`Streams.bytes` requires an add-opens, manifests as "Invalid Base64Url protected header" error

Question

`Streams.bytes` requires an add-opens, manifests as "Invalid Base64Url protected header" error

plantexchen opened this issue 8 months ago · 7 comments

I tried to update today from 0.11.5 to 0.12.0. Essentially I changed my code from this

JwtParser jwtParser = Jwts.parserBuilder()
		.setSigningKey(publicKey)
		.build();
return Optional.of(jwtParser.parseClaimsJws(authToken)
		.getBody());

to this

JwtParser jwtParser = Jwts.parser()
		.verifyWith(publicKey)
		.build();
return Optional.of(jwtParser.parseSignedClaims(authToken)
		.getPayload());

I'm getting the error

Invalid Base64Url protected header: eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJtdEo1YnpQWVJ2T3Z4MWNCMVVFbnJ1UnBCMU5ZMjhMRFFRUjhoeVY3cFBRIn0

It works fine with 0.11.5, what's the problem here? I can't find useful notes on this topic in the changelog, just tried to follow the migration instructions.

Answer 1 · 2023-10-04T14:05:30.000Z

@plantexchen can you include the stacktrace?

Answer 2 · 2023-10-04T14:29:13.000Z

Good idea. Java Version is 17.0.7+8-LTS-224 on JBoss EAP 7.4.0. I had to shorten the stacktrace:

io.jsonwebtoken.MalformedJwtException: Invalid Base64Url protected header: eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJtdEo1YnpQWVJ2T3Z4MWNCMVVFbnJ1UnBCMU5ZMjhMRFFRUjhoeVY3cFBRIn0
at deployment.my.project.war//io.jsonwebtoken.impl.DefaultJwtParser.decode(DefaultJwtParser.java:883)
at deployment.my.project.war//io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:380)
at deployment.my.project.war//io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:363)
at deployment.my.project.war//io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:95)
at deployment.my.project.war//io.jsonwebtoken.impl.io.AbstractParser.parse(AbstractParser.java:36)
at deployment.my.project.war//io.jsonwebtoken.impl.io.AbstractParser.parse(AbstractParser.java:29)
at deployment.my.project.war//io.jsonwebtoken.impl.DefaultJwtParser.parseSignedClaims(DefaultJwtParser.java:822)
at
[...]
Caused by: io.jsonwebtoken.io.DecodingException: Unable to Base64Url-decode InputStream: Unable to read field java.io.ByteArrayInputStream#buf: Unable to make field protected byte[] java.io.ByteArrayInputStream.buf accessible: module java.base does not "opens java.io" to unnamed module @42001667
at deployment.my.project.war//io.jsonwebtoken.impl.io.DelegateStringDecoder.decode(DelegateStringDecoder.java:44)
at deployment.my.project.war//io.jsonwebtoken.impl.io.DelegateStringDecoder.decode(DelegateStringDecoder.java:26)
at deployment.my.project.war//io.jsonwebtoken.impl.DefaultJwtParser.decode(DefaultJwtParser.java:877)
... 175 more
Caused by: java.lang.IllegalStateException: Unable to read field java.io.ByteArrayInputStream#buf: Unable to make field protected byte[] java.io.ByteArrayInputStream.buf accessible: module java.base does not "opens java.io" to unnamed module @42001667
at deployment.my.project.war//io.jsonwebtoken.lang.Classes.getFieldValue(Classes.java:352)
at deployment.my.project.war//io.jsonwebtoken.impl.io.Streams.bytes(Streams.java:47)
at deployment.my.project.war//io.jsonwebtoken.impl.io.DelegateStringDecoder.decode(DelegateStringDecoder.java:39)
... 177 more
Caused by: java.lang.reflect.InaccessibleObjectException: Unable to make field protected byte[] java.io.ByteArrayInputStream.buf accessible: module java.base does not "opens java.io" to unnamed module @42001667
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:354)
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:297)
at java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:178)
at java.base/java.lang.reflect.Field.setAccessible(Field.java:172)
at deployment.my.project.war//io.jsonwebtoken.lang.Classes.getFieldValue(Classes.java:346)
... 179 more

It seems that I need to add-opens somewhere. The error on the surface hides the real cause pretty well.

Answer 3 · 2023-10-04T14:57:42.000Z

Try adding something like:

--add-opens=java.base/java.io=ALL-UNNAMED

We will try to get this fixed for the next release.

Answer 4 · 2023-10-04T16:21:35.000Z

Just a note: so we don't have 'me too' issues and comments, I'll be closing this in favor of #849 since this is a duplicate of the same underlying issue.

Answer 5 · 2023-10-05T03:12:05.000Z

@plantexchen this issue has been resolved and released in 0.12.1. Please allow 30 minutes from the time of this post for the release to be in Maven Central. Thank you for reporting the issue!

Answer 6 · 2023-10-05T07:08:20.000Z

@lhazlewood Thanks for your fast reaction! I will check it later.

Answer 7 · 2023-10-06T06:01:31.000Z

The 0.12.1 release only addressed projects that did not have a module-info.java and failed for those that did. 0.12.2 has been released and should work in all projects now. You shouldn't need --add-opens now (at least not for JJWT)