0

I am hitting http://localhost:5000/hello to get com.sap.cloud.sdk.cloudplatform.security.user.User & com.sap.cloud.sdk.cloudplatform.connectivity.Destination objects after xsuaa login.

Occurred below exception while getting destination after xsuaa login in locally.

Please find my non-working code from github

approuter URL: http://localhost:5000

businessapp URL: http://localhost:8080/businessapp

Please suggest me how to fix this issue.

com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to get destinations of provider service instance: Failed to get access token for destination service. If your application is running on Cloud Foundry, make sure to have a binding to both the destination service and the authorization and trust management (xsuaa) service, AND that you either properly secured your application or have set the "ALLOW_MOCKED_AUTH_HEADER" environment variable to true. If your application is not running on Cloud Foundry, for example, when deploying to a local container, consider declaring the "destinations" environment variable to configure destinations.
    at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationFacade.getGenericDestinationsByName(ScpCfDestinationFacade.java:202)
    at com.sap.cloud.sdk.cloudplatform.connectivity.AbstractDestinationFacade.getGenericDestination(AbstractDestinationFacade.java:173)
    at com.sap.cloud.sdk.cloudplatform.connectivity.AbstractDestinationFacade.getDestination(AbstractDestinationFacade.java:191)
    at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationAccessor.getDestination(DestinationAccessor.java:202)
    at com.dama.scpcf.services.DestinationService.getDestination(DestinationService.java:10)
    at com.dama.scpcf.web.HelloWorldServlet.doGet(HelloWorldServlet.java:45)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    at com.google.inject.servlet.ServletDefinition.doServiceImpl(ServletDefinition.java:287)
    at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:277)
    at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:182)
    at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91)
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:85)
    at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:119)
    at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133)
    at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130)
    at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203)
    at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at com.sap.cloud.sdk.cloudplatform.servlet.RequestContextServletFilter.lambda$doFilter$0(RequestContextServletFilter.java:171)
    at com.sap.cloud.sdk.cloudplatform.servlet.RequestContextCallable.call(RequestContextCallable.java:95)
    at com.sap.cloud.sdk.cloudplatform.servlet.RequestContextServletFilter.doFilter(RequestContextServletFilter.java:173)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at com.sap.cloud.sdk.cloudplatform.security.servlet.HttpCachingHeaderFilter.doFilter(HttpCachingHeaderFilter.java:57)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at com.sap.cloud.sdk.cloudplatform.security.servlet.HttpSecurityHeadersFilter.doFilter(HttpSecurityHeadersFilter.java:42)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.filters.RestCsrfPreventionFilter.doFilter(RestCsrfPreventionFilter.java:115)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.doFilter(OAuth2AuthenticationProcessingFilter.java:176)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.tomee.catalina.OpenEJBValve.invoke(OpenEJBValve.java:44)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2517)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2506)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:748)
Caused by: com.google.common.util.concurrent.UncheckedExecutionException: com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to get destinations of provider service instance: Failed to get access token for destination service. If your application is running on Cloud Foundry, make sure to have a binding to both the destination service and the authorization and trust management (xsuaa) service, AND that you either properly secured your application or have set the "ALLOW_MOCKED_AUTH_HEADER" environment variable to true. If your application is not running on Cloud Foundry, for example, when deploying to a local container, consider declaring the "destinations" environment variable to configure destinations.
    at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2050)
    at com.google.common.cache.LocalCache.get(LocalCache.java:3951)
    at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4870)
    at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationFacade.getGenericDestinationsByName(ScpCfDestinationFacade.java:180)
    ... 75 more
Caused by: com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to get destinations of provider service instance: Failed to get access token for destination service. If your application is running on Cloud Foundry, make sure to have a binding to both the destination service and the authorization and trust management (xsuaa) service, AND that you either properly secured your application or have set the "ALLOW_MOCKED_AUTH_HEADER" environment variable to true. If your application is not running on Cloud Foundry, for example, when deploying to a local container, consider declaring the "destinations" environment variable to configure destinations.
    at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationFacade.buildDestinationAccessException(ScpCfDestinationFacade.java:299)
    at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationFacade.fetchAllDestinations(ScpCfDestinationFacade.java:233)
    at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationFacade.lambda$getGenericDestinationsByName$0(ScpCfDestinationFacade.java:183)
    at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4875)
    at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3527)
    at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2276)
    at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2154)
    at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2044)
    ... 78 more
Caused by: java.util.concurrent.ExecutionException: Observable onError
    at rx.internal.operators.BlockingOperatorToFuture$2.getValue(BlockingOperatorToFuture.java:118)
    at rx.internal.operators.BlockingOperatorToFuture$2.get(BlockingOperatorToFuture.java:102)
    at com.netflix.hystrix.HystrixCommand$4.get(HystrixCommand.java:423)
    at com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationFacade.fetchAllDestinations(ScpCfDestinationFacade.java:229)
    ... 84 more
Caused by: com.netflix.hystrix.exception.HystrixRuntimeException: com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand#t=52d1f6b0-fd5c-44ad-bbf2-f33ff148c780#u= failed and fallback disabled.
    at com.netflix.hystrix.AbstractCommand.handleFallbackDisabledByEmittingError(AbstractCommand.java:1052)
    at com.netflix.hystrix.AbstractCommand.getFallbackOrThrowException(AbstractCommand.java:878)
    at com.netflix.hystrix.AbstractCommand.handleFailureViaFallback(AbstractCommand.java:1034)
    at com.netflix.hystrix.AbstractCommand.access$700(AbstractCommand.java:60)
    at com.netflix.hystrix.AbstractCommand$12.call(AbstractCommand.java:622)
    at com.netflix.hystrix.AbstractCommand$12.call(AbstractCommand.java:601)
    at rx.internal.operators.OperatorOnErrorResumeNextViaFunction$4.onError(OperatorOnErrorResumeNextViaFunction.java:140)
    at rx.internal.operators.OnSubscribeDoOnEach$DoOnEachSubscriber.onError(OnSubscribeDoOnEach.java:87)
    at rx.internal.operators.OnSubscribeDoOnEach$DoOnEachSubscriber.onError(OnSubscribeDoOnEach.java:87)
    at com.netflix.hystrix.AbstractCommand$HystrixObservableTimeoutOperator$2.onError(AbstractCommand.java:1194)
    at rx.internal.operators.OperatorSubscribeOn$SubscribeOnSubscriber.onError(OperatorSubscribeOn.java:80)
    at rx.observers.Subscribers$5.onError(Subscribers.java:230)
    at rx.internal.operators.OnSubscribeDoOnEach$DoOnEachSubscriber.onError(OnSubscribeDoOnEach.java:87)
    at rx.observers.Subscribers$5.onError(Subscribers.java:230)
    at com.netflix.hystrix.AbstractCommand$DeprecatedOnRunHookApplication$1.onError(AbstractCommand.java:1431)
    at com.netflix.hystrix.AbstractCommand$ExecutionHookApplication$1.onError(AbstractCommand.java:1362)
    at rx.observers.Subscribers$5.onError(Subscribers.java:230)
    at rx.observers.Subscribers$5.onError(Subscribers.java:230)
    at rx.internal.operators.OnSubscribeThrow.call(OnSubscribeThrow.java:44)
    at rx.internal.operators.OnSubscribeThrow.call(OnSubscribeThrow.java:28)
    at rx.Observable.unsafeSubscribe(Observable.java:10327)
    at rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:51)
    at rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:35)
    at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
    at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
    at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
    at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
    at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
    at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
    at rx.Observable.unsafeSubscribe(Observable.java:10327)
    at rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:51)
    at rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:35)
    at rx.Observable.unsafeSubscribe(Observable.java:10327)
    at rx.internal.operators.OnSubscribeDoOnEach.call(OnSubscribeDoOnEach.java:41)
    at rx.internal.operators.OnSubscribeDoOnEach.call(OnSubscribeDoOnEach.java:30)
    at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:48)
    at rx.internal.operators.OnSubscribeLift.call(OnSubscribeLift.java:30)
    at rx.Observable.unsafeSubscribe(Observable.java:10327)
    at rx.internal.operators.OperatorSubscribeOn$SubscribeOnSubscriber.call(OperatorSubscribeOn.java:100)
    at com.netflix.hystrix.strategy.concurrency.HystrixContexSchedulerAction$1.call(HystrixContexSchedulerAction.java:56)
    at com.netflix.hystrix.strategy.concurrency.HystrixContexSchedulerAction$1.call(HystrixContexSchedulerAction.java:47)
    at com.netflix.hystrix.strategy.concurrency.HystrixContexSchedulerAction.call(HystrixContexSchedulerAction.java:69)
    at rx.internal.schedulers.ScheduledAction.run(ScheduledAction.java:55)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    ... 1 more
Caused by: com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to get access token for destination service.
    at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand.getAccessToken(DestinationServiceCommand.java:114)
    at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand.run(DestinationServiceCommand.java:124)
    at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand.run(DestinationServiceCommand.java:28)
    at com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:302)
    at com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:298)
    at rx.internal.operators.OnSubscribeDefer.call(OnSubscribeDefer.java:46)
    ... 26 more
Caused by: com.sap.cloud.sdk.cloudplatform.security.exception.TokenRequestFailedException: com.sap.cloud.sdk.cloudplatform.exception.NoServiceBindingException: Failed to get "destination" service credentials: no service binding found . Please make sure to correctly bind your application to a service instance.
    at com.sap.cloud.sdk.cloudplatform.connectivity.XsuaaService.getClientCredentials(XsuaaService.java:133)
    at com.sap.cloud.sdk.cloudplatform.connectivity.XsuaaService.getServiceToken(XsuaaService.java:231)
    at com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceCommand.getAccessToken(DestinationServiceCommand.java:111)
    ... 31 more
Caused by: com.sap.cloud.sdk.cloudplatform.exception.NoServiceBindingException: Failed to get "destination" service credentials: no service binding found . Please make sure to correctly bind your application to a service instance.
    at com.sap.cloud.sdk.cloudplatform.ScpCfCloudPlatform.getServiceCredentials(ScpCfCloudPlatform.java:331)
    at com.sap.cloud.sdk.cloudplatform.ScpCfCloudPlatform.getServiceCredentials(ScpCfCloudPlatform.java:244)
    at com.sap.cloud.sdk.cloudplatform.connectivity.XsuaaService.getClientCredentials(XsuaaService.java:130)
    ... 33 more

enter image description here

Dama Ramesh
  • 159
  • 14

2 Answers2

1

Essentially, the preconditions to make that run are named in the error message.

Failed to get destinations of provider service instance: Failed to get access token for destination service. If your application is running on Cloud Foundry, make sure to have a binding to both the destination service and the authorization and trust management (xsuaa) service, AND that you either properly secured your application or have set the "ALLOW_MOCKED_AUTH_HEADER" environment variable to true. If your application is not running on Cloud Foundry, for example, when deploying to a local container, consider declaring the "destinations" environment variable to configure destinations.

So make sure that both environment variables are set as expected. Find more information about the destinationsvariable in step 4 of our blog posts.

Emdee
  • 1,689
  • 5
  • 22
  • 35
0

As described by Emdee you can mock the destination using the ALLOW_MOCKED_AUTH_HEADER variable. However, using this variable will also render the local access to a JWT-based user as answered here useless: Failed to get current user: no RequestContext available.

Alternatively, you have to provide the configuration to the destination service via VCAP_SERVICES similar to the XSUAA configuration as answered here: Invalid bean definition with name 'offlineTokenServices' defined in ServletContext resource [/WEB-INF/spring-security.xml] based on a real service binding in CloudFoundry. Please use cf env <yourappname> to copy those values from a bound application in CF to your local setup. Disclaimer: I did not try it myself, but it should work this way.

Philipp Herzig
  • 350
  • 6
  • 10
  • Philipp, I attached image in my above question description, Is your answer to get `Destinations` under `Connectivity` tab? – Dama Ramesh Nov 28 '18 at 12:02
  • Dama, pls clarify if you're running your example on your local machine or in the SAP Cloud Platform. This distinction influences where and how you specify destinations. – Emdee Nov 29 '18 at 07:24
  • Hi Dama, the configuration you posted relates to the configuration of the destination itself not the technical binding of the destination service to the application. As written in my answer, please do a `cf env APP_NAME` on an app which is actually bound to the `scp-document` instance. This should look something like this: System-Provided: `{ "VCAP_SERVICES": { "destination": [ { "binding_name": null, "credentials": { ... ` – Philipp Herzig Nov 29 '18 at 09:48
  • Philipp, I added environment variable name as `destinations` and value as `[ { "destination": [ { "credentials": { "xsappname": "", "clientid": "", "clientsecret": "", "identityzone": "", "url": "", "verificationkey": "" }, "tags": [ "destination", "document" ] } ] } ]` in locally. But getting `com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: No valid JSON primitive defined for property "Name".` exception. Please suggest me, what exact JSON value. – Dama Ramesh Nov 30 '18 at 09:53
  • No, not as dedicated destination variable but as part of `VCAP_SERVICES` alongside (as sibling) the `xsuaa` definition. Please remove the `destination` variable which is just used for simple starter projects and which overrides the potential use of the destination service. Look how the `VCAP_SERVICES` variable is constructed when you do a `cf env APP_NAME`. Just provide this as is to your local application incl. the correct public key, URLs, etc. This is necessary so that underneath an OAuth Flow with the destination service can be initiated. – Philipp Herzig Nov 30 '18 at 17:49