When a secured proxy is called from APIM gateway node with authorization header request, it failed with below issue for around 15 minutes and then automatically recovered.
TID: [-1234] [] [2019-01-21 10:59:17,401] ERROR {org.apache.axis2.engine.AxisEngine} - The security token could not be authenticated or authorized; nested exception is:
javax.security.auth.callback.UnsupportedCallbackException: Check failed : System error {org.apache.axis2.engine.AxisEngine}
org.apache.axis2.AxisFault: The security token could not be authenticated or authorized; nested exception is:
javax.security.auth.callback.UnsupportedCallbackException: Check failed : System error
at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:180)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:403)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:151)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized; nested exception is:
javax.security.auth.callback.UnsupportedCallbackException: Check failed : System error
at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:180)
at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:61)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:214)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
... 10 more
Caused by: javax.security.auth.callback.UnsupportedCallbackException: Check failed : System error
at org.wso2.carbon.security.util.ServicePasswordCallbackHandler.handle(ServicePasswordCallbackHandler.java:113)
at org.apache.rampart.TokenCallbackHandler.handle(TokenCallbackHandler.java:116)
at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:168)
... 15 more
As per the code, to identify reasons why this exception was thrown and from where it was thrown, We need to improve the exception logging.
At GW side, following sequence is used to inject the header
Description:
When a secured proxy is called from APIM gateway node with authorization header request, it failed with below issue for around 15 minutes and then automatically recovered.
As per the code, to identify reasons why this exception was thrown and from where it was thrown, We need to improve the exception logging.
At GW side, following sequence is used to inject the header
Affected Product Version:
ESB 5.0.0
OS, DB, other environment details and versions:
Linux
Steps to reproduce:
Obvious step is to inject an invalid header as the authorization header.
Related Issues:
https://wso2.org/jira/browse/IDENTITY-6692