为什么我在尝试从Stormpath获取OAuth2密钥时会收到com.stormpath.sdk.lang.InstantiationException?

时间:2016-02-07 23:17:33

标签: java gradle jersey stormpath

我正在使用Jersey构建Java REST API。 Tomcat是我的网络服务器。对于用户帐户和OAuth2密钥管理,我使用的是Stormpath的Java SDK。我已经通过网站创建了一个示例用户,每次我将该帐户的JSON用户名/密码请求发布到我在Postman中的应用程序的v1/token端点时,我都会收到此异常和堆栈跟踪:

com.stormpath.sdk.lang.InstantiationException: Unable to instantiate instance with constructor [public com.stormpath.sdk.impl.oauth.DefaultAccessToken(com.stormpath.sdk.impl.ds.InternalDataStore,java.util.Map)]
    at com.stormpath.sdk.lang.Classes.instantiate(Classes.java:191)
    at com.stormpath.sdk.impl.ds.DefaultResourceFactory.instantiate(DefaultResourceFactory.java:65)
    at com.stormpath.sdk.impl.ds.DefaultDataStore.instantiate(DefaultDataStore.java:170)
    at com.stormpath.sdk.impl.oauth.DefaultGrantAuthenticationToken.getAsAccessToken(DefaultGrantAuthenticationToken.java:79)
    at com.stormpath.sdk.impl.oauth.DefaultOauthGrantAuthenticationResultBuilder.build(DefaultOauthGrantAuthenticationResultBuilder.java:87)
    at com.stormpath.sdk.impl.oauth.DefaultOauthGrantAuthenticationResultBuilder.build(DefaultOauthGrantAuthenticationResultBuilder.java:24)
    at com.stormpath.sdk.impl.oauth.DefaultPasswordGrantAuthenticator.authenticate(DefaultPasswordGrantAuthenticator.java:56)
    at com.stormpath.sdk.impl.oauth.DefaultPasswordGrantAuthenticator.authenticate(DefaultPasswordGrantAuthenticator.java:28)
    at com.ficcy.api.services.AuthService.getToken(AuthService.java:33)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161)
    at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:205)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102)
    at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326)
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
    at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
    at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305)
    at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154)
    at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:471)
    at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:425)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:383)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:336)
    at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:223)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1521)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1478)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
    at com.stormpath.sdk.lang.Classes.instantiate(Classes.java:188)
    ... 54 more
Caused by: io.jsonwebtoken.JwtException: JWT failed validation; it cannot be trusted.
    at com.stormpath.sdk.impl.oauth.DefaultAccessToken.ensureAccessToken(DefaultAccessToken.java:56)
    at com.stormpath.sdk.impl.oauth.DefaultAccessToken.<init>(DefaultAccessToken.java:35)
    ... 59 more

我的JSON:

{
    "login": "**EMAIL**",
    "password": "**PASSWORD**"
}

exception的文档中没有任何内容。这是我的端点/服务。 (我开始捕获任何和所有异常,这样我就可以看看发生了什么。另外,AuthRequest是一个简单的bean,对登录和密码字段没有空约束):

package com.ficcy.api.services;
//truncated imports

@Path("/token")
public class AuthService {

    @POST
    @Consumes(MediaType.APPLICATION_JSON)
    @Produces(MediaType.APPLICATION_JSON)
    public AccessToken getToken(AuthRequest ar) {

        AccessToken rtn = null;

        try {

            PasswordGrantRequest pgr = Oauth2Requests.PASSWORD_GRANT_REQUEST.builder().setLogin(ar.getLogin())
                    .setPassword(ar.getPassword()).build();

            OauthGrantAuthenticationResult authResult = Authenticators.PASSWORD_GRANT_AUTHENTICATOR
                    .forApplication(Config.getApplication()).authenticate(pgr);
            rtn = authResult.getAccessToken();

        } catch (Exception e) {
            System.err.println(e.getMessage());
            e.printStackTrace();
        }

        return rtn;
    }

}

编辑:这是我的Config类,我存储Stormpath应用程序:

package com.ficcy.api.config;
//truncated imports

public class Config {
    private static Client client = Clients.builder().build();
    private static Application application;

    static {

        Tenant tenant = client.getCurrentTenant();
        ApplicationList applications = tenant
                .getApplications(Applications.where(Applications.name().eqIgnoreCase("ficcy-api")));

        application = applications.iterator().next();

    }

    public static Client getClient() {
        return client;
    }

    public static Application getApplication() {
        return application;
    }

    public static Hashids getHashid(String salt) {
        return new Hashids(salt, 6);
    }

}

build.gradle:

repositories {
    mavenCentral()
}

apply plugin: 'java'
apply plugin: 'war'
apply plugin: 'eclipse-wtp'
apply from: 'https://raw.github.com/akhikhl/gretty/master/pluginScripts/gretty.plugin'

dependencies {

    compile 'org.glassfish.jersey.core:jersey-server:2.22.1'
    compile 'org.glassfish.jersey.containers:jersey-container-servlet-core:2.22.1'  
    compile 'org.glassfish.jersey.core:jersey-client:2.22.1'
    compile 'org.glassfish.jersey.containers:jersey-container-servlet:2.22.1'
    compile 'org.glassfish.jersey.security:oauth1-client:2.22.1'
    compile 'org.glassfish.jersey.media:jersey-media-json-jackson:2.22.1'

    compile 'mysql:mysql-connector-java:5.1.38'

    compile 'com.stormpath.sdk:stormpath-sdk-api:1.0.RC8.3'

    compile 'junit:junit-dep:4.+'    
    compile 'org.hashids:hashids:1.0.1'

    testCompile 'junit:junit-dep:4.+'

    runtime 'com.stormpath.sdk:stormpath-sdk-impl:1.0.RC8.3'
    runtime 'com.stormpath.sdk:stormpath-sdk-httpclient:1.0.RC8.3'

    }

gretty {
    port = 8080
    servletContainer = 'tomcat8'
    fastReload = true
    contextPath = '/'
    httpsEnabled = true

}

2 个答案:

答案 0 :(得分:1)

创建access_token时,您确定收到了该错误吗?我怀疑你基本上是在尝试验证错误的access_token。您是否可以尝试重新创建它,然后重新执行抛出异常的代码片段,但这次使用新生成的access_token

答案 1 :(得分:1)

这是Stormpath SDK中的一个错误,当您将刷新令牌过期(生存时间)设置为0时,访问令牌无法验证,即您不想发布它们。这导致JWT中的rti声明为零并且无法访问令牌验证。如果要将刷新令牌ttl设置为0以外的其他内容,请快速修复。我会将错误报告给Stormpath。