From notifications-return-23759-archive-asf-public=cust-asf.ponee.io@ofbiz.apache.org  Sun Feb  3 09:06:05 2019
Return-Path: <notifications-return-23759-archive-asf-public=cust-asf.ponee.io@ofbiz.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id ECE61180626
	for <archive-asf-public@cust-asf.ponee.io>; Sun,  3 Feb 2019 10:06:04 +0100 (CET)
Received: (qmail 37803 invoked by uid 500); 3 Feb 2019 09:06:04 -0000
Mailing-List: contact notifications-help@ofbiz.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:notifications-help@ofbiz.apache.org>
List-Unsubscribe: <mailto:notifications-unsubscribe@ofbiz.apache.org>
List-Post: <mailto:notifications@ofbiz.apache.org>
List-Id: <notifications.ofbiz.apache.org>
Reply-To: dev@ofbiz.apache.org
Delivered-To: mailing list notifications@ofbiz.apache.org
Received: (qmail 37793 invoked by uid 99); 3 Feb 2019 09:06:04 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 03 Feb 2019 09:06:04 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 6042418068D
	for <notifications@ofbiz.apache.org>; Sun,  3 Feb 2019 09:06:03 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -110.3
X-Spam-Level:
X-Spam-Status: No, score=-110.3 tagged_above=-999 required=6.31
	tests=[ENV_AND_HDR_SPF_MATCH=-0.5, KAM_SHORT=0.001,
	RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5,
	USER_IN_WHITELIST=-100] autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id nDchFQGU0rtk for <notifications@ofbiz.apache.org>;
	Sun,  3 Feb 2019 09:06:01 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id F374C5FDA3
	for <notifications@ofbiz.apache.org>; Sun,  3 Feb 2019 09:06:00 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 6ECFCE2681
	for <notifications@ofbiz.apache.org>; Sun,  3 Feb 2019 09:06:00 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 0FBCF243E8
	for <notifications@ofbiz.apache.org>; Sun,  3 Feb 2019 09:06:00 +0000 (UTC)
Date: Sun, 3 Feb 2019 09:06:00 +0000 (UTC)
From: "Jacques Le Roux (JIRA)" <jira@apache.org>
To: notifications@ofbiz.apache.org
Message-ID: <JIRA.13210195.1547741034000.230118.1549184760061@Atlassian.JIRA>
In-Reply-To: <JIRA.13210195.1547741034000@Atlassian.JIRA>
References: <JIRA.13210195.1547741034000@Atlassian.JIRA> <JIRA.13210195.1547741034998@jira-lw-us.apache.org>
Subject: [jira] [Commented] (OFBIZ-10814) Error parsing JWT
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/OFBIZ-10814?page=3Dcom.atlassia=
n.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D167=
59342#comment-16759342 ]=20

Jacques Le Roux commented on OFBIZ-10814:
-----------------------------------------

Thanks Deepak,

We crossed on wire (did not update the Jira), I did not thought about mobil=
e apps, but we have the same case when login to demos.

> Error parsing JWT
> -----------------
>
>                 Key: OFBIZ-10814
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-10814
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Michael Brohl
>            Assignee: Michael Brohl
>            Priority: Major
>         Attachments: Apache OFBiz JWT Test.postman_collection.json, OFBIZ=
-10814_JWT_parsing_error.patch, OFBIZ-10814_JWT_parsing_error_and_refactori=
ng.patch, OFBIZ-10814_JWT_parsing_error_examples.patch
>
>
> I have problems using the Authorization: Bearer header value for requests=
 towards OFBiz. OFBiz has problems parsing externally generated JSON Web To=
kens.
> I have generated them using both [1] and [2] using HS512 and the default =
secret.
> The JWT check fails because of a parsing error:
> {noformat}
> 2019-01-17 16:48:36,233 |jsse-nio-8443-exec-7 |JavaEventHandler=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |E| P=
roblems Processing Event
> io.jsonwebtoken.MalformedJwtException: Unable to read JSON value: =05=EF=
=BF=BDz=EF=BF=BD=EF=BF=BD'G=EF=BF=BD=02#=EF=BF=BD$=EF=BF=BDuB"=EF=BF=BD&=16=
=EF=BF=BDr#=EF=BF=BD$=EF=BF=BD3S=13"
> =C2=A0=C2=A0 =C2=A0at io.jsonwebtoken.impl.DefaultJwtParser.readValue(Def=
aultJwtParser.java:554) ~[jjwt-0.9.1.jar:0.9.1]
> =C2=A0=C2=A0 =C2=A0at io.jsonwebtoken.impl.DefaultJwtParser.parse(Default=
JwtParser.java:252) ~[jjwt-0.9.1.jar:0.9.1]
> =C2=A0=C2=A0 =C2=A0at io.jsonwebtoken.impl.DefaultJwtParser.parse(Default=
JwtParser.java:481) ~[jjwt-0.9.1.jar:0.9.1]
> =C2=A0=C2=A0 =C2=A0at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJw=
s(DefaultJwtParser.java:541) ~[jjwt-0.9.1.jar:0.9.1]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.JWTManager.validate=
Token(JWTManager.java:124) ~[ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.ExternalLoginKeysMa=
nager.jwtValidation(ExternalLoginKeysManager.java:292) ~[ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.ExternalLoginKeysMa=
nager.checkJWTLogin(ExternalLoginKeysManager.java:196) ~[ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at sun.reflect.NativeMethodAccessorImpl.invoke0(Native=
 Method) ~[?:1.8.0_152]
> =C2=A0=C2=A0 =C2=A0at sun.reflect.NativeMethodAccessorImpl.invoke(NativeM=
ethodAccessorImpl.java:62) ~[?:1.8.0_152]
> =C2=A0=C2=A0 =C2=A0at sun.reflect.DelegatingMethodAccessorImpl.invoke(Del=
egatingMethodAccessorImpl.java:43) ~[?:1.8.0_152]
> =C2=A0=C2=A0 =C2=A0at java.lang.reflect.Method.invoke(Method.java:498) ~[=
?:1.8.0_152]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.event.JavaEventHandler.invo=
ke(JavaEventHandler.java:86) [ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.RequestHandler.runE=
vent(RequestHandler.java:774) [ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.RequestHandler.doRe=
quest(RequestHandler.java:407) [ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.ControlServlet.doGe=
t(ControlServlet.java:208) [ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at javax.servlet.http.HttpServlet.service(HttpServlet.=
java:645) [javax.servlet-api-4.0.1.jar:4.0.1]
> =C2=A0=C2=A0 =C2=A0at javax.servlet.http.HttpServlet.service(HttpServlet.=
java:750) [javax.servlet-api-4.0.1.jar:4.0.1]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.ApplicationFilterChain.int=
ernalDoFilter(ApplicationFilterChain.java:231) [tomcat-catalina-9.0.13.jar:=
9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.ApplicationFilterChain.doF=
ilter(ApplicationFilterChain.java:166) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.ContextFilter.doFil=
ter(ContextFilter.java:191) [ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.ApplicationFilterChain.int=
ernalDoFilter(ApplicationFilterChain.java:193) [tomcat-catalina-9.0.13.jar:=
9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.ApplicationFilterChain.doF=
ilter(ApplicationFilterChain.java:166) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.ControlFilter.doFil=
ter(ControlFilter.java:156) [ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at javax.servlet.http.HttpFilter.doFilter(HttpFilter.j=
ava:127) [javax.servlet-api-4.0.1.jar:4.0.1]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.ApplicationFilterChain.int=
ernalDoFilter(ApplicationFilterChain.java:193) [tomcat-catalina-9.0.13.jar:=
9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.ApplicationFilterChain.doF=
ilter(ApplicationFilterChain.java:166) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.StandardWrapperValve.invok=
e(StandardWrapperValve.java:199) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.StandardContextValve.invok=
e(StandardContextValve.java:96) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.authenticator.AuthenticatorBase=
.invoke(AuthenticatorBase.java:490) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.StandardHostValve.invoke(S=
tandardHostValve.java:139) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.valves.ErrorReportValve.invoke(=
ErrorReportValve.java:92) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.StandardEngineValve.invoke=
(StandardEngineValve.java:74) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.valves.AbstractAccessLogValve.i=
nvoke(AbstractAccessLogValve.java:668) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.connector.CoyoteAdapter.service=
(CoyoteAdapter.java:343) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.coyote.http11.Http11Processor.service(Ht=
tp11Processor.java:408) [tomcat-coyote-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.coyote.AbstractProcessorLight.process(Ab=
stractProcessorLight.java:66) [tomcat-coyote-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.coyote.AbstractProtocol$ConnectionHandle=
r.process(AbstractProtocol.java:791) [tomcat-coyote-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.tomcat.util.net.NioEndpoint$SocketProces=
sor.doRun(NioEndpoint.java:1417) [tomcat-coyote-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.tomcat.util.net.SocketProcessorBase.run(=
SocketProcessorBase.java:49) [tomcat-coyote-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at java.util.concurrent.ThreadPoolExecutor.runWorker(T=
hreadPoolExecutor.java:1149) [?:1.8.0_152]
> =C2=A0=C2=A0 =C2=A0at java.util.concurrent.ThreadPoolExecutor$Worker.run(=
ThreadPoolExecutor.java:624) [?:1.8.0_152]
> =C2=A0=C2=A0 =C2=A0at org.apache.tomcat.util.threads.TaskThread$WrappingR=
unnable.run(TaskThread.java:61) [tomcat-util-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at java.lang.Thread.run(Thread.java:748) [?:1.8.0_152]
> Caused by: com.fasterxml.jackson.core.JsonParseException: Illegal charact=
er ((CTRL-CHAR, code 5)): only regular white space (\r, \n, \t) is allowed =
between tokens
> =C2=A0at [Source: (String)"=05=EF=BF=BDz=EF=BF=BD=EF=BF=BD'G=EF=BF=BD=02#=
=EF=BF=BD$=EF=BF=BDuB"=EF=BF=BD&=16=EF=BF=BDr#=EF=BF=BD$=EF=BF=BD3S=13""; l=
ine: 1, column: 2]
> =C2=A0=C2=A0 =C2=A0at com.fasterxml.jackson.core.JsonParser._constructErr=
or(JsonParser.java:1804) ~[jackson-core-2.9.6.jar:2.9.6]
> =C2=A0=C2=A0 =C2=A0at com.fasterxml.jackson.core.base.ParserMinimalBase._=
reportError(ParserMinimalBase.java:669) ~[jackson-core-2.9.6.jar:2.9.6]
> =C2=A0=C2=A0 =C2=A0at com.fasterxml.jackson.core.base.ParserMinimalBase._=
throwInvalidSpace(ParserMinimalBase.java:620) ~[jackson-core-2.9.6.jar:2.9.=
6]
> =C2=A0=C2=A0 =C2=A0at com.fasterxml.jackson.core.json.ReaderBasedJsonPars=
er._skipWSOrEnd(ReaderBasedJsonParser.java:2350) ~[jackson-core-2.9.6.jar:2=
.9.6]
> =C2=A0=C2=A0 =C2=A0at com.fasterxml.jackson.core.json.ReaderBasedJsonPars=
er.nextToken(ReaderBasedJsonParser.java:646) ~[jackson-core-2.9.6.jar:2.9.6=
]
> =C2=A0=C2=A0 =C2=A0at com.fasterxml.jackson.databind.ObjectMapper._initFo=
rReading(ObjectMapper.java:4141) ~[jackson-databind-2.9.6.jar:2.9.6]
> =C2=A0=C2=A0 =C2=A0at com.fasterxml.jackson.databind.ObjectMapper._readMa=
pAndClose(ObjectMapper.java:4000) ~[jackson-databind-2.9.6.jar:2.9.6]
> =C2=A0=C2=A0 =C2=A0at com.fasterxml.jackson.databind.ObjectMapper.readVal=
ue(ObjectMapper.java:3004) ~[jackson-databind-2.9.6.jar:2.9.6]
> =C2=A0=C2=A0 =C2=A0at io.jsonwebtoken.impl.DefaultJwtParser.readValue(Def=
aultJwtParser.java:552) ~[jjwt-0.9.1.jar:0.9.1]
> =C2=A0=C2=A0 =C2=A0... 42 more
> 2019-01-17 16:48:36,237 |jsse-nio-8443-exec-7 |RequestHandler=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0 |E| null
> org.apache.ofbiz.webapp.event.EventHandlerException: Problems processing =
event: io.jsonwebtoken.MalformedJwtException: Unable to read JSON value: =
=05=EF=BF=BDz=EF=BF=BD=EF=BF=BD'G=EF=BF=BD=02#=EF=BF=BD$=EF=BF=BDuB"=EF=BF=
=BD&=16=EF=BF=BDr#=EF=BF=BD$=EF=BF=BD3S=13" (Unable to read JSON value: =05=
=EF=BF=BDz=EF=BF=BD=EF=BF=BD'G=EF=BF=BD=02#=EF=BF=BD$=EF=BF=BDuB"=EF=BF=BD&=
=16=EF=BF=BDr#=EF=BF=BD$=EF=BF=BD3S=13")
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.event.JavaEventHandler.invo=
ke(JavaEventHandler.java:94) ~[ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.RequestHandler.runE=
vent(RequestHandler.java:774) ~[ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.RequestHandler.doRe=
quest(RequestHandler.java:407) [ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.ControlServlet.doGe=
t(ControlServlet.java:208) [ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at javax.servlet.http.HttpServlet.service(HttpServlet.=
java:645) [javax.servlet-api-4.0.1.jar:4.0.1]
> =C2=A0=C2=A0 =C2=A0at javax.servlet.http.HttpServlet.service(HttpServlet.=
java:750) [javax.servlet-api-4.0.1.jar:4.0.1]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.ApplicationFilterChain.int=
ernalDoFilter(ApplicationFilterChain.java:231) [tomcat-catalina-9.0.13.jar:=
9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.ApplicationFilterChain.doF=
ilter(ApplicationFilterChain.java:166) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.ContextFilter.doFil=
ter(ContextFilter.java:191) [ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.ApplicationFilterChain.int=
ernalDoFilter(ApplicationFilterChain.java:193) [tomcat-catalina-9.0.13.jar:=
9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.ApplicationFilterChain.doF=
ilter(ApplicationFilterChain.java:166) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.ControlFilter.doFil=
ter(ControlFilter.java:156) [ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at javax.servlet.http.HttpFilter.doFilter(HttpFilter.j=
ava:127) [javax.servlet-api-4.0.1.jar:4.0.1]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.ApplicationFilterChain.int=
ernalDoFilter(ApplicationFilterChain.java:193) [tomcat-catalina-9.0.13.jar:=
9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.ApplicationFilterChain.doF=
ilter(ApplicationFilterChain.java:166) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.StandardWrapperValve.invok=
e(StandardWrapperValve.java:199) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.StandardContextValve.invok=
e(StandardContextValve.java:96) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.authenticator.AuthenticatorBase=
.invoke(AuthenticatorBase.java:490) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.StandardHostValve.invoke(S=
tandardHostValve.java:139) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.valves.ErrorReportValve.invoke(=
ErrorReportValve.java:92) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.core.StandardEngineValve.invoke=
(StandardEngineValve.java:74) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.valves.AbstractAccessLogValve.i=
nvoke(AbstractAccessLogValve.java:668) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.catalina.connector.CoyoteAdapter.service=
(CoyoteAdapter.java:343) [tomcat-catalina-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.coyote.http11.Http11Processor.service(Ht=
tp11Processor.java:408) [tomcat-coyote-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.coyote.AbstractProcessorLight.process(Ab=
stractProcessorLight.java:66) [tomcat-coyote-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.coyote.AbstractProtocol$ConnectionHandle=
r.process(AbstractProtocol.java:791) [tomcat-coyote-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.tomcat.util.net.NioEndpoint$SocketProces=
sor.doRun(NioEndpoint.java:1417) [tomcat-coyote-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at org.apache.tomcat.util.net.SocketProcessorBase.run(=
SocketProcessorBase.java:49) [tomcat-coyote-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at java.util.concurrent.ThreadPoolExecutor.runWorker(T=
hreadPoolExecutor.java:1149) [?:1.8.0_152]
> =C2=A0=C2=A0 =C2=A0at java.util.concurrent.ThreadPoolExecutor$Worker.run(=
ThreadPoolExecutor.java:624) [?:1.8.0_152]
> =C2=A0=C2=A0 =C2=A0at org.apache.tomcat.util.threads.TaskThread$WrappingR=
unnable.run(TaskThread.java:61) [tomcat-util-9.0.13.jar:9.0.13]
> =C2=A0=C2=A0 =C2=A0at java.lang.Thread.run(Thread.java:748) [?:1.8.0_152]
> Caused by: io.jsonwebtoken.MalformedJwtException: Unable to read JSON val=
ue: =05=EF=BF=BDz=EF=BF=BD=EF=BF=BD'G=EF=BF=BD=02#=EF=BF=BD$=EF=BF=BDuB"=EF=
=BF=BD&=16=EF=BF=BDr#=EF=BF=BD$=EF=BF=BD3S=13"
> =C2=A0=C2=A0 =C2=A0at io.jsonwebtoken.impl.DefaultJwtParser.readValue(Def=
aultJwtParser.java:554) ~[jjwt-0.9.1.jar:0.9.1]
> =C2=A0=C2=A0 =C2=A0at io.jsonwebtoken.impl.DefaultJwtParser.parse(Default=
JwtParser.java:252) ~[jjwt-0.9.1.jar:0.9.1]
> =C2=A0=C2=A0 =C2=A0at io.jsonwebtoken.impl.DefaultJwtParser.parse(Default=
JwtParser.java:481) ~[jjwt-0.9.1.jar:0.9.1]
> =C2=A0=C2=A0 =C2=A0at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJw=
s(DefaultJwtParser.java:541) ~[jjwt-0.9.1.jar:0.9.1]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.JWTManager.validate=
Token(JWTManager.java:124) ~[ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.ExternalLoginKeysMa=
nager.jwtValidation(ExternalLoginKeysManager.java:292) ~[ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.ExternalLoginKeysMa=
nager.checkJWTLogin(ExternalLoginKeysManager.java:196) ~[ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at sun.reflect.NativeMethodAccessorImpl.invoke0(Native=
 Method) ~[?:1.8.0_152]
> =C2=A0=C2=A0 =C2=A0at sun.reflect.NativeMethodAccessorImpl.invoke(NativeM=
ethodAccessorImpl.java:62) ~[?:1.8.0_152]
> =C2=A0=C2=A0 =C2=A0at sun.reflect.DelegatingMethodAccessorImpl.invoke(Del=
egatingMethodAccessorImpl.java:43) ~[?:1.8.0_152]
> =C2=A0=C2=A0 =C2=A0at java.lang.reflect.Method.invoke(Method.java:498) ~[=
?:1.8.0_152]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.event.JavaEventHandler.invo=
ke(JavaEventHandler.java:86) ~[ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0... 31 more
> Caused by: com.fasterxml.jackson.core.JsonParseException: Illegal charact=
er ((CTRL-CHAR, code 5)): only regular white space (\r, \n, \t) is allowed =
between tokens
> =C2=A0at [Source: (String)"=05=EF=BF=BDz=EF=BF=BD=EF=BF=BD'G=EF=BF=BD=02#=
=EF=BF=BD$=EF=BF=BDuB"=EF=BF=BD&=16=EF=BF=BDr#=EF=BF=BD$=EF=BF=BD3S=13""; l=
ine: 1, column: 2]
> =C2=A0=C2=A0 =C2=A0at com.fasterxml.jackson.core.JsonParser._constructErr=
or(JsonParser.java:1804) ~[jackson-core-2.9.6.jar:2.9.6]
> =C2=A0=C2=A0 =C2=A0at com.fasterxml.jackson.core.base.ParserMinimalBase._=
reportError(ParserMinimalBase.java:669) ~[jackson-core-2.9.6.jar:2.9.6]
> =C2=A0=C2=A0 =C2=A0at com.fasterxml.jackson.core.base.ParserMinimalBase._=
throwInvalidSpace(ParserMinimalBase.java:620) ~[jackson-core-2.9.6.jar:2.9.=
6]
> =C2=A0=C2=A0 =C2=A0at com.fasterxml.jackson.core.json.ReaderBasedJsonPars=
er._skipWSOrEnd(ReaderBasedJsonParser.java:2350) ~[jackson-core-2.9.6.jar:2=
.9.6]
> =C2=A0=C2=A0 =C2=A0at com.fasterxml.jackson.core.json.ReaderBasedJsonPars=
er.nextToken(ReaderBasedJsonParser.java:646) ~[jackson-core-2.9.6.jar:2.9.6=
]
> =C2=A0=C2=A0 =C2=A0at com.fasterxml.jackson.databind.ObjectMapper._initFo=
rReading(ObjectMapper.java:4141) ~[jackson-databind-2.9.6.jar:2.9.6]
> =C2=A0=C2=A0 =C2=A0at com.fasterxml.jackson.databind.ObjectMapper._readMa=
pAndClose(ObjectMapper.java:4000) ~[jackson-databind-2.9.6.jar:2.9.6]
> =C2=A0=C2=A0 =C2=A0at com.fasterxml.jackson.databind.ObjectMapper.readVal=
ue(ObjectMapper.java:3004) ~[jackson-databind-2.9.6.jar:2.9.6]
> =C2=A0=C2=A0 =C2=A0at io.jsonwebtoken.impl.DefaultJwtParser.readValue(Def=
aultJwtParser.java:552) ~[jjwt-0.9.1.jar:0.9.1]
> =C2=A0=C2=A0 =C2=A0at io.jsonwebtoken.impl.DefaultJwtParser.parse(Default=
JwtParser.java:252) ~[jjwt-0.9.1.jar:0.9.1]
> =C2=A0=C2=A0 =C2=A0at io.jsonwebtoken.impl.DefaultJwtParser.parse(Default=
JwtParser.java:481) ~[jjwt-0.9.1.jar:0.9.1]
> =C2=A0=C2=A0 =C2=A0at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJw=
s(DefaultJwtParser.java:541) ~[jjwt-0.9.1.jar:0.9.1]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.JWTManager.validate=
Token(JWTManager.java:124) ~[ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.ExternalLoginKeysMa=
nager.jwtValidation(ExternalLoginKeysManager.java:292) ~[ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.control.ExternalLoginKeysMa=
nager.checkJWTLogin(ExternalLoginKeysManager.java:196) ~[ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0at sun.reflect.NativeMethodAccessorImpl.invoke0(Native=
 Method) ~[?:1.8.0_152]
> =C2=A0=C2=A0 =C2=A0at sun.reflect.NativeMethodAccessorImpl.invoke(NativeM=
ethodAccessorImpl.java:62) ~[?:1.8.0_152]
> =C2=A0=C2=A0 =C2=A0at sun.reflect.DelegatingMethodAccessorImpl.invoke(Del=
egatingMethodAccessorImpl.java:43) ~[?:1.8.0_152]
> =C2=A0=C2=A0 =C2=A0at java.lang.reflect.Method.invoke(Method.java:498) ~[=
?:1.8.0_152]
> =C2=A0=C2=A0 =C2=A0at org.apache.ofbiz.webapp.event.JavaEventHandler.invo=
ke(JavaEventHandler.java:86) ~[ofbiz.jar:?]
> =C2=A0=C2=A0 =C2=A0... 31 more{noformat}
> If I create a JWT in [2] and paste it in [1] with a not Base64 encoded se=
cret, the JWT claims are displayed fine so I think they are correct and par=
sable.
> You can test using
> {noformat}
> eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIi=
LCJpYXQiOjE1NDc3MzkzNDgsImV4cCI6MTU3OTI3NTM0OCwiYXVkIjoid3d3LmV4YW1wbGUuY29=
tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm=
5hbWUiOiJSb2NrZXQiLCJFbWFpbCI6Impyb2NrZXRAZXhhbXBsZS5jb20iLCJSb2xlIjpbIk1hb=
mFnZXIiLCJQcm9qZWN0IEFkbWluaXN0cmF0b3IiXX0.KTZOnBj_GlZw5btWc8_8xau3pqs685id=
QGta9WC3WEJzk4AEeOhjyDCbT6AbOsaLcu5uKDHDphdsq9Tiea_Hpg{noformat}
> =C2=A0
> Any ideas what could be wrong?
> =C2=A0
> [1] [https://jwt.io/]
> [2] [http://jwtbuilder.jamiekurtz.com/]
> =C2=A0



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)