TECH AND ME

Monday, September 4, 2017

Working with WSO2 products - Common errors

Invalid syntax in the authorization header.

Error :

TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  Received a request : /oauth2/token {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  ----------logging request headers.---------- {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  authorization : Basic Og== {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  x-forwarded-server : ideabiz.lk {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  x-forwarded-for : 52.3.40.14 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  content-type : application/x-www-form-urlencoded {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  accept : */* {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  x-forwarded-host : ideabiz.lk {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  transfer-encoding : chunked {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  host : identity.ideabiz.com:9443 {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  connection : Keep-Alive {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  user-agent : Synapse-PT-HttpComponents-NIO {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  ----------logging request parameters.---------- {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  grant_type - password {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  client_id - null {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  code - null {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,272] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  redirect_uri - null {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 00:24:15,273]  WARN {org.apache.cxf.phase.PhaseInterceptorChain} -  Application {http://authz.endpoint.oauth.identity.carbon.wso2.org/}OAuth2AuthzEndpoint has thrown exception, unwinding now {org.apache.cxf.phase.PhaseInterceptorChain}
org.apache.cxf.interceptor.Fault
 at org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:162)
 at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:128)
 at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:194)
 at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:100)
 at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:57)
 at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:93)
 at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
 at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
 at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
 at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
 at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:203)
 at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)
 at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:159)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
 at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
 at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
 at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56)
 at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
 at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
 at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
 at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
 at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
 at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
 at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
 at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ArrayIndexOutOfBoundsException
TID: [0] [IS] [2017-08-19 00:24:15,273]  WARN {org.apache.cxf.phase.PhaseInterceptorChain} -  Exception in handleFault on interceptor org.apache.cxf.binding.xml.interceptor.XMLFaultOutInterceptor@7677e28f {org.apache.cxf.phase.PhaseInterceptorChain}
org.apache.cxf.interceptor.Fault
 at org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:162)
 at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:128)
 at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:194)
 at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:100)
 at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:57)
 at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:93)
 at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
 at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
 at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
 at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
 at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:203)
 at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)
 at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:159)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
 at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
 at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
 at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56)
 at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
 at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
 at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
 at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
 at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
 at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
 at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
 at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ArrayIndexOutOfBoundsException
TID: [0] [IS] [2017-08-19 00:24:15,274] ERROR {org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver} -  Error occurred during error handling, give up! {org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver}
org.apache.cxf.interceptor.Fault
 at org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:162)
 at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:128)
 at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:194)
 at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:100)
 at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:57)
 at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:93)
 at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
 at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
 at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
 at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
 at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:203)
 at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)
 at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:159)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
 at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
 at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
 at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56)
 at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
 at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
 at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
 at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
 at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
 at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
 at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
 at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ArrayIndexOutOfBoundsException
TID: [0] [IS] [2017-08-19 00:24:15,274] ERROR {org.apache.catalina.core.StandardWrapperValve} -  Servlet.service() for servlet [OAuth2Endpoints] in context with path [/oauth2] threw exception {org.apache.catalina.core.StandardWrapperValve}
java.lang.RuntimeException: org.apache.cxf.interceptor.Fault
 at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:116)
 at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:331)
 at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
 at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
 at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)
 at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:203)
 at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)
 at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:159)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
 at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
 at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
 at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
 at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56)
 at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
 at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
 at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
 at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
 at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
 at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
 at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
 at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.cxf.interceptor.Fault
 at org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:162)
 at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:128)
 at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:194)
 at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:100)
 at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:57)
 at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:93)
 at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
 ... 33 more
Caused by: java.lang.ArrayIndexOutOfBoundsException

Solution:

issue is due to invalid syntax in the authorization header. For example, following is a logged header from a failed request.

TID: [0] [IS] [2017-08-19 07:16:02,210] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  ----------logging request headers.---------- {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 07:16:02,210] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  authorization : Basic Og== {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}

As you can see in the log the authorization header has only "authorization : Basic Og==" where "Og==" is base64 decoded into ":" (you can try with https://www.base64decode.org/)
A correct request should have the syntax "authorization : Basic <Base64encode(client_id:client_secret)>". That syntax is followed in success requests.


TID: [0] [IS] [2017-08-19 07:16:02,100] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  ----------logging request headers.---------- {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint}
TID: [0] [IS] [2017-08-19 07:16:02,100] DEBUG {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} -  authorization : Basic bnlnZk5DeXlBSV85SHpyYTRIZW11ZHk3R2FnYTpWRWZnbzR4UVQ0ZmRrRF9Gb2x1VnlZQlBOeXNh {org.wso2.carbon.identity.oauth.endpoint.token.OAuth2TokenEndpoint} 


Failed to start new registry transaction
Error:
TID: [0] [IS] [2017-07-30 00:00:00,728] ERROR {org.wso2.carbon.registry.core.dataaccess.TransactionManager} - Failed to start new registry transaction. {org.wso2.carbon.registry.core.dataaccess.TransactionManager} java.sql.SQLException: Connection has already been closed. at org.apache.tomcat.jdbc.pool.ProxyConnection.invoke(ProxyConnection.java:117) at org.apache.tomcat.jdbc.pool.JdbcInterceptor.invoke(JdbcInterceptor.java:109)


Solution:
Add following database configuration property (<testWhileIdle>true</testWhileIdle>) to the master-datasources.xml in both IS and APIM nodes
<datasources-configuration xmlns:svns="http://org.wso2.securevault/configuration">
    ...
        <datasource>
            <name>WSO2_USERSTORE_DB</name>
            ...
            <definition type="RDBMS">
                <configuration>
                   ...
                   <testWhileIdle>true</testWhileIdle>
                </configuration>
            </definition>
        </datasource>
        <datasource>
            <name>WSO2_REGISTRY_DB</name>
            ...
            <definition type="RDBMS">
                <configuration>
                   ...
                   <testWhileIdle>true</testWhileIdle>
                </configuration>
            </definition>
        </datasource>
        ...
    </datasources>
</datasources-configuration>

Please restart both IS and APIM nodes after this configuration change.

Sunday, January 8, 2017

Logging in to a .NET application using the WSO2 Identity Server

OIDC client sample in .NET

Source code : https://svn.wso2.org/repos/wso2/people/lahiruc/oidc_sample/
Start the IS server and login to the management console.
Navigate to the Main tab and click on Add under Service Providers.
Create a Service provider. Expand the Inbound Authentication and Configuration section and configure call back url : [server-url]/callback.aspx (callback asp form of the .NET project)

Select Configuration (under Oauth/OpenID Connect Configuration)

Start the .NET application and fill the necessary details (eg: client id/ request uri etc), then it gets redirected to the IS authentication endpoint

(Note: Client key/secret can be found under Inbound Authentication and Configuration section of the created SP)

Authenticate via IS

Select Approve/Always Approve

After successfully authenticated, user gets redirected back to callback page with the oauth code. Then we need to fill the given information (eg: secret/grant type etc) and submit the form to retrieve the token details. It does a REST call to token endpoint and retrieve the token details. Since it does a server to server call we need to import the IS server certificate and export to Visual Studio Management Console to avoid SSL handshake exceptions.

Once the REST call is succeeded we could see the token details alone with the base64 decoded JWT (ID Token) details.

Tuesday, November 29, 2016

How to invoke a REST API Asynchronously

Dependencies:

<dependency>
   <groupId>org.apache.httpcomponents</groupId>
   <artifactId>httpclient</artifactId>
   <version>4.3.1</version>
</dependency>

<dependency>
    <groupId>org.apache.httpcomponents</groupId>
    <artifactId>httpasyncclient</artifactId>
    <version>4.0</version>
</dependency>
<dependency>
    <groupId>org.apache.httpcomponents</groupId>
    <artifactId>httpcore-nio</artifactId>
    <version>4.3</version>
</dependency>

Sample Code snippet:

private static void sendAsyncRequest(final HttpPost postRequest,

FutureCallback futureCallback, CountDownLatch latch)
        throws IOException {
    CloseableHttpAsyncClient client;
    client = HttpAsyncClients.createDefault();
    client.start();
    client.execute(postRequest, futureCallback);
    try {
        latch.await();
    } catch (InterruptedException e) {
        log.error("Error occurred while calling end point - " + e);
    }
}

private void postRequest() throws IOException {
    final HttpPost postRequest = new HttpPost("www.google.com");
    final CountDownLatch latch = new CountDownLatch(1);
    FutureCallback<HttpResponse> futureCallback = 
new FutureCallback<HttpResponse>() {
        @Override public void completed(final HttpResponse response) {
            latch.countDown();
            if ((response.getStatusLine().getStatusCode() != 201)) {
                log.error("Error occurred while calling end point - " + response.getStatusLine().getStatusCode() +
                                  "; Error - " +
                                  response.getStatusLine().getReasonPhrase());
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Success Request - " + postRequest.getURI().getSchemeSpecificPart());
                }
            }
        }

        @Override public void failed(final Exception ex) {
            latch.countDown();
            log.error("Error occurred while calling end point - " 
+ postRequest.getURI().getSchemeSpecificPart() +
                              "; Error - " + ex);
        }

        @Override public void cancelled() {
            latch.countDown();
            log.warn("Operation cancelled while calling end point - " +
                             postRequest.getURI().getSchemeSpecificPart());
        }
    };
    sendAsyncRequest(postRequest, futureCallback, latch);
}

Saturday, March 19, 2016

Writing SQL Queries support multiple RDBMS engines (using ANSI SQL standards)

In this post Im trying to discuss some best practices when writing SQL queries to support multiple RDBMS's. In many cases UPDATE, DELETE, INSERT operation syntaxes are standard but when it comes to SELECT operations we need to focus on writing generic queries to support multiple RDBMS engines.

Use COALESCE key word to handle null.

eg:

SELECT COALESCE(CITY_NAME, 'Colombo')
FROM CITY

NVL() is for Oracle and ISNULL() is for RDBMS's like MS-SQL/MySql while COALESCE() is an ansi standard

Do not user hardcoded boolean result when using COALESCE

eg:

SELECT COALESCE(IS_MARRIED, 'FALSE')
FROM EMPLOYEE

This query will not execute some RDBMS engines like MySql where boolean datatype is treated as a binary. So to avoid this we need to pass the default value (FALSE) as a boolean parameter

eg:

SELECT COALESCE(IS_MARRIED, ?)
FROM EMPLOYEE

boolean isMarried = false;

ps.setBoolean(1, isMarried);

Try to avoid String concatenation from SQL level. AFAIK there's no generic syntax to concatenate strings. (eg: + sign is used in MS-SQL while || sign is used in Oracle to concatenate strings)

Do not use 'AS' key word for making table name alias's

eg:

SELECT EMP.*
FROM EMPLOYEE AS EMP

This syntax is not generic, instead use;

SELECT EMP.*
FROM EMPLOYEE EMP

Aggregate functions are generic in most RDBMS engines (eg: MIN, MAX, AVG, COUNT(*), COUNT)

Key words like UNION, UNION ALL, DISTINCT are generic.

Do not use ALL as a column/table alias

Do not use alias partially

eg:

SELECT * FROM (
SELECT EMP1.EMP_ID, EMP1.EMP_NAME
FROM EMPLOYEE1 EMP1
UNION ALL
SELECT EMP2.EMP_ID, EMP2.EMP_NAME
FROM EMPLOYEE2 EMP2)
ORDER BY EMP_ID

This query will execute in engines like H2 but it will fail in MySql. If you are using alias's, use it everywhere.

SELECT EMP_ALL.* FROM (
SELECT EMP1.EMP_ID, EMP1.EMP_NAME
FROM EMPLOYEE1 EMP1
UNION ALL
SELECT EMP2.EMP_ID, EMP2.EMP_NAME
FROM EMPLOYEE2 EMP2) EMP_ALL
ORDER BY EMP_ALL.EMP_ID


Regarding DDL statements, always keep the entity names equal or below 30 characters.

Monday, February 29, 2016

WSO2 App Manager - Using JWT to send application user details to Backend Application

JSON Web Token (JWT) is a means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is digitally signed using JSON Web Signature (JWS) and/or encrypted using JSON Web Encryption (JWE).

For more information regarding JWT configuration with WSO2 AppM please refer below articles.

https://docs.wso2.com/display/APPM110/Passing+End+User+Attributes+to+the+Backend+Using+JWT

http://sumedha.blogspot.com/2012/08/using-jwt-to-send-application-user.html

How to Configure samples:

https://docs.wso2.com/display/APPM100/Demonstrating+JSON+Web+Token+(JWT)+Usage+-+Plan+Your+Trip+App

Here I'm trying to provide a sample .NET backend application which decode the JWT token and retrieve the Last name

To test this, you need to build this application and host the binary in a IIS server. Then create a WebApp in WSO2 AppM and provide the relevant url as the backend url. Also do not forget to add the 'lastname' as a claim mapping as explained in above articles.

Sample code to read header token values using ASP.NET (with C#.NET back end)

namespace Sample{
 public partial class _Default: System.Web.UI.Page {
  protected void Page_Load(object sender, EventArgs e) {
   try {
    if (!Page.IsPostBack) {
     //store the value of claim :http://wso2.org/claims/lastname
     String lastName = "";

     //check for X-JWT-Assertion parameter
     if (Request.Headers["X-JWT-Assertion"] != null) {
      reqHeader = Request.Headers["X-JWT-Assertion"].ToString();
      string[] stringSeperator = new string[] {
       "=."
      };
      //split the encoded string and send to decode
      string decodedHeader = base64Decode(reqHeader.Split(stringSeperator, StringSplitOptions.None)[1].ToString() + "=");
      decodedHeader = decodedHeader.Replace("\"", "'"); //format json string
      JObject obj = new JObject();
      obj = (JObject) JsonConvert.DeserializeObject(decodedHeader); //Decode Object

      if (obj["http://wso2.org/claims/lastname"] != null) {
       lastName = obj["http://wso2.org/claims/lastname"].ToString();
      }

     }
    }
   } catch (Exception ex) {
    //lblErr.Text = "Error: " + ex.Message;
   }

  }

  //base64 decodes the given encoded string (data :encoded string)
  public string base64Decode(string data) {
   try {
    System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();
    System.Text.Decoder utf8Decode = encoder.GetDecoder();
    byte[] todecode_byte = Convert.FromBase64String(data);
    int charCount = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length);
    char[] decoded_char = new char[charCount];
    utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0);
    string result = new String(decoded_char);
    return result;
   } catch (Exception e) {
    throw new Exception("Error in base64Decode" + e.Message);
   }
  }
 }
}

More samples:

Decode WSO2 App Manager generated JWT in PHP Web App

Sunday, February 28, 2016

WSO2 App Manager - How to Create a Web Application

WSO2 App Manager - Web Application Creation end user configuration guide

In this post I'm trying to discuss the configuration options available in creating a WebApp.

To create a Web Application you need to log into publisher with an user who has the "Internal/creator" (or "admin") Role.

URL: http://<IP_ADDRESS>:9763/publisher

Login to Publisher > Click on Web Applications > Add New Web Application

Overview section

Overview Properties:
Author	Username of the user who publish the app
Name	Application name (for internal usage only)
Display Name	Application Display Name
Context	URL Context
Version	Version of the Application (eg: 1.0, 1.1, 2.0)
Make As Default Version	When creating a new Application this is always set as marked and later when you create another version of the same Application you can swap the default versions (Please refer wso2-app-manager-multiple-versioning for more information)
Transports	Transport protocol (either HTTP or HTTPS)
Treat as a Site	If you select this, the published App will be act as a Site. (WSO2 AppM supports 3 type of Application types. WebApps, Mobile Apps and Sites)
Web App URL	Back end actual URL of the Application (eg: http://wso2.com)
Description	Description about the Application
Thumbnail	You can browse the image of the Thumbnail to be displayed
Banner	You can browse the image of the Banner to be displayed
Tags	You can define multiple tags against each application which will be useful when searching Apps by keywords (eg: HR, Educational, Engineering, etc)

Policies Section

Under Policies we have 2 main categories:

Global Policies : Global Policies are applied agains an Application
Resource Policies: Resource Policies are applied agains the selected resource patterns of an Application

Global Policies

Global Policy properties:
Allow Anonymous Access	Make the whole App anonymously accessible. In the Store, users will be able to access the app (all the resources patterns inside the app) without login in. Eg: We we mark http://wso2.com as anonymous, users will be able to access any page inside (eg: http://wso2.com/contact/ , http://wso2.com/partners/) anonymously (Please refer wso2-app-manager-anonymous-app-support for more information)
Skip Creating Proxying WebApp	This will skip the gateway. It will allow users to directly access the back end actual URL without going through the gateway(proxy). So in the Store - overview page it will show the actual back end URL
Restrict Visibility	Configuration of Role Based Visibility in WSO2 AppM. You can specify the Roles which are eligible to access the App. So in the Store only Users with the particular Roles (and of course the users with Admin Role) will only be able access/view the App (Please refer wso2-app-manager-role-based for more information)
Enable Single Logout	You can define a custom Single Sign Out URL
Publish Statistics	Enable publishing statistics to BAM
Subscription Availability	Controls the subscription availability. WSO2 AppM allow users to subscribe to Apps in multiple tenants. Here you can control the subscription levels. There are 3 options available: current_tenant : Only the users in current tenant will be eligible to subscribe all_tenants : Users in all tenants will be eligible to subscribe specific_tenants : Users in specified tenants will be eligible to subscribe

Resource Policies

Resource policies are applied agains selected resource patterns in an application.

When you need to apply several restrictions to some particular resource in a app you this will be useful.

Eg:

You have http://wso2.com as your back end but you need to add a throttling policy to a certain page (lets say http://wso2.com/register/) to limit access, Resource policies will be needful.

WSO2 AppM supported Resource based Policy types:

Throttling : Controls/restrict the concurrent requests
Anonymous Access: Allow users to anonymously access the resource pattern(s)
Role based Restrictions: Grant access to users with selected Role(s)
XACML policies (Entitlement policies): You can define XACML based authorization policies and apply against resource pattern(s)

There are two steps you need to follow:

Define a Policy Group with required policy combination
Apply the Policy Group against each Resource Pattern

When you are creating a new Application a default Policy Group with below default policy combinations are created by default. You can either change the properties or create new policy groups according to your requirement.

Default Policy Group settings:

Throttling : Unlimited
Anonymous Access: False
Role based Restrictions: None
XACML policies (Entitlement policies): None

To create a Policy Group:

Expand Policies > Resource Policies and click on "Add new Resource Policy" button.

Resources based Policy properties:
Resource Policy Name	Name of the policy Group
Description	Description about the policy group
Apply Throttling Tier	Select a Throttling Tier from available Tiers (Unlimited/ Gold/ Silver/ Bronze) Default concurrent access limits are: Unlimited: Unlimited no of accesses Gold: 20 Silver: 5 Bronze: 1 For the Anonymous users throttling tier will not be applied and it always be unlimited. (Technical tip: You can customerize the tier setting as per your requirement by altering the tiers.xml file in /_system/governance/appmgt/applicationdata/ registry location)
Allow Anonymous Access	True/False Select 'true' to make the Resource pattern anonymously accessible (Please refer wso2-app-manager-anonymous-app-support for more information)
Accessible User Roles	Role based restriction for Resource patterns. You can specify the Roles which are eligible to access the particular Resource Pattern. So in the Store only Users with the particular Roles (and of course the users with Admin Role) will only be able access/view the particular Resource Pattern (Please refer wso2-app-manager-role-based for more information)
Entitlement Policy	You can define a XACML Policy in the admin-dashboard and apply the policy here.

How to edit/delete policies in Policy Group?

Edit: Click on

icon to edit existing Policy Group details. But the policy changes will be effective once the cache is reset.

Detele: Click on

icon to delete a Policy Group. It will only allow to delete the un assigned policy group(s) for any resource pattern.

How to assign a policy group to a particular resource pattern?

Under "Web Application Resources" section all the resource patterns will be listed in a grid view.

And under "Resource policy" column you can choose the relevant policy group agains each resource pattern.

Web Application Resources Section

Navigate to "Web Application Resources" section.

Here you can add multiple resource patterns and assign custom policies.

Web Application Resources properties:
URL Pattern	URL Pattern (Resource Pattern) is a sub domain or a page in side the actual endpoint of the Application. Eg: Actual End point of the App: http://wso2.com URL Pattern1: register (refers http://wso2.com/register) URL Pattern2: contact (refers http://wso2.com/contact)
HTTP Verb	Either GET/POST/PUT/DELETE/OPTION
Resource Policy	Select the appropriate resource policy. By default, "Default" policy group is assigned to all patterns initially. If you assign any policy group against /{context}/{version} /* it will be applicable for all the resources with the relevant HTTP Verb. Eg: URL Pattern: /{context}/{version} /* HTTP Verb: GET Resource Policy: Anonymous-Group In this case the Anonymous-Group policies will be applicable for all the GET operations (all underneath URL Patterns as well). So another URL pattern like below will be override the permissions for mentioned resources. URL Pattern: /{context}/{version} /register HTTP Verb: GET Resource Policy: Default

How to add a new resource pattern?

Type the URL Pattern, select the HTTP Verb and click on "Add Resource" button.
By default, the "Default" policy group will be assigned as Resource Policy and you can select the relevant Resource Policy from defined list.

Advanced Configuration Section

Claims

In this section you can add claims against the newly created application.

What is a Claim?

Please refer https://docs.wso2.com/display/APPM100/Claim+Management

Here you can find details about what is a Claim, how to add new mappings and many more details.

A claim be use as a container to pass specific attributed to back end service via a JWT (https://docs.wso2.com/display/AM190/Passing+Enduser+Attributes+to+the+Backend+Using+JWT)

How to add Claims?

Select the required claim from the "Available Claims" drop down and click on "Add Claim" button.

OAuth2 Key Manager Configuration

OAuth2 Key manager configurations can be stored here.

What is it?

WSO2 AppM supports SAML SSO to authenticate an user. If your backend application uses internal OAuth API calls you can use this feature to use the same SAML token generated by WSO2 AppM gateway, and get an OAuth2 access token by calling the token endpoints used by these APIs.

(Please refer https://docs.wso2.com/display/APPM110/Obtaining+an+OAuth2+Token+by+Providing+a+SAML+Token for further information)

OAuth2 Key Manager Configuration properties:
API Name	Alias for the API
API Consumer Key	Consumer Key of the OAuth API
API Consumer Secret	Consumer Secret of the OAuth API
API Token Endpoint	URL of the token endpoint used by API

How to View the created WebApps and Sites

Once the WebApp/Site is Created successfully, it will be listed under Publisher listing page.
(Login to Publisher > Web Applications > All Web Applications)

WebApp/Site Listing:

Edit an Application

To Edit the Apps you can simply navigate to app listing page and click on any app, do the changes and update.

Here you need to know that, you wont be able to change the app name,context and version.
If you need, you can change the display name. And if you need to change a version you can follow wso2-app-manager-multiple-versioning for more information.