[JdbcTokenStore] Failed to deserialize access token

[kekeu]

I am creating a resource server in a indenpendent application. I want to validate the access token manually using TokenStore. What am I doing:

1 - catch the request and get the authorization header (access token)

2 - After run OAuth2AccessToken accessToken = tokenStore.readAccessToken (token);

3 - With this token check validations (Token Invalid if accessToken is null, accessToken.isExpired () .....)

My problem is in step 2, where the following error occurs:

15:47:32,506 WARN [JdbcTokenStore] Failed to deserialize access token for 4781c574-abb8-41f0-aad3-bfae98be8ee5 java.lang.IllegalArgumentException: java.io.StreamCorruptedException: invalid stream header: BB656430 at org.springframework.security.oauth2.common.util.SerializationUtils.deserialize(SerializationUtils.java:47) at br.ufrn.arq.web.JdbcTokenStore.deserializeAccessToken(Oauth2Filter.java:468) at br.ufrn.arq.web.JdbcTokenStore$2.mapRow(Oauth2Filter.java:249) at br.ufrn.arq.web.JdbcTokenStore$2.mapRow(Oauth2Filter.java:1) at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:92) at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:1) at org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcTemplate.java:649) at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:587) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:637) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:666) at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:674) at org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTemplate.java:734) at br.ufrn.arq.web.JdbcTokenStore.readAccessToken(Oauth2Filter.java:246) at br.ufrn.arq.web.Oauth2Filter.doFilter(Oauth2Filter.java:81) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.ocpsoft.pretty.PrettyFilter.doFilter(PrettyFilter.java:74) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at br.ufrn.arq.web.ViewFilter.doFilter(ViewFilter.java:221) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:662) Caused by: java.io.StreamCorruptedException: invalid stream header: BB656430 at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:781) at java.io.ObjectInputStream.<init>(ObjectInputStream.java:278) at org.springframework.core.ConfigurableObjectInputStream.<init>(ConfigurableObjectInputStream.java:64) at org.springframework.core.ConfigurableObjectInputStream.<init>(ConfigurableObjectInputStream.java:50) at org.springframework.security.oauth2.common.util.SerializationUtils.deserialize(SerializationUtils.java:41) ... 37 more

Does anyone have any idea why this occurs?

Ps:

1 - My goal is to create an application where use the spring oauth2 to manage (get and validate) tokens (TokenStore) using the same database (JdbcTokenStore).

2 - With a resource server using all spring structure it works perfectly.

3 - The authorization server is configured based on sparklr.

[marclefrancois]

I have the same problem. Using postgres

[usespring]

update your postgresql dependency to last version, also the type of token column most be baytea in accsess token table

[factorit]

Updating my postgresql dependency works for me too!

[nasibulloh]

It works at me too

[Olatunji-Longe]

@tarfand1 indeed the type for the token column must be BYTEA... that's what eventually worked for me

[SeunMatt]

Speaking comprehensively, as far as Postgres is concerned, use BYTEA for ALL token and authentication columns.

The columns are defined as LONGVARBINARY in this schema reference: https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/test/resources/schema.sql

In other words, replace LONGVARBINARY with BYTEA if you are using Postgres.

Cheers