Details
-
Bug
-
Status: Closed
-
Blocker
-
Resolution: Fixed
-
2.6.2
-
None
-
Unknown
Description
When I set scopes and subject on a ServerAccessToken in getAccessToken on the OAuth2 server, I get an exception on the resource server when it tries to validate the token in AccessTokenValidatorClient at validateAccessToken.
Here is a snippet of code in the getAccessToken method:
1 List<OAuthPermission> scopes = new ArrayList<OAuthPermission>();
2 OAuthPermission p = new OAuthPermission();
3 List<String> v = new ArrayList<String>();
4 v.add("GET");
5 p.setHttpVerbs(v);
6 p.setPermission("read_test_info");
7 scopes.add(p);
8 token.setScopes(scopes);
If I comment line 5, then the exception doesn't happen.
Here is the exception:
[12/11/15 15:40:21:777] 0000000c Wr AbstractJAXBProvider: java.lang.UnsupportedOperationException
at java.util.AbstractList.add(AbstractList.java:131)
at java.util.AbstractList.add(AbstractList.java:91)
at com.sun.xml.internal.bind.v2.runtime.reflect.Lister$CollectionLister.addToPack(Lister.java:290)
at com.sun.xml.internal.bind.v2.runtime.reflect.Lister$CollectionLister.addToPack(Lister.java:254)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.Scope.add(Scope.java:106)
at com.sun.xml.internal.bind.v2.runtime.property.ArrayERProperty$ReceiverImpl.receive(ArrayERProperty.java:195)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext.endElement(UnmarshallingContext.java:524)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.InterningXmlVisitor.endElement(InterningXmlVisitor.java:66)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.StAXStreamConnector.handleEndElement(StAXStreamConnector.java:206)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.StAXStreamConnector.bridge(StAXStreamConnector.java:170)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:351)
at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:323)
at org.apache.cxf.jaxrs.provider.JAXBElementProvider.unmarshalFromInputStream(JAXBElementProvider.java:257)
at org.apache.cxf.jaxrs.provider.JAXBElementProvider.doUnmarshal(JAXBElementProvider.java:214)
at org.apache.cxf.jaxrs.provider.JAXBElementProvider.readFrom(JAXBElementProvider.java:181)
at org.apache.cxf.jaxrs.client.AbstractClient.readBody(AbstractClient.java:445)
at org.apache.cxf.jaxrs.client.WebClient.handleResponse(WebClient.java:832)
at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:816)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:743)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:717)
at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:344)
at org.apache.cxf.jaxrs.client.WebClient.get(WebClient.java:469)
at edu.byu.mtc.servicelayer.service.AccessTokenValidatorClient.validateAccessToken(AccessTokenValidatorClient.java:25)
at edu.byu.mtc.servicelayer.service.AbstractAccessTokenValidator.getAccessTokenValidation(AbstractAccessTokenValidator.java:84)
at edu.byu.mtc.servicelayer.service.OAuthRequestFilter.handleRequest(OAuthRequestFilter.java:34)
The problem is that the AbstractList trying to add to an empty collection, which I believe is from line 35 in OAuthPermission.java:
private List<String> httpVerbs = Collections.emptyList();
If I change that line to this then the exception goes away:
private List<String> httpVerbs = new ArrayList<String>();
This same fix needs to be made to line 36 in OAuthPermission.java for uris and to line 34 in UserSubject.java for roles.