Native Image Can't Find Interface
146 views
Skip to first unread message
Tom Gregory
Jul 16, 2021, 10:05:12 AM7/16/21
to Quarkus Development mailing list
Hi - Hopefully you can help me.
I am creating an AWS Lambda Authorizer which uses Okta. It runs fine in JVM mode, but when I try and run it in native mode, I get:
07:00:30 ERROR [io.qu.am.la.ru.AbstractLambdaPollLoop] (Lambda Thread) Failed to run lambda: java.lang.IllegalStateException: No `interface com.okta.jwt.AccessTokenVerifier$Builder` implementation found on the classpath. Have you remembered to include the okta-jwt-verifier-impl.jar in your runtime classpath?
I've added the class path to a reflection config file:
[
{
"name" : "com.okta.jwt.AccessTokenVerifier$Builder",
"allDeclaredConstructors" : true,
"allPublicConstructors" : true,
"allDeclaredMethods" : true,
"allPublicMethods" : true,
"allDeclaredFields" : true,
"allPublicFields" : true
},
{
"name" : "com.okta.jwt.AccessTokenVerifier",
"allDeclaredConstructors" : true,
"allPublicConstructors" : true,
"allDeclaredMethods" : true,
"allPublicMethods" : true,
"allDeclaredFields" : true,
"allPublicFields" : true
},
{
"name" : "com.okta.jwt.JwtVerifiers",
"allDeclaredConstructors" : true,
"allPublicConstructors" : true,
"allDeclaredMethods" : true,
"allPublicMethods" : true,
"allDeclaredFields" : true,
"allPublicFields" : true
}
]
{
"name" : "com.okta.jwt.AccessTokenVerifier$Builder",
"allDeclaredConstructors" : true,
"allPublicConstructors" : true,
"allDeclaredMethods" : true,
"allPublicMethods" : true,
"allDeclaredFields" : true,
"allPublicFields" : true
},
{
"name" : "com.okta.jwt.AccessTokenVerifier",
"allDeclaredConstructors" : true,
"allPublicConstructors" : true,
"allDeclaredMethods" : true,
"allPublicMethods" : true,
"allDeclaredFields" : true,
"allPublicFields" : true
},
{
"name" : "com.okta.jwt.JwtVerifiers",
"allDeclaredConstructors" : true,
"allPublicConstructors" : true,
"allDeclaredMethods" : true,
"allPublicMethods" : true,
"allDeclaredFields" : true,
"allPublicFields" : true
}
]
Obviously, the jar is in the POM.
<dependency>
<groupId>com.okta.jwt</groupId>
<artifactId>okta-jwt-verifier-impl</artifactId>
<version>${okta-jwt.version}</version>
</dependency>
<groupId>com.okta.jwt</groupId>
<artifactId>okta-jwt-verifier-impl</artifactId>
<version>${okta-jwt.version}</version>
</dependency>
GraalVM version: 21.1.0
Quarkus version: 2.0.2.Final
Any thoughts on what I can do to get this problem resolved?
Thanks,
Tom
Georgios Andrianakis
Jul 16, 2021, 10:16:57 AM7/16/21
to fathero...@gmail.com, Quarkus Development mailing list
Can you try adding:
{
"name" : "com.okta.jwt.impl.jjwt.JjwtAccessTokenVerifierBuilder",
{ "name": "<init>", "parameterTypes": [] }
},
"name" : "com.okta.jwt.impl.jjwt.JjwtAccessTokenVerifierBuilder",
{ "name": "<init>", "parameterTypes": [] }
},
to the reflection configuration file?
--
You received this message because you are subscribed to the Google Groups "Quarkus Development mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to quarkus-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/4b163e3f-60c5-490e-9a96-13822b55c472n%40googlegroups.com.
Tom Gregory
Jul 16, 2021, 10:26:55 AM7/16/21
to Georgios Andrianakis, Quarkus Development mailing list
Hi.
I added"
,
{
"name": "com.okta.jwt.impl.jjwt.JjwtAccessTokenVerifierBuilder",
{
"name": "<init>",
"parameterTypes": []
}
}To the reflection file, but it gave me an error in the editor and compiler. Indicated:
<property> or "}" expected, got "}"
Tom
Georgios Andrianakis
Jul 16, 2021, 10:31:27 AM7/16/21
to fathero...@gmail.com, Quarkus Development mailing list
Right, I pasted the wrong format :)
But you get the idea: to register the implementation of the necessary class for reflection
Tom Gregory
Jul 16, 2021, 10:37:54 AM7/16/21
to Georgios Andrianakis, Quarkus Development mailing list
Thanks - so it now looks like this:
[
{
"name" : "com.okta.jwt.impl.jjwt.JjwtAccessTokenVerifierBuilder",
"methods" : [
{ "name" : "<init>", "parameterTypes" : [] }
]
},
{
"name" : "com.okta.jwt.AccessTokenVerifier$Builder",
"methods" : [
{ "name" : "<init>", "parameterTypes" : [] }
]
},
{
"name" : "com.okta.jwt.AccessTokenVerifier",
"methods" : [
{ "name" : "<init>", "parameterTypes" : [] }
]
},
{
"name" : "com.okta.jwt.JwtVerifiers",
"methods" : [
{ "name" : "<init>", "parameterTypes" : [] }
]
}
]
Still get the same error message:
07:36:38 ERROR [io.qu.am.la.ru.AbstractLambdaPollLoop] (Lambda Thread) Failed to run lambda: java.lang.IllegalStateException: No `interface com.okta.jwt.AccessTokenVerifier$Builder` implementation found on the classpath. Have you remembered to include the okta-jwt-verifier-impl.jar in your runtime classpath?
at com.okta.jwt.JwtVerifiers.lambda$loadService$1(JwtVerifiers.java:60)
at java.util.Optional.orElseThrow(Optional.java:408)
at com.okta.jwt.JwtVerifiers.loadService(JwtVerifiers.java:60)
at com.okta.jwt.JwtVerifiers.accessTokenVerifierBuilder(JwtVerifiers.java:51)
at com.presidiohealth.authorizer.handler.OktaAuthorizerHandler.handleRequest(OktaAuthorizerHandler.java:29)
at com.presidiohealth.authorizer.handler.OktaAuthorizerHandler.handleRequest(OktaAuthorizerHandler.java:16)
at io.quarkus.amazon.lambda.runtime.AmazonLambdaRecorder$1.processRequest(AmazonLambdaRecorder.java:155)
at io.quarkus.amazon.lambda.runtime.AbstractLambdaPollLoop$1.run(AbstractLambdaPollLoop.java:80)
at java.lang.Thread.run(Thread.java:829)
at com.oracle.svm.core.thread.JavaThreads.threadStartRoutine(JavaThreads.java:553)
at com.oracle.svm.core.posix.thread.PosixJavaThreads.pthreadStartRoutine(PosixJavaThreads.java:192)
at com.okta.jwt.JwtVerifiers.lambda$loadService$1(JwtVerifiers.java:60)
at java.util.Optional.orElseThrow(Optional.java:408)
at com.okta.jwt.JwtVerifiers.loadService(JwtVerifiers.java:60)
at com.okta.jwt.JwtVerifiers.accessTokenVerifierBuilder(JwtVerifiers.java:51)
at com.presidiohealth.authorizer.handler.OktaAuthorizerHandler.handleRequest(OktaAuthorizerHandler.java:29)
at com.presidiohealth.authorizer.handler.OktaAuthorizerHandler.handleRequest(OktaAuthorizerHandler.java:16)
at io.quarkus.amazon.lambda.runtime.AmazonLambdaRecorder$1.processRequest(AmazonLambdaRecorder.java:155)
at io.quarkus.amazon.lambda.runtime.AbstractLambdaPollLoop$1.run(AbstractLambdaPollLoop.java:80)
at java.lang.Thread.run(Thread.java:829)
at com.oracle.svm.core.thread.JavaThreads.threadStartRoutine(JavaThreads.java:553)
at com.oracle.svm.core.posix.thread.PosixJavaThreads.pthreadStartRoutine(PosixJavaThreads.java:192)
Tom
Sergey Beryozkin
Jul 16, 2021, 10:43:00 AM7/16/21
to fathero...@gmail.com, Georgios Andrianakis, Quarkus Development mailing list
Hi
Does it support a custom JWT authentication in `com.presidiohealth.authorizer.handler.OktaAuthorizerHandler.handleRequest(OktaAuthorizerHandler.java:16)` ?
I recall Bill saying these tokens are already verified by Cognito/etc, sorry if it is not related.
Also you can use quakus-smallrye-jwt to provide a custom verification as well if needed
Thanks, Sergey
To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/CAGsuPtiBWZ1eENqbnzGpj_pkOp2BvJmKCfZN0hcMWH-SjdpLzg%40mail.gmail.com.
Tom Gregory
Jul 16, 2021, 10:48:56 AM7/16/21
to Sergey Beryozkin, Georgios Andrianakis, Quarkus Development mailing list
Thanks Sergey,
We aren't using Cognito. We're using Okta.
I'll look at smallrye-jwt. I'm hoping I can use it in an authorizer. I was reading the documentation, and it looks like it is trying to wrap an HTTP end-point with JWT authorization, which is not what I want. But, if I can use the library to manually authenticate a token,
then that will work.
Thanks,
Tom
Georgios Andrianakis
Jul 16, 2021, 10:50:29 AM7/16/21
to Sergey Beryozkin, fathero...@gmail.com, Quarkus Development mailing list
To more things to try one of the following:
1) In addition to what I suggested above, also add
quarkus.native.resources.includes=META-INF/services/com.okta.jwt.AccessTokenVerifier$Builder
to application.properties
2) Add
quarkus.native.additional-build-args=-H:+UseServiceLoaderFeature
to application.properties
and don't use any of the other suggestions
Sergey Beryozkin
Jul 16, 2021, 11:02:49 AM7/16/21
to fathero...@gmail.com, Georgios Andrianakis, Quarkus Development mailing list
Sure, if you prefer to use the Okta authorizer then it is fine (sorry for hijacking the thread in any case :-)),
but just in case:
(you'd supply the parser with the token) - we can discuss it separately if it can be of interest (Zulip, Stackoverlow)
Cheers, Sergey
Reply all
Reply to author
Forward
0 new messages