App will throw exception at when I first login when device SSO is enabled

225 views Asked by At

I am testing the DeviceSSO feature, but it will throw the following exception when first time login. I'm using MobileFirst Studio 7.0 built-in server

java.lang.IllegalArgumentException
    at javax.ws.rs.core.GenericEntity.<init>(GenericEntity.java:41)
    at com.worklight.adapters.rest.JSAdapterInvoker.invokeAdapter(JSAdapterInvoker.java:42)
    at com.worklight.adapters.rest.JSAdapterRestWrapper.getSecretDataGet(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.wink.server.internal.handlers.InvokeMethodHandler.handleRequest(InvokeMethodHandler.java:63)
    at org.apache.wink.server.handlers.AbstractHandler.handleRequest(AbstractHandler.java:33)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
    at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:63)
    at com.worklight.wink.extensions.WorklightWinkHandler$1.run(WorklightWinkHandler.java:55)
    at com.worklight.wink.extensions.WorklightWinkHandler$1.run(WorklightWinkHandler.java:50)
    at com.worklight.adapters.rest.JAXRSAdapterRequestInterceptor.accessTheResourceWithIdentity(JAXRSAdapterRequestInterceptor.java:98)
    at com.worklight.adapters.rest.JAXRSAdapterRequestInterceptor.access$000(JAXRSAdapterRequestInterceptor.java:38)
    at com.worklight.adapters.rest.JAXRSAdapterRequestInterceptor$1.run(JAXRSAdapterRequestInterceptor.java:84)
    at com.worklight.adapters.rest.JAXRSAdapterRequestInterceptor$1.run(JAXRSAdapterRequestInterceptor.java:81)
    at com.worklight.core.auth.impl.OAuthValidatorFilter$1.run(OAuthValidatorFilter.java:143)
    at com.worklight.core.auth.impl.OAuthValidatorFilter$1.run(OAuthValidatorFilter.java:134)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:394)
    at com.worklight.oauth.validation.ValidationFilterHelper.filterRequest(ValidationFilterHelper.java:60)
    at com.worklight.core.auth.impl.OAuthValidatorFilter.securedAccessToResource(OAuthValidatorFilter.java:134)
    at com.worklight.core.auth.impl.OAuthValidatorFilter.filterRequest(OAuthValidatorFilter.java:101)
    at com.worklight.adapters.rest.JAXRSAdapterRequestInterceptor.handleRequest(JAXRSAdapterRequestInterceptor.java:81)
    at com.worklight.wink.extensions.WorklightWinkHandler.handleRequest(WorklightWinkHandler.java:49)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
    at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:63)
    at org.apache.wink.server.internal.handlers.CreateInvocationParametersHandler.handleRequest(CreateInvocationParametersHandler.java:54)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
    at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:63)
    at org.apache.wink.server.internal.handlers.FindResourceMethodHandler.handleSubResourceMethod(FindResourceMethodHandler.java:183)
    at org.apache.wink.server.internal.handlers.FindResourceMethodHandler.handleRequest(FindResourceMethodHandler.java:110)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
    at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:63)
    at org.apache.wink.server.internal.handlers.FindRootResourceHandler.handleRequest(FindRootResourceHandler.java:95)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
    at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:63)
    at org.apache.wink.server.internal.handlers.HeadMethodHandler.handleRequest(HeadMethodHandler.java:53)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
    at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:63)
    at org.apache.wink.server.internal.handlers.OptionsMethodHandler.handleRequest(OptionsMethodHandler.java:46)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
    at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:63)
    at org.apache.wink.server.internal.handlers.SearchResultHandler.handleRequest(SearchResultHandler.java:33)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
    at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:63)
    at org.apache.wink.server.internal.log.ResourceInvocation.handleRequest(ResourceInvocation.java:92)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
    at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:63)
    at org.apache.wink.server.internal.log.Requests.handleRequest(Requests.java:76)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:26)
    at org.apache.wink.server.handlers.RequestHandlersChain.handle(RequestHandlersChain.java:22)
    at org.apache.wink.server.handlers.AbstractHandlersChain.doChain(AbstractHandlersChain.java:63)
    at org.apache.wink.server.handlers.AbstractHandlersChain.run(AbstractHandlersChain.java:48)
    at org.apache.wink.server.internal.RequestProcessor.handleRequestWithoutFaultBarrier(RequestProcessor.java:207)
    at org.apache.wink.server.internal.RequestProcessor.handleRequest(RequestProcessor.java:154)
    at org.apache.wink.server.internal.servlet.RestServlet.service(RestServlet.java:119)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
    at com.worklight.adapters.rest.JAXRSSandbox.handleRequest(JAXRSSandbox.java:255)
    at com.worklight.adapters.rest.RESTAdaptersServiceServlet.doService(RESTAdaptersServiceServlet.java:69)
    at com.worklight.adapters.rest.RESTAdaptersServlet.service(RESTAdaptersServlet.java:64)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1275)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:766)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:472)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:135)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:74)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:975)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1097)
    at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:81)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:912)
    at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:262)
    at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:938)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
    at java.lang.Thread.run(Thread.java:695)

The config file content:

 <staticResources>
    <resource id="subscribeServlet" securityTest="SubscribeServlet">
        <urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
    </resource>

</staticResources> 

 <securityTests>
    <customSecurityTest name="SubscribeServlet">
        <test realm="SubscribeServlet" isInternalUserID="true"/>
    </customSecurityTest>           

    <customSecurityTest name="AuthAdapter-securityTest">
        <test isInternalUserID="true" realm="AdapterAuthRealm"/>
    </customSecurityTest>

    <customSecurityTest name="MySSOCustomTest">
        <test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="1"/>
        <test realm="MySSORealm" isInternalUserID="true" step="2"/>
    </customSecurityTest>

    <mobileSecurityTest name="MySSOMobileTest">
        <testDeviceId provisioningType="none" />
        <testUser realm="MySSORealm" sso="true" />
        <testDirectUpdate mode="perRequest" />
    </mobileSecurityTest>

</securityTests> 

<realms>
    <realm loginModule="AuthLoginModule" name="AdapterAuthRealm">
        <className>com.worklight.integration.auth.AdapterAuthenticator</className>
        <parameter name="login-function" value="AuthAdapter.onAuthRequired"/>
        <parameter name="logout-function" value="AuthAdapter.onLogout"/>
    </realm>

    <realm loginModule="MySSO" name="MySSORealm">
        <className>com.worklight.integration.auth.AdapterAuthenticator</className>
        <parameter name="login-function" value="AuthAdapter.onAuthRequired"/>
        <parameter name="logout-function" value="AuthAdapter.onLogout"/>
    </realm>

    <realm name="SampleAppRealm" loginModule="StrongDummy">
        <className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
    </realm>

    <realm name="SubscribeServlet" loginModule="rejectAll">
        <className>com.worklight.core.auth.ext.HeaderAuthenticator</className>          
    </realm>

</realms>

<loginModules>
    <loginModule name="AuthLoginModule">
        <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
    </loginModule>

    <loginModule name="StrongDummy" expirationInSeconds="-1">
        <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
    </loginModule>

    <loginModule name="requireLogin" expirationInSeconds="-1">
        <className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
    </loginModule>

    <loginModule name="rejectAll">
        <className>com.worklight.core.auth.ext.RejectingLoginModule</className>
    </loginModule>

    <!-- For enabling SSO with no-provisioning device authentication -->
    <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule" expirationInSeconds="-1">
        <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
    </loginModule>

</loginModules>

1

There are 1 answers

0
Idan Adar On

Your configuration is confusing, and you did not specify which one you're actually using right now - the customSecurityTest or the mobileSecurityTest.

Keep only 1 of them, and then change the configuration according to the following user documentation topic: http://www-01.ibm.com/support/knowledgecenter/SSHS8R_7.0.0/com.ibm.worklight.dev.doc/devref/t_configuring_device_SSO.html

It will be helpful to also provide your MobileFirst project.


If using mobileSecurityTest

<mobileSecurityTest name="MySSOMobileTest">
    <testDeviceId provisioningType="none" />
    <testUser realm="MySSORealm" sso="true" />
    <testDirectUpdate mode="perRequest" />
</mobileSecurityTest>

<realm name="MySSORealm" loginModule="MySSO">
    <className>com.worklight.integration.auth.AdapterAuthenticator</className>
    <parameter name="login-function" value="AuthAdapter.onAuthRequired"/>
    <parameter name="logout-function" value="AuthAdapter.onLogout"/>
</realm>

<loginModule name="MySSO" expirationInSeconds="-1">
       <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>

If using customSecurityTest

<customSecurityTest name="MySSOCustomTest">
    <test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="1"/>
    <test realm="MySSORealm" isInternalUserID="true" step="2"/>
</customSecurityTest>

<realm name="MySSORealm" loginModule="MySSO">
    <className>com.worklight.integration.auth.AdapterAuthenticator</className>
    <parameter name="login-function" value="AuthAdapter.onAuthRequired"/>
    <parameter name="logout-function" value="AuthAdapter.onLogout"/>
</realm>

<loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule" expirationInSeconds="-1">
       <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>