Secure JAXRS resource using Apache CXF & Auth0

Team, I’m trying to secure a JAXRS API using Apache CXF. I couldn’t find any promising examples yet. I tried to validate the token using AccessTokenValidatorClient and JwtAccessTokenValidator from CXF but it always results in the following error " javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized".

To add to this - if I test using postman it just works fine.

POST https://xxxxxxx-1.auth0.com/userinfo

Bearer

But when validated using CXF JaxRs, it fails with the following error.

[2018-07-16 22:13:36.820 ] [DEBUG ] [35m6848 ] [— ] [[nio-8080-exec-1] ] [36mo.a.cxf.phase.PhaseInterceptorChain ] [: ] Invoking handleMessage on interceptor org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor@35de3571
[2018-07-16 22:13:36.821 ] [DEBUG ] [35m6848 ] [— ] [[nio-8080-exec-1] ] [36morg.apache.cxf.transport.http.Headers ] [: ] Accept: application/json
[2018-07-16 22:13:36.821 ] [DEBUG ] [35m6848 ] [— ] [[nio-8080-exec-1] ] [36morg.apache.cxf.transport.http.Headers ] [: ] Content-Type: application/x-www-form-urlencoded
[2018-07-16 22:13:36.821 ] [DEBUG ] [35m6848 ] [— ] [[nio-8080-exec-1] ] [36mo.apache.cxf.transport.http.HTTPConduit ] [: ] No Trust Decider for Conduit ‘{https://xxxxxx-1.auth0.com/userinfo}WebClient.http-conduit’. An affirmative Trust Decision is assumed.
[2018-07-16 22:13:37.345 ] [DEBUG ] [35m6848 ] [— ] [[nio-8080-exec-1] ] [36mo.apache.cxf.transport.http.HTTPConduit ] [: ] Sending POST Message with Headers to https://xxxxxx-1.auth0.com/userinfo Conduit :{https://xxxxxxx-1.auth0.com/userinfo}WebClient.http-conduit

[2018-07-16 22:13:37.454 ] [DEBUG ] [35m6848 ] [— ] [[nio-8080-exec-1] ] [36mo.a.cxf.phase.PhaseInterceptorChain ] [: ] Adding interceptor org.apache.cxf.jaxrs.client.WebClient$ClientAsyncResponseInterceptor@42a5d7e5 to phase unmarshal
[2018-07-16 22:13:37.455 ] [DEBUG ] [35m6848 ] [— ] [[nio-8080-exec-1] ] [36mo.a.cxf.phase.PhaseInterceptorChain ] [: ] Adding interceptor org.apache.cxf.jaxrs.client.spec.ClientResponseFilterInterceptor@4bc75c82 to phase pre-protocol-frontend
[2018-07-16 22:13:37.455 ] [DEBUG ] [35m6848 ] [— ] [[nio-8080-exec-1] ] [36mo.a.cxf.phase.PhaseInterceptorChain ] [: ] Chain org.apache.cxf.phase.PhaseInterceptorChain@2731a0e0 was created. Current flow:
pre-protocol-frontend [ClientResponseFilterInterceptor]
unmarshal [ClientAsyncResponseInterceptor]

[2018-07-16 22:13:37.456 ] [DEBUG ] [35m6848 ] [— ] [[nio-8080-exec-1] ] [36mo.a.cxf.phase.PhaseInterceptorChain ] [: ] Invoking handleMessage on interceptor org.apache.cxf.jaxrs.client.spec.ClientResponseFilterInterceptor@4bc75c82
[2018-07-16 22:13:37.456 ] [DEBUG ] [35m6848 ] [— ] [[nio-8080-exec-1] ] [36mo.a.cxf.phase.PhaseInterceptorChain ] [: ] Invoking handleMessage on interceptor org.apache.cxf.jaxrs.client.WebClient$ClientAsyncResponseInterceptor@42a5d7e5
[2018-07-16 22:13:37.483 ] [33m WARN ] [35m6848 ] [— ] [[nio-8080-exec-1] ] [36mo.a.c.j.i.WebApplicationExceptionMapper ] [: ] javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized
at org.apache.cxf.jaxrs.utils.SpecExceptions.toNotAuthorizedException(SpecExceptions.java:94)
at org.apache.cxf.jaxrs.utils.ExceptionUtils.toNotAuthorizedException(ExceptionUtils.java:135)
at org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils.throwAuthorizationFailure(AuthorizationUtils.java:121)
at org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils.throwAuthorizationFailure(AuthorizationUtils.java:93)
at org.apache.cxf.rs.security.oauth2.services.AbstractAccessTokenValidator.getAccessTokenValidation(AbstractAccessTokenValidator.java:117)
at org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.validateRequest(OAuthRequestFilter.java:106)
at org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter.filter(OAuthRequestFilter.java:87)
at org.apache.cxf.jaxrs.utils.JAXRSUtils.runContainerRequestFilters(JAXRSUtils.java:1657)
at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:109)
at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:78)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?