我们使用 S4HANA Cloud SDK 并将服务部署到 SAP Cloud Platform、Cloud Foundry 环境。
该服务绑定到 Cloud Foundry UAA。使用 @sap/approuter 执行身份验证,然后在 Authorization Header 中转发 JWT 令牌。
它在大多数情况下都可以正常工作,但似乎在随机一段时间后令牌验证失败:
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT java.lang.IllegalStateException: Cannot set token verification key
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at com.sap.xs2.security.commons.SAPOfflineTokenServices.loadAuthentication(SAPOfflineTokenServices.java:110) ~[security-commons-0.22.2.jar!/:na]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at com.sap.xs2.security.commons.SAPOfflineTokenServicesCloud.loadAuthentication(SAPOfflineTokenServicesCloud.java:29) ~[security-commons-0.22.2.jar!/:na]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager.authenticate(OAuth2AuthenticationManager.java:83) ~[spring-security-oauth2-2.0.14.RELEASE.jar!/:na]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.doFilter(OAuth2AuthenticationProcessingFilter.java:150) ~[spring-security-oauth2-2.0.14.RELEASE.jar!/:na]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) ~[spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) ~[spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) ~[spring-security-web-5.0.7.RELEASE.jar!/:5.0.7.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) ~[spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) ~[spring-web-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.32.jar!/:8.5.32]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:728) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:472) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
2018-08-20T11:40:18.96+0300 [APP/PROC/WEB/0] OUT at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:395) [tomcat-embed-core-8.5.32.jar!/:8.5.32]
从调用堆栈中可以看出,我们使用 com.sap.xs2.security 0.22.2 和 com.sap.security.nw.sso.linuxx86_64.opt 1.0.0 进行令牌验证。
知道可能导致此问题的原因是什么吗?