[AURORA-1930] Beta API does not work with authentication - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: 0.17.0
Fix Version/s: None
Component/s: Scheduler
Labels:
None
Environment:

OpenJDK 1.8.0_121 on 64-bit Linux

Description

Issuing any Beta API request that requires authentication results in HTTP 500 response. The logs show that this is caused by a Shiro UnavailableSecurityManagerException, which is thrown when ShiroAuthenticatingThriftInterceptor tries to acquire the current Shiro Subject (see attachments for full stack trace).

The reason for this seems to be twofold:

The Jersey GuiceContainer serving the API is installed as a filter, and during request processing that filter is activated before any of the Shiro filters are. Therefore Shiro has not yet been initialized when ShiroAuthenticatingThriftInterceptor is run.

There is no ShiroWebModule.guiceFilterModule installed for /apibeta/*, so the authentication filters would not be executed even if the filters were installed in a proper order.

The attached patch for Aurora 0.17.0 seems to fix the filter ordering issue by installing the GuiceContainer as a servlet. It also makes sure that UnauthenicatedExceptions thrown from auth interceptors are propagated properly.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

aurora-0.17-api-beta-auth-fix.patch
01/Jun/17 13:10
10 kB
Ville Aine
aurora-0.17.0-stacktrace.txt
01/Jun/17 13:12
9 kB
Ville Aine

Activity

People

Assignee:: Unassigned

Reporter:: Ville Aine

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 01/Jun/17 13:09

Updated:: 01/Jun/17 13:12