我正在使用Jersey构建Java REST API。 Tomcat是我的网络服务器。对于用户帐户和OAuth2密钥管理,我使用的是Stormpath的Java SDK。我已经通过网站创建了一个示例用户,每次我将该帐户的JSON用户名/密码请求发布到我在Postman中的应用程序的v1/token端点时,我都会收到此异常和堆栈跟踪:
com.stormpath.sdk.lang.InstantiationException: Unable to instantiate instance with constructor [public com.stormpath.sdk.impl.oauth.DefaultAccessToken(com.stormpath.sdk.impl.ds.InternalDataStore,java.util.Map)]
at com.stormpath.sdk.lang.Classes.instantiate(Classes.java:191)
at com.stormpath.sdk.impl.ds.DefaultResourceFactory.instantiate(DefaultResourceFactory.java:65)
at com.stormpath.sdk.impl.ds.DefaultDataStore.instantiate(DefaultDataStore.java:170)
at com.stormpath.sdk.impl.oauth.DefaultGrantAuthenticationToken.getAsAccessToken(DefaultGrantAuthenticationToken.java:79)
at com.stormpath.sdk.impl.oauth.DefaultOauthGrantAuthenticationResultBuilder.build(DefaultOauthGrantAuthenticationResultBuilder.java:87)
at com.stormpath.sdk.impl.oauth.DefaultOauthGrantAuthenticationResultBuilder.build(DefaultOauthGrantAuthenticationResultBuilder.java:24)
at com.stormpath.sdk.impl.oauth.DefaultPasswordGrantAuthenticator.authenticate(DefaultPasswordGrantAuthenticator.java:56)
at com.stormpath.sdk.impl.oauth.DefaultPasswordGrantAuthenticator.authenticate(DefaultPasswordGrantAuthenticator.java:28)
at com.ficcy.api.services.AuthService.getToken(AuthService.java:33)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:205)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102)
at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154)
at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:471)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:425)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:383)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:336)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:223)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1521)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1478)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at com.stormpath.sdk.lang.Classes.instantiate(Classes.java:188)
... 54 more
Caused by: io.jsonwebtoken.JwtException: JWT failed validation; it cannot be trusted.
at com.stormpath.sdk.impl.oauth.DefaultAccessToken.ensureAccessToken(DefaultAccessToken.java:56)
at com.stormpath.sdk.impl.oauth.DefaultAccessToken.<init>(DefaultAccessToken.java:35)
... 59 more
我的JSON:
{
"login": "**EMAIL**",
"password": "**PASSWORD**"
}
exception的文档中没有任何内容。这是我的端点/服务。 (我开始捕获任何和所有异常,这样我就可以看看发生了什么。另外,AuthRequest是一个简单的bean,对登录和密码字段没有空约束):
package com.ficcy.api.services;
//truncated imports
@Path("/token")
public class AuthService {
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public AccessToken getToken(AuthRequest ar) {
AccessToken rtn = null;
try {
PasswordGrantRequest pgr = Oauth2Requests.PASSWORD_GRANT_REQUEST.builder().setLogin(ar.getLogin())
.setPassword(ar.getPassword()).build();
OauthGrantAuthenticationResult authResult = Authenticators.PASSWORD_GRANT_AUTHENTICATOR
.forApplication(Config.getApplication()).authenticate(pgr);
rtn = authResult.getAccessToken();
} catch (Exception e) {
System.err.println(e.getMessage());
e.printStackTrace();
}
return rtn;
}
}
编辑:这是我的Config类,我存储Stormpath应用程序:
package com.ficcy.api.config;
//truncated imports
public class Config {
private static Client client = Clients.builder().build();
private static Application application;
static {
Tenant tenant = client.getCurrentTenant();
ApplicationList applications = tenant
.getApplications(Applications.where(Applications.name().eqIgnoreCase("ficcy-api")));
application = applications.iterator().next();
}
public static Client getClient() {
return client;
}
public static Application getApplication() {
return application;
}
public static Hashids getHashid(String salt) {
return new Hashids(salt, 6);
}
}
build.gradle:
repositories {
mavenCentral()
}
apply plugin: 'java'
apply plugin: 'war'
apply plugin: 'eclipse-wtp'
apply from: 'https://raw.github.com/akhikhl/gretty/master/pluginScripts/gretty.plugin'
dependencies {
compile 'org.glassfish.jersey.core:jersey-server:2.22.1'
compile 'org.glassfish.jersey.containers:jersey-container-servlet-core:2.22.1'
compile 'org.glassfish.jersey.core:jersey-client:2.22.1'
compile 'org.glassfish.jersey.containers:jersey-container-servlet:2.22.1'
compile 'org.glassfish.jersey.security:oauth1-client:2.22.1'
compile 'org.glassfish.jersey.media:jersey-media-json-jackson:2.22.1'
compile 'mysql:mysql-connector-java:5.1.38'
compile 'com.stormpath.sdk:stormpath-sdk-api:1.0.RC8.3'
compile 'junit:junit-dep:4.+'
compile 'org.hashids:hashids:1.0.1'
testCompile 'junit:junit-dep:4.+'
runtime 'com.stormpath.sdk:stormpath-sdk-impl:1.0.RC8.3'
runtime 'com.stormpath.sdk:stormpath-sdk-httpclient:1.0.RC8.3'
}
gretty {
port = 8080
servletContainer = 'tomcat8'
fastReload = true
contextPath = '/'
httpsEnabled = true
}
答案 0 :(得分:1)
创建access_token时,您确定收到了该错误吗?我怀疑你基本上是在尝试验证错误的access_token。您是否可以尝试重新创建它,然后重新执行抛出异常的代码片段,但这次使用新生成的access_token?
答案 1 :(得分:1)
这是Stormpath SDK中的一个错误,当您将刷新令牌过期(生存时间)设置为0时,访问令牌无法验证,即您不想发布它们。这导致JWT中的rti声明为零并且无法访问令牌验证。如果要将刷新令牌ttl设置为0以外的其他内容,请快速修复。我会将错误报告给Stormpath。