WSO2身份服务器补丁XSS和CSRF攻击

时间:2015-08-03 13:26:47

标签: oauth-2.0 wso2 wso2is wso2carbon

安装应该修复https://wso2.org/jira/browse/IDENTITY-3280的补丁1256后,我再也无法生成OAuth2令牌了。

请求

curl -k -d "grant_type=client_credentials" -H "Authorization: Basic xxx, Content-Type: application/x-www-form-urlencoded" https://localhost:9445/oauth2/token

作为回应

javax.servlet.ServletException: Servlet.init() for servlet OAuth2Endpoints threw exception
    org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    org.wso2.carbon.ui.valve.XSSValve.invoke(XSSValve.java:98)
    org.wso2.carbon.ui.valve.CSRFValve.invoke(CSRFValve.java:73)
    org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
    org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
    org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
    org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
    org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
    org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
    org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
    org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
    org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
    org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
    java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
    java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
    java.lang.Thread.run(Thread.java:662)
</pre></p><p><b>root cause</b> <pre>org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'tokEP': Cannot resolve reference to bean 'tokenEndpointBean' while setting bean property 'serviceBeans' with key [1]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'tokenEndpointBean' defined in URL [jndi:/localhost/oauth2/WEB-INF/cxf-servlet.xml]: Initialization of bean failed; nested exception is java.lang.NoClassDefFoundError: org/wso2/carbon/identity/oauth2/model/CarbonOAuthTokenRequest

由于找不到类的异常。 即使我能在所有这些罐子里找到所要求的课程:

./repository/components/plugins/org.wso2.carbon.identity.oauth_4.2.4.jar
./repository/components/plugins/org.wso2.carbon.identity.oauth_4.2.3.jar
./repository/components/patches/patch1016/org.wso2.carbon.identity.oauth_4.2.3.jar
./repository/components/patches/patch0000/org.wso2.carbon.identity.oauth.common_4.2.3.jar
./repository/components/patches/patch0000/org.wso2.carbon.identity.oauth_4.2.3.jar

0 个答案:

没有答案
相关问题
最新问题