I'm building a Java REST API, using Jersey. Tomcat is my web server. For user account and OAuth2 key management, I'm using Stormpath's Java SDK. I have one sample user already created through the website, and every time I post a JSON username/password request for that account to my app's v1/token endpoint in Postman, I get this exception and stacktrace:
com.stormpath.sdk.lang.InstantiationException: Unable to instantiate instance with constructor [public com.stormpath.sdk.impl.oauth.DefaultAccessToken(com.stormpath.sdk.impl.ds.InternalDataStore,java.util.Map)]
at com.stormpath.sdk.lang.Classes.instantiate(Classes.java:191)
at com.stormpath.sdk.impl.ds.DefaultResourceFactory.instantiate(DefaultResourceFactory.java:65)
at com.stormpath.sdk.impl.ds.DefaultDataStore.instantiate(DefaultDataStore.java:170)
at com.stormpath.sdk.impl.oauth.DefaultGrantAuthenticationToken.getAsAccessToken(DefaultGrantAuthenticationToken.java:79)
at com.stormpath.sdk.impl.oauth.DefaultOauthGrantAuthenticationResultBuilder.build(DefaultOauthGrantAuthenticationResultBuilder.java:87)
at com.stormpath.sdk.impl.oauth.DefaultOauthGrantAuthenticationResultBuilder.build(DefaultOauthGrantAuthenticationResultBuilder.java:24)
at com.stormpath.sdk.impl.oauth.DefaultPasswordGrantAuthenticator.authenticate(DefaultPasswordGrantAuthenticator.java:56)
at com.stormpath.sdk.impl.oauth.DefaultPasswordGrantAuthenticator.authenticate(DefaultPasswordGrantAuthenticator.java:28)
at com.ficcy.api.services.AuthService.getToken(AuthService.java:33)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:205)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102)
at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154)
at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:471)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:425)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:383)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:336)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:223)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1521)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1478)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at com.stormpath.sdk.lang.Classes.instantiate(Classes.java:188)
... 54 more
Caused by: io.jsonwebtoken.JwtException: JWT failed validation; it cannot be trusted.
at com.stormpath.sdk.impl.oauth.DefaultAccessToken.ensureAccessToken(DefaultAccessToken.java:56)
at com.stormpath.sdk.impl.oauth.DefaultAccessToken.<init>(DefaultAccessToken.java:35)
... 59 more
My JSON:
{
"login": "**EMAIL**",
"password": "**PASSWORD**"
}
There wasn't anything in the docs for the exception. This is my endpoint/service. (I started catching any and all exceptions just so I could take a look at what was happening. also, AuthRequest is a simple bean with not null constraints on the login and password fields):
package com.ficcy.api.services;
//truncated imports
@Path("/token")
public class AuthService {
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public AccessToken getToken(AuthRequest ar) {
AccessToken rtn = null;
try {
PasswordGrantRequest pgr = Oauth2Requests.PASSWORD_GRANT_REQUEST.builder().setLogin(ar.getLogin())
.setPassword(ar.getPassword()).build();
OauthGrantAuthenticationResult authResult = Authenticators.PASSWORD_GRANT_AUTHENTICATOR
.forApplication(Config.getApplication()).authenticate(pgr);
rtn = authResult.getAccessToken();
} catch (Exception e) {
System.err.println(e.getMessage());
e.printStackTrace();
}
return rtn;
}
}
EDIT: Here's my Config class, where I store my Stormpath Application:
package com.ficcy.api.config;
//truncated imports
public class Config {
private static Client client = Clients.builder().build();
private static Application application;
static {
Tenant tenant = client.getCurrentTenant();
ApplicationList applications = tenant
.getApplications(Applications.where(Applications.name().eqIgnoreCase("ficcy-api")));
application = applications.iterator().next();
}
public static Client getClient() {
return client;
}
public static Application getApplication() {
return application;
}
public static Hashids getHashid(String salt) {
return new Hashids(salt, 6);
}
}
And build.gradle:
repositories {
mavenCentral()
}
apply plugin: 'java'
apply plugin: 'war'
apply plugin: 'eclipse-wtp'
apply from: 'https://raw.github.com/akhikhl/gretty/master/pluginScripts/gretty.plugin'
dependencies {
compile 'org.glassfish.jersey.core:jersey-server:2.22.1'
compile 'org.glassfish.jersey.containers:jersey-container-servlet-core:2.22.1'
compile 'org.glassfish.jersey.core:jersey-client:2.22.1'
compile 'org.glassfish.jersey.containers:jersey-container-servlet:2.22.1'
compile 'org.glassfish.jersey.security:oauth1-client:2.22.1'
compile 'org.glassfish.jersey.media:jersey-media-json-jackson:2.22.1'
compile 'mysql:mysql-connector-java:5.1.38'
compile 'com.stormpath.sdk:stormpath-sdk-api:1.0.RC8.3'
compile 'junit:junit-dep:4.+'
compile 'org.hashids:hashids:1.0.1'
testCompile 'junit:junit-dep:4.+'
runtime 'com.stormpath.sdk:stormpath-sdk-impl:1.0.RC8.3'
runtime 'com.stormpath.sdk:stormpath-sdk-httpclient:1.0.RC8.3'
}
gretty {
port = 8080
servletContainer = 'tomcat8'
fastReload = true
contextPath = '/'
httpsEnabled = true
}
Are you sure you are getting that error when creating the access_token? I have the suspicion that you are basically trying to authenticate an erroneous access_token. Could you try re-creating it and then re-executing the piece of code that is throwing the Exception but this time with the newly generated access_token?