无法获取访问令牌:通过OAuth2Bearer访问S4HANA时找不到有效的JWT承载 [英] Failed to get access token: no valid JWT bearer found while accessing S4HANA via OAuth2Bearer
问题描述
我通过以下方式生成了项目:
I've generated project via:
mvn原型:generate -DarchetypeGroupId = com.sap.cloud.s4hana.archetypes -DarchetypeArtifactId = scp-cf-spring -DarchetypeVersion = LATEST
我包括了S4Sdk jar并访问了S4Hana V2 API。该代码可以在基本身份验证下正常运行,但是当我将目标类型配置为 OAuth2SAMLBEARER ASSERTION时,通过.execute调用访问S4Hana API时,CF日志中出现以下错误。 :
I included S4Sdk jars and accessing S4Hana V2 API. The code works fine with Basic authentication but when I configure destination type as "OAuth2SAMLBEARER ASSERTION" I get the following error in CF logs when accessing S4Hana API's via .execute calls. :
2018-09-07T06:37:22.728+0000 [APP/PROC/WEB/0] ERR ... 1 more
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR Caused by: com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to get access token for destination service.
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand.getAccessToken(DestinationServiceCommand.java:107)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand.run(DestinationServiceCommand.java:117)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand.run(DestinationServiceCommand.java:26)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:302)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:298)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:46)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR ... 26 more
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR Caused by: com.sap.cloud.sdk.cloudplatform.connectivity.TokenRequestFailedException: Failed to get access token: no valid JWT bearer found in "Authorization" header of request.
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.sap.cloud.sdk.cloudplatform.connectivity.TokenRequest.getCurrentJwt(TokenRequest.java:307)
2018-09-07T06:37:22.729+0000 [APP/PROC/WEB/0] ERR at com.sap.cloud.sdk.cloudplatform.connectivity.TokenRequest.requestTokenWithUserTokenGrant(TokenRequest.java:348)
注意我已经在S4Hana系统和子帐户之间建立了信任,配置了通信和业务用户,主要传播步骤如:> https://blogs.sap.com/2018/02/05/deep-dive-8-with-sap- s4hana-cloud-sdk-杠杆原理传播通过oauth-2-,当从s4hana-cloud /消费一个业务api时,
Note I've established trust between S4Hana system and subaccount, communication and business users are configured, principal propagation steps as specified in: https://blogs.sap.com/2018/02/05/deep-dive-8-with-sap-s4hana-cloud-sdk-leverage-principal-propagation-via-oauth-2-when-consuming-a-business-api-from-s4hana-cloud/ ,
请检查并告知我是否需要为此配置其他内容。
Please check and let me know if something else needs to be configured for this.
我尝试通过评论中建议的博客创建approuter,但是在cf中部署approuter时出现错误:
I tried creating approuter via blog suggested in comments but i'm getting error in deploying approuter in cf:
2018-09-07T20:01:21.20+0530 [APP/PROC/WEB/0] OUT > @sap/approuter@2.10.0 start /home/vcap/app
2018-09-07T20:01:21.20+0530 [APP/PROC/WEB/0] OUT > node approuter.js
2018-09-07T20:01:25.50+0530 [APP/PROC/WEB/0] OUT #2.0#2018 09 07 14:31:25:497#+00:00#WARNING#/LoggingLibrary################PLAIN##Dynamic log level switching not available#
2018-09-07T20:01:28.89+0530 [APP/PROC/WEB/0] OUT #2.0#2018 09 07 14:31:28:897#+00:00#INFO#/approuter################PLAIN##Application router version 2.10.0#
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR /home/vcap/app/lib/utils/JsonValidator.js:30
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR throw new VError('%s%s: %s',
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR ^
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR VError: environment-destinations/0/url: Format validation failed (URI must be absolute)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at JsonValidator.validate (/home/vcap/app/lib/utils/JsonValidator.js:30:11)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Object.validateEnvDestinations (/home/vcap/app/lib/configuration/validators.js:100:15)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at loadDestinations (/home/vcap/app/lib/configuration/env-config.js:55:14)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Object.load (/home/vcap/app/lib/configuration/env-config.js:20:28)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Object.module.exports.load (/home/vcap/app/lib/configuration.js:15:37)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at bootstrap (/home/vcap/app/lib/bootstrap.js:47:36)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Approuter.start (/home/vcap/app/approuter.js:58:13)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Object.<anonymous> (/home/vcap/app/approuter.js:115:6)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Module._compile (module.js:577:32)
2018-09-07T20:01:29.00+0530 [APP/PROC/WEB/0] ERR at Object.Module._extensions..js (module.js:586:10)
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Linux 4.4.0-133-generic
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! argv "/home/vcap/deps/0/node/bin/node" "/home/vcap/deps/0/bin/npm" "start"
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! node v6.14.3
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! npm v3.10.10
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! code ELIFECYCLE
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! @sap/approuter@2.10.0 start: `node approuter.js`
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Exit status 1
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR!
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Failed at the @sap/approuter@2.10.0 start script 'node approuter.js'.
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Make sure you have the latest version of node.js and npm installed.
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! If you do, this is most likely a problem with the @sap/approuter package,
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! not with npm itself.
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! Tell the author that this fails on your system:
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! node approuter.js
2018-09-07T20:01:29.19+0530 [APP/PROC/WEB/0] ERR npm ERR! You can get information on how to open an issue for this project with:
2018-09-07T20:01:29.20+0530 [APP/PROC/WEB/0] ERR npm ERR! npm bugs @sap/approuter
2018-09-07T20:01:29.20+0530 [APP/PROC/WEB/0] ERR npm ERR! Or if that isn't available, you can get their info via:
2018-09-07T20:01:29.20+0530 [APP/PROC/WEB/0] ERR npm ERR! npm owner ls @sap/approuter
2018-09-07T20:01:29.20+0530 [APP/PROC/WEB/0] ERR npm ERR! There is likely additional logging output above.
2018-09-07T20:01:29.29+0530 [APP/PROC/WEB/0] ERR npm ERR! Please include the following file with any support request:
2018-09-07T20:01:29.29+0530 [APP/PROC/WEB/0] ERR npm ERR! /home/vcap/app/npm-debug.log
能否在这里帮助我。我从博客中建议的链接下载了approuter。
Can you please help me here. I downloaded approuter from the link suggested in blog.
推荐答案
此问题已通过让应用路由器将JWT令牌发送到Java应用程序来解决。需要为xs-app.json之类的文件集配置正确的正则表达式,以将其映射到在应用路由器的manisfest.yml中创建的目标。在清单中创建的特定目标应使用 forward-token:true指向您的Java服务。
The issue was solved by having app router send the JWT token to Java application. There are set of files like xs-app.json that needs to be configured with the correct regular expression for the map to destinations created in manisfest.yml of your app router. The specific destination created in the manifest should point to your java service with "forward-token: true".
除此之外,创建的XSUAA服务实例应根据应用程序的要求在xs-secuity.json中定义适当的身份验证范围。
Apart from this, your XSUAA service instance created should have proper auth scopes defined in xs-secuity.json as required by your application.
对于上述错误,如果我们使用从应用路由器接收到的带有承载令牌的Java服务进行调用,则它可以正常工作。您还可以通过在xs-app.json中配置适当的正则表达式,直接从应用路由器访问该应用。
For above error, if we call the java service with bearer token as received from app router it works fine. You can also access the app directly from app router by configuring proper regex in xs-app.json.
这篇关于无法获取访问令牌:通过OAuth2Bearer访问S4HANA时找不到有效的JWT承载的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
