Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

java.lang.StackOverflowError: null - Customize RestOperations / NimbusJwtDecoder #14351

Closed
Christian-Schmidt-db opened this issue Dec 19, 2023 · 5 comments
Closed

java.lang.StackOverflowError: null - Customize RestOperations / NimbusJwtDecoder #14351

Christian-Schmidt-db opened this issue Dec 19, 2023 · 5 comments

Comments

@Christian-Schmidt-db
Copy link

Christian-Schmidt-db commented Dec 19, 2023
edited
Loading

Describe the bug
Referring to: #8882

When defining a custom NimbusJwtDecoder i am receiving a java.lang.StackOverflowError: null exception when processing the JWT token

To Reproduce
Dependencies:

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>3.1.5</version>
    </parent>

    <dependencies>
           ....
        <!-- Spring security -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
        </dependency>
           ....
    </dependencies>

Following security chain:

    @Bean
    protected SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {

        http.cors(AbstractHttpConfigurer::disable)
                .csrf(AbstractHttpConfigurer::disable)
                .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authorizeHttpRequests(auth -> auth
                        //PUBLIC ACCESS
                        .requestMatchers(PUBLIC_URLS)
                        .permitAll()
                        //RESTRICTED ACCESS
                        .anyRequest()
                        .authenticated())
                        .oauth2ResourceServer(oauth2 -> oauth2
                        .jwt(withDefaults())
                        // Add HeaderBearerTokenResolver and set custom HTTP-HEADER as default
                        .bearerTokenResolver(new HeaderBearerTokenResolver(RequestUtils.HTTP_HEADER))
                        // Add the entry point here to respond with response
                        .authenticationEntryPoint(new AuthenticationEntryPoint(handlerExceptionResolver)));

        return http.build();
    }

When creating custom jwtDecoder (customized restTemplate)

    @Bean
    JwtDecoder jwtDecoder() {
        return NimbusJwtDecoder.withJwkSetUri(jwkSetURI)
                .restOperations(customRestTemplate)
                .build();
    }

Spring boot resource service is throwing:

java.lang.StackOverflowError: null
	at java.base/java.lang.ReflectiveOperationException.<init>(ReflectiveOperationException.java:90)
	at java.base/java.lang.reflect.InvocationTargetException.<init>(InvocationTargetException.java:67)
	at jdk.internal.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:237)
	at jdk.proxy2/jdk.proxy2.$Proxy186.authenticate(Unknown Source)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201)
	at jdk.internal.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:237)
	at jdk.proxy2/jdk.proxy2.$Proxy186.authenticate(Unknown Source)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201)
	at jdk.internal.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:237)
	at jdk.proxy2/jdk.proxy2.$Proxy186.authenticate(Unknown Source)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201)
	at jdk.internal.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:237)
	at jdk.proxy2/jdk.proxy2.$Proxy186.authenticate(Unknown Source)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201)
	at jdk.internal.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:237)
	at jdk.proxy2/jdk.proxy2.$Proxy186.authenticate(Unknown Source)

Expected behavior
JWT token should be validated as before defining custom JwtDecoder.

Disclaimer: When using the default JwtDecoder the java.lang.StackOverflowError: null does not occure
@Christian-Schmidt-db Christian-Schmidt-db added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Dec 19, 2023
@jzheaux
Copy link
Contributor

jzheaux commented Dec 19, 2023

Hi, @Christian-Schmidt-db, thanks for the report. Sadly, I'm not able to reproduce the issue with the given information.

Will you please include a minimal GitHub sample that reproduces the issue?

@jzheaux jzheaux added status: waiting-for-feedback We need additional information before we can continue and removed status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Dec 19, 2023
@spring-projects-issues
Copy link

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

@spring-projects-issues spring-projects-issues added the status: feedback-reminder We've sent a reminder that we need additional information before we can continue label Dec 26, 2023
@spring-projects-issues
Copy link

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.

@spring-projects-issues spring-projects-issues closed this as not planned Won't fix, can't repro, duplicate, stale Jan 2, 2024
@spring-projects-issues spring-projects-issues removed status: waiting-for-feedback We need additional information before we can continue status: feedback-reminder We've sent a reminder that we need additional information before we can continue labels Jan 2, 2024
@dtejares23
Copy link

Hi, I have a problem in my Eclipse IDE during creation of "Spring Starter Project".

I always encounter this error:

StackOverflowError: null
java.lang.reflect.InvocationTargetException

@jzheaux
Copy link
Contributor

jzheaux commented Oct 28, 2024

@dtejares23, sorry you are having trouble. Please post this to Stack Overflow as we prefer to use GitHub for bugs and feature requests. If you wish, you can paste the StackOverflow link here and I and others can help from there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jzheaux @spring-projects-issues @dtejares23 @Christian-Schmidt-db