在Cloud Foundry上使用SAPOfflineTokenServices时,JWT令牌验证出错

时间:2018-08-21 14:32:45

标签: s4sdk

我们使用S4HANA Cloud SDK,并将服务部署到SAP Cloud Platform Cloud Foundry环境。

该服务绑定到Cloud Foundry UAA。使用@ sap / approuter执行身份验证,然后将其转发到授权标头中的JWT令牌。

在大多数情况下,它都可以正常工作,但似乎在随机周期后令牌验证失败:

2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT java.lang.IllegalStateException: Cannot set token verification key
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at com.sap.xs2.security.commons.SAPOfflineTokenServices.loadAuthentication(SAPOfflineTokenServices.java:110) ~[security-commons-0.22.2.jar!/:na]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at com.sap.xs2.security.commons.SAPOfflineTokenServicesCloud.loadAuthentication(SAPOfflineTokenServicesCloud.java:29) ~[security-commons-0.22.2.jar!/:na]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager.authenticate(OAuth2AuthenticationManager.java:83) ~[spring-security-oauth2-2.0.14.RELEASE.jar!/:na]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.doFilter(OAuth2AuthenticationProcessingFilter.java:150) ~[spring-security-oauth2-2.0.14.RELEASE.jar!/:na]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) ~[spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) ~[spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) ~[spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) ~[spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:728) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:472) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:395) [tomcat-embed-core-8.5.32.jar!/:8.5.32]

在调用堆栈中可见,我们使用com.sap.xs2.security 0.22.2和com.sap.security.nw.sso.linuxx86_64.opt 1.0.0进行令牌验证。

您知道什么可能导致此问题吗?

1 个答案:

答案 0 :(得分:4)

当它试图加载公钥时,这似乎是基础JWT验证库中的问题。您可以尝试将REPLACE更新为最新的可用版本吗?该SDK在其物料清单POM的2.3.1版中引用了0.28.6版。