.0/menu. java.lang.NullPointerException: null at org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator.generateAndRetrieveJWTToken_aroundBody2(JWTValidator.java:217) ~[org.wso2.carbon.apimgt.gateway_6.7.206.jar:?] at org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator.generateAndRetrieveJWTToken(JWTValidator.java:198) ~[org.wso2.carbon.apimgt.gateway_6.7.206.jar:?] at org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator.authenticate_aroundBody0(JWTValidator.java:184) ~[org.wso2.carbon.apimgt.gateway_6.7.206.jar:?] at org.wso2.carbon.apimgt.gateway.handlers.security.jwt.JWTValidator.authenticate(JWTValidator.java:112) ~[org.wso2.carbon.apimgt.gateway_6.7.206.jar:?] at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate_aroundBody4(OAuthAuthenticator.java:300) ~[org.wso2.carbon.apimgt.gateway_6.7.206.jar:?] at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.java:114) ~[org.wso2.carbon.apimgt.gateway_6.7.206.jar:?] at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.isAuthenticate_aroundBody42(APIAuthenticationHandler.java:424) ~[org.wso2.carbon.apimgt.gateway_6.7.206.jar:?] at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.isAuthenticate(APIAuthenticationHandler.java:418) ~[org.wso2.carbon.apimgt.gateway_6.7.206.jar:?] at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest_aroundBody36(APIAuthenticationHandler.java:354) ~[org.wso2.carbon.apimgt.gateway_6.7.206.jar:?] at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:325) ~[org.wso2.carbon.apimgt.gateway_6.7.206.jar:?] at org.apache.synapse.rest.API.process(API.java:373) ~[synapse-core_2.1.7.wso2v183.jar:2.1.7-wso2v183] at org.apache.synapse.rest.RESTRequestHandler.apiProcessNonDefaultStrategy(RESTRequestHandler.java:144) ~[synapse-core_2.1.7.wso2v183.jar:2.1.7-wso2v183] at org.apache.synapse.rest.RESTRequestHandler.identifyAPI(RESTRequestHandler.java:164) ~[synapse-core_2.1.7.wso2v183.jar:2.1.7-wso2v183] at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:95) ~[synapse-core_2.1.7.wso2v183.jar:2.1.7-wso2v183] at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:73) ~[synapse-core_2.1.7.wso2v183.jar:2.1.7-wso2v183] at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:331) ~[synapse-core_2.1.7.wso2v183.jar:2.1.7-wso2v183] at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:99) ~[synapse-core_2.1.7.wso2v183.jar:2.1.7-wso2v183] at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) ~[axis2_1.6.1.wso2v41.jar:?] at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:367) [synapse-nhttp-transport_2.1.7.wso2v183.jar:?] at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:188) [synapse-nhttp-transport_2.1.7.wso2v183.jar:?] at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) [axis2_1.6.1.wso2v41.jar:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?] at java.lang.Thread.run(Thread.java:834) [?:?]

dsmohan commented 4 years ago

@kahennig It worked for me. Please delete the entire maven cache folder in your system and retry again. Please follow the topic (Customizing the JWT generation - (JWT(Self Contained) Access Tokens)) given in the documentation (https://apim.docs.wso2.com/en/latest/learn/api-gateway/passing-end-user-attributes-to-the-backend/passing-enduser-attributes-to-the-backend-using-jwt/) for customizing JWT when invoking an API with JWT access token. Clone the GIT repository given in the doc.: https://github.com/wso2/samples-apim/tree/master/CustomGatewayJWTGenerator, build the jar using maven and place it in the /repository/components/dropins folder as given in the documentation. Do the necessary deployment.toml configurations as given in the documentation and it should work.

dsmohan commented 4 years ago

Issue resolved after deleting the maven cache and trying the process again.

kahennig commented 4 years ago

Thanks for your reply dsmohan, I'll try that!!!