2

我们使用 S4HANA Cloud SDK 并将服务部署到 SAP Cloud Platform、Cloud Foundry 环境。

该服务绑定到 Cloud Foundry UAA。使用 @sap/approuter 执行身份验证,然后在 Authorization Header 中转发 JWT 令牌。

它在大多数情况下都可以正常工作,但似乎在随机一段时间后令牌验证失败:

2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT java.lang.IllegalStateException: Cannot set token verification key
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at com.sap.xs2.security.commons.SAPOfflineTokenServices.loadAuthentication(SAPOfflineTokenServices.java:110) ~[security-commons-0.22.2.jar!/:na]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at com.sap.xs2.security.commons.SAPOfflineTokenServicesCloud.loadAuthentication(SAPOfflineTokenServicesCloud.java:29) ~[security-commons-0.22.2.jar!/:na]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager.authenticate(OAuth2AuthenticationManager.java:83) ~[spring-security-oauth2-2.0.14.RELEASE.jar!/:na]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.doFilter(OAuth2AuthenticationProcessingFilter.java:150) ~[spring-security-oauth2-2.0.14.RELEASE.jar!/:na]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) ~[spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) ~[spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) ~[spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) ~[spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:728) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:472) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT     at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:395) [tomcat-embed-core-8.5.32.jar!/:8.5.32]

从调用堆栈中可以看出,我们使用 com.sap.xs2.security 0.22.2 和 com.sap.security.nw.sso.linuxx86_64.opt 1.0.0 进行令牌验证。

知道可能导致此问题的原因是什么吗?

4

1 回答 1

0

当底层 JWT 验证库尝试加载公钥时,这似乎是一个问题。您可以尝试更新com.sap.xs2.security:security-commons到最新的可用版本吗?SDK 在其物料清单 POM 的 2.3.1 版本中引用了 0.28.6 版本。

于 2018-08-22T07:53:50.970 回答