We have a oAuth server setup using spring oauth2 (version 1.0.4).
On trying to retrieve an access token for the client credentials grant type we get a null pointer error when multiple concurrent requests are made.
Including a snippet of the stack trace:
java.lang.NullPointerException
org.springframework.security.oauth2.provider.token.DefaultAuthenticationKeyGenerator.extractKey(DefaultAuthenticationKeyGenerator.java:43)
org.springframework.security.oauth2.provider.token.JdbcTokenStore.getAccessToken(JdbcTokenStore.java:121)
org.springframework.security.oauth2.provider.token.DefaultTokenServices.createAccessToken(DefaultTokenServices.java:75)
com.marketo.identity.data.impl.IdentityDefaultTokenServices.createAccessToken(IdentityDefaultTokenServices.java:45)
org.springframework.security.oauth2.provider.token.AbstractTokenGranter.getAccessToken(AbstractTokenGranter.java:68)
org.springframework.security.oauth2.provider.token.AbstractTokenGranter.grant(AbstractTokenGranter.java:60)
org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter.grant(ClientCredentialsTokenGranter.java:41)
org.springframework.security.oauth2.provider.CompositeTokenGranter.grant(CompositeTokenGranter.java:38)
org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.getAccessToken(TokenEndpoint.java:100)
sun.reflect.GeneratedMethodAccessor167.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:601)
The request is something like this :
http://oauth-server-name/oauth/token?client_id={client_id}&client_secret={client_secret}&grant_type=client_credentials
Again this issue does not occur when a single request is made(or a low number of concurrent requests are made).
Some kind of race condition ?
Here's the example I was looking for (in XML):
<tx:advice id="tokenAdvice">
<tx:attributes>
<tx:method name="*" isolation="REPEATABLE_READ" />
</tx:attributes>
</tx:advice>
<aop:config>
<aop:pointcut id="tokenServicesExecutions" expression="execution(* org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices.*(..))" />
<aop:advisor advice-ref="tokenAdvice" pointcut-ref="tokenServicesExecutions"/>
</aop:config>
Related
I'm implementing GetReservation because TravelItineraryRead will soon be deprecated.
When creating a PNR, I get successful responses of GetReservation, but when I try to query the previously created PNR, Sabre WS rejects with "Viewership is restricted for the PNR, caused by [Viewership is restricted for the PNR (Unsupported security check), code: 700102, severity: MODERATE"
I'm connecting to Sabre WS via SOAP, in test endpoint https://sws-tls.cert.sabre.com.
The RQ I'm sending is:
<GetReservationRQ xmlns="http://webservices.sabre.com/pnrbuilder/v1_19" Version="1.19.0">
<Locator>XWYZA</Locator>
<RequestType>Stateless</RequestType>
<ReturnOptions PriceQuoteServiceVersion="3.2.0">
<SubjectAreas>
<SubjectArea>FULL</SubjectArea>
</SubjectAreas>
<ViewName>Full</ViewName>
<ResponseFormat>STL</ResponseFormat>
</ReturnOptions>
</GetReservationRQ>
I've tried with others Views and SubjectAreas, but I always get that response, what am I doing wrong?
The problem was that I needed to send RequestType: Stateful instead of Stateless
<GetReservationRQ xmlns="http://webservices.sabre.com/pnrbuilder/v1_19" Version="1.19.0">
<Locator>KDQPNP</Locator>
<RequestType>Stateful</RequestType>
<ReturnOptions PriceQuoteServiceVersion="3.2.0">
<SubjectAreas>
<SubjectArea>FULL</SubjectArea>
<SubjectArea>PRICE_QUOTE</SubjectArea>
</SubjectAreas>
<ViewName>Full</ViewName>
<ResponseFormat>STL</ResponseFormat>
</ReturnOptions>
</GetReservationRQ>
I'm trying to connect my wso2 API manager to external LDAP/Active Directory. LDAP connection is fine but I'm getting this error while starting the server.
9714 is SSL port
[2018-07-13 14:52:03,250] ERROR - JMSListener Unable to continue server startup as it seems the JMS Provider is not yet started. Please start the JMS provider now.
[2018-07-13 14:52:03,251] ERROR - JMSListener Connection attempt : 5 for JMS Provider failed. Next retry in 320 seconds
[2018-07-13 14:52:27,889] WARN - DataEndpointGroup No receiver is reachable at reconnection, will try to reconnect every 30 sec
[2018-07-13 14:52:27,906] INFO - DataBridge user admin connected
[2018-07-13 14:52:27,914] ERROR - AuthenticationServiceImpl Invalid User : admin
[2018-07-13 14:52:27,915] ERROR - DataEndpointConnectionWorker Error while trying to connect to the endpoint. Cannot borrow client for ssl://10.10.183.27:9714.
org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException: Cannot borrow client for ssl://10.10.183.27:9714.
at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:134)
at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.run(DataEndpointConnectionWorker.java:59)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.wso2.carbon.databridge.agent.exception.DataEndpointLoginException:
Error while trying to login to data receiver :/10.10.183.27:9714
at org.wso2.carbon.databridge.agent.endpoint.binary.BinaryDataEndpoint.login(BinaryDataEndpoint.java:50) at org.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorker.connect(DataEndpointConnectionWorker.java:128)
... 6 more
This error usually is due to the Analytics configuration or Throttling configuration.
Try to disable the Analytics publisher in the api-manager.xml file, if enabled, or review the connection details under DASServerUrl element.
<Analytics>
<!-- Enable Analytics for API Manager -->
<Enabled>false</Enabled>
<!-- Server URL of the remote DAS/CEP server used to collect statistics. Must
be specified in protocol://hostname:port/ format.
An event can also be published to multiple Receiver Groups each having 1 or more receivers. Receiver
Groups are delimited by curly braces whereas receivers are delimited by commas.
Ex - Multiple Receivers within a single group
tcp://localhost:7612/,tcp://localhost:7613/,tcp://localhost:7614/
Ex - Multiple Receiver Groups with two receivers each
{tcp://localhost:7612/,tcp://localhost:7613},{tcp://localhost:7712/,tcp://localhost:7713/} -->
<DASServerURL>{tcp://localhost:7612}</DASServerURL>
<!--DASAuthServerURL>{ssl://localhost:7712}</DASAuthServerURL-->
<!-- Administrator username to login to the remote DAS server. -->
<DASUsername>${admin.username}</DASUsername>
<!-- Administrator password to login to the remote DAS server. -->
<DASPassword>${admin.password}</DASPassword>
You can also try to disable, or review the configuration in ReceiverUrlGroup and AuthUrlGroup, of the Advanced Throttling feature.
<ThrottlingConfigurations>
<EnableAdvanceThrottling>false</EnableAdvanceThrottling>
<DataPublisher>
<Enabled>true</Enabled>
<Type>Binary</Type>
<ReceiverUrlGroup>tcp://${carbon.local.ip}:${receiver.url.port}</ReceiverUrlGroup>
<AuthUrlGroup>ssl://${carbon.local.ip}:${auth.url.port}</AuthUrlGroup>
<Username>${admin.username}</Username>
<Password>${admin.password}</Password>
I faced the same issue. Check the log of traffic manager, if there arn't any exceptions. Kill & start traffic manager helped me.
I have a servlet based REST API. I have to conditionally turn on/off authentication based on the path parameters. I have the rules stored in the DB.
So I found that servlet3.0 provides HTTPServletRequest.authenticate(), which can be used to programmtically launch a login.
So, I added the following in my web.xml
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
And in my ServletFilter, I have this code to launch login programmatically
request.authenticate(response);
But I get a Null Pointer Exception
java.lang.NullPointerException
org.apache.catalina.connector.Request.authenticate(Request.java:2603)
org.apache.catalina.connector.RequestFacade.authenticate(RequestFacade.java:1059)
Am I missing any configuration? Appreciate any help.
scene description:
my program is implemented by flex+java+blazeDS+activeMQ,it subscribe the jms message from activeMQ by Flex Consumer,Currently i deliver two tomcat in
the same Server,them are all contains my program ,and the ActiveMQ is in another server,now time i open the two applications in the same kind of browser,such
as IE or Chrome,whatever,the url just like http://localhost:8080/HelloWord/index.html, http://localhost:8181/HelloWord/index.html
Problem:
the first application url is http://localhost:8080/HelloWord/index.html, i open it in ie,and it can subscribe message very well,but when i open the second
second application whose url is http://localhost:8181/HelloWord/index.html in ie, accident happens,two of the applications cannot subscribe message.
error log:
1.flex client log(flash.log):
Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies. Session cookies must be enabled to manage the client connection correctly
2.java console log:
flex.messaging.client.FlexClientNotSubscribedException: The client has no active subscriptions over endpoint 'my-polling-amf'.
at flex.messaging.client.FlexClient.throwNotSubscribedException(FlexClient.java:1789)
at flex.messaging.client.FlexClient.pollWithWait(FlexClient.java:967)
at flex.messaging.endpoints.BasePollingHTTPEndpoint.handleFlexClientPoll(BasePollingHTTPEndpoint.java:538)
at flex.messaging.endpoints.AbstractEndpoint.handleFlexClientPollCommand(AbstractEndpoint.java:1151)
at flex.messaging.endpoints.AbstractEndpoint.serviceMessage(AbstractEndpoint.java:965)
at flex.messaging.endpoints.AbstractEndpoint$$FastClassByCGLIB$$1a3ef066.invoke()
at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191)
at org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:692)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.flex.core.MessageInterceptionAdvice.invoke(MessageInterceptionAdvice.java:66)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.adapter.ThrowsAdviceInterceptor.invoke(ThrowsAdviceInterceptor.java:124)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.Cglib2AopProxy$FixedChainStaticTargetInterceptor.intercept(Cglib2AopProxy.java:576)
at flex.messaging.endpoints.AMFEndpoint$$EnhancerByCGLIB$$3ae4b8ad.serviceMessage()
at flex.messaging.endpoints.amf.MessageBrokerFilter.invoke(MessageBrokerFilter.java:103)
at flex.messaging.endpoints.amf.LegacyFilter.invoke(LegacyFilter.java:158)
at flex.messaging.endpoints.amf.SessionFilter.invoke(SessionFilter.java:44)
at flex.messaging.endpoints.amf.BatchProcessFilter.invoke(BatchProcessFilter.java:67)
at flex.messaging.endpoints.amf.SerializationFilter.invoke(SerializationFilter.java:166)
at flex.messaging.endpoints.BaseHTTPEndpoint.service(BaseHTTPEndpoint.java:291)
at flex.messaging.endpoints.AMFEndpoint$$EnhancerByCGLIB$$3ae4b8ad.service()
at org.springframework.flex.servlet.MessageBrokerHandlerAdapter.handle(MessageBrokerHandlerAdapter.java:108)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:771)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:716)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:647)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:563)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:403)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:286)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:272)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1730)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
the test i have done:
1.FlexClient.getInstance().id = UIDUtil.createUID(); invalid
2.FlexClient.getInstance().id = null; invalid
3.use different kinds of browser,one use Ie,the other use Chrome, to open the two applications,them are ok;
4.one server one tomcat, use the same kind brower ie to open them ,them are ok;
5.use customer AMFChannel in flex MXML or the default AMFChannel definition in flex-config.xml, invalid;
network friends's advance:
1.http://blogs.adobe.com/lin/2011/05/duplication-session-error.html
2.http://stackoverflow.com/questions/7659775/duplicate-session-error-when-perform-proxy-lookup
the two is invalid;
is there anybody meeting this situation before? any advice i will appreciate.
Today I ran into a Flex Session Problem as well and encountered this SO question.
Well, the question is quite old, so I guess the original poster probably does not require any help any more, but for whoever stumbles across this post, I maybe the following info could help you.
A Flex App requires a valid session ID from the web app container (here tomcat), and it binds the clientOID found in the actual AMF request to this sessionID.
So the problem of the original poster probably was that he tried to use the same session ID on two tomcat instances, that will not work since every tomcat instance keeps the sessions for itself and in memory.
My problem was that I had a recorded jmeter test and it would not accept the combination of clientID in the recorded AMF message and sessionID in the URL.
However, the AMF error message that is returned contains a valid new session ID in the header section. The AMF header of that error message looks like that (at least for me):
Version: 3
(Header #0 name=AppendToGatewayUrl, mustUnderstand=true)
";jsessionid=OLD_SESSION_ID;jsessionid=NEW_SESSION_ID"
So what I did is to extract the new session ID from the AMF header and used that for the rest of the requests.
hope this is useful to anyone...
I have two separate servers for alfresco and share. I can successfully login from share to alfresco. I can also change my password too. But when opening Repository Browser page, I got
this error message.
11210005 Failed to execute script 'classpath*:alfresco/site-webscripts/org/alfresco/components/documentlibrary/data/surf-doclist.get.js': 11210004 11210008 Failed to run action evaluator: 11210007 Failed processing dictionary information from Alfresco: 11210006 Unable to retrieve dictionary information from Alfresco: 500
Full stack trace is
Caused by: org.alfresco.error.AlfrescoRuntimeException: 11210008 Failed to run action evaluator: 11210007 Failed processing dictionary information from Alfresco: 11210006 Unable to retrieve dictionary information from Alfresco: 500
at org.alfresco.web.evaluator.NodeTypeEvaluator.evaluate(NodeTypeEvaluator.java:98)
at org.alfresco.web.evaluator.BaseEvaluator.evaluate(BaseEvaluator.java:131)
at sun.reflect.GeneratedMethodAccessor97.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:155)
at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:243)
at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:86)
at org.mozilla.javascript.gen.c12._c4(file:/D:/alfrescoplatform/development/apache-tomcat-share_ref/webapps/share_ref1/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/documentlibrary/data/surf-doclist.get.js:260)
at org.mozilla.javascript.gen.c12.call(file:/D:/alfrescoplatform/development/apache-tomcat-share_ref/webapps/share_ref1/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/documentlibrary/data/surf-doclist.get.js)
at org.mozilla.javascript.optimizer.OptRuntime.callName(OptRuntime.java:97)
at org.mozilla.javascript.gen.c12._c2(file:/D:/alfrescoplatform/development/apache-tomcat-share_ref/webapps/share_ref1/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/documentlibrary/data/surf-doclist.get.js:318)
at org.mozilla.javascript.gen.c12.call(file:/D:/alfrescoplatform/development/apache-tomcat-share_ref/webapps/share_ref1/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/documentlibrary/data/surf-doclist.get.js)
at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:76)
at org.mozilla.javascript.gen.c12._c20(file:/D:/alfrescoplatform/development/apache-tomcat-share_ref/webapps/share_ref1/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/documentlibrary/data/surf-doclist.get.js:838)
at org.mozilla.javascript.gen.c12.call(file:/D:/alfrescoplatform/development/apache-tomcat-share_ref/webapps/share_ref1/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/documentlibrary/data/surf-doclist.get.js)
at org.mozilla.javascript.optimizer.OptRuntime.callName0(OptRuntime.java:108)
at org.mozilla.javascript.gen.c12._c0(file:/D:/alfrescoplatform/development/apache-tomcat-share_ref/webapps/share_ref1/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/documentlibrary/data/surf-doclist.get.js:854)
at org.mozilla.javascript.gen.c12.call(file:/D:/alfrescoplatform/development/apache-tomcat-share_ref/webapps/share_ref1/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/documentlibrary/data/surf-doclist.get.js)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:393)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:2834)
at org.mozilla.javascript.gen.c12.call(file:/D:/alfrescoplatform/development/apache-tomcat-share_ref/webapps/share_ref1/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/documentlibrary/data/surf-doclist.get.js)
at org.mozilla.javascript.gen.c12.exec(file:/D:/alfrescoplatform/development/apache-tomcat-share_ref/webapps/share_ref1/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/documentlibrary/data/surf-doclist.get.js)
at org.springframework.extensions.webscripts.processor.JSScriptProcessor.executeScriptImpl(JSScriptProcessor.java:318)
... 39 more
So I trace NodeTypeEvaluator and DictionaryQuery class in deep.I found calling /api/dictionary from alfresco.
I try this. Adding
webserviceclient.properties
repository.location=http://hostname:8080/alfresco/api
in share, but no success.
In calling http://hostname:8080/alfresco/api/ shows
Axis HTTP Servlet
Hi, you have reached the AXIS HTTP Servlet. Normally you would be hitting this URL with a SOAP client rather than a browser.
In case you are interested, my AXIS transport name appears to be 'http
Let me know if you have any idea.
As accepted in the comment the answer for this question:
I run Alfresco and Share almost always on different application server, you just need to change the share-config-custom.xml and alfresco-global.properties for it. There is a How-To on the Alfresco forums. Have you followed it?