Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-15750

camel-undertow-spring-security-starter always forbidden

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.5.0
    • Fix Version/s: 3.10.0
    • Labels:
      None
    • Environment:

      Windows 10, Java 8

    • Estimated Complexity:
      Unknown

      Description

      Example: https://github.com/apache/camel-spring-boot-examples/tree/master/camel-example-spring-boot-undertow-spring-security

      Make sure port 8081 is not in use.

      All requests to http://localhost:8082/hi get a 403 response, no matter if I send an oauth Token or not. The oauth token itself seems correct, I have decoded it on jwt.io  and it shows that the role is present:

       {
        "exp": 1603546060,
        "iat": 1603546000,
        "jti": "3392de8c-8309-4187-8b9a-9f8edaefe226",
        "iss": "http://localhost:8080/auth/realms/master",
        "aud": "account",
        "sub": "4612ff79-81a8-4209-a7f7-fd4b963c574e",
        "typ": "Bearer",
        "azp": "example-service",
        "session_state": "693f9c78-2e54-447e-9749-ce6a1288877d",
        "acr": "1",
        "allowed-origins": [
          "http://localhost:8082"
        ],
        "realm_access": {
          "roles": [
            "role01",
            "offline_access",
            "uma_authorization"
          ]
        },
        "resource_access": {
          "account": {
            "roles": [
              "manage-account",
              "manage-account-links",
              "view-profile"
            ]
          }
        },
        "scope": "email profile",
        "email_verified": false,
        "preferred_username": "user01"
      }

       

      The reason seems to be that the camel-undertow-spring-security-starter tries to start two Undertow servlets: the Spring Undertow servlet runs on port 8081, and the Camel Undertow servlet on port 8082. Only the Spring servlet has token security, but not the Camel Undertow Servlet.

      In the log below you see that the org.springframework.boot.web.embedded.undertow.UndertowWebServer starts on port 8081, and it receives the filter chain with the BearerTokenAuthenticationFilter.

      Then the org.apache.camel.component.undertow.DefaultUndertowHost comes up on port 8082. The log message Illegal state caused by missing securitProvider but existing allowed roles! which is written for every request to /hi also seems to show that no securityProvider is configured on the DefaultUndertowHost which runs on port 8082.

         .   ____          _            __ _ _
       /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
      ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
       \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
        '  |____| .__|_| |_|_| |_\__, | / / / /
       =========|_|==============|___/=/_/_/_/
       :: Spring Boot ::        (v2.3.3.RELEASE)2020-10-24 15:08:26.339  INFO 27932 --- [           main] o.a.c.undertow.spring.boot.Application   : Starting Application on DZS20N436 with PID 27932 (C:\Users\Schulten\Documents\projekte\camel-spring-boot-examples-3.5.0\camel-example-spring-boot-undertow-spring-security\target\classes started by Schulten in C:\Users\Schulten\Documents\projekte\camel-spring-boot-examples-3.5.0\camel-example-spring-boot-undertow-spring-security)
      2020-10-24 15:08:26.343  INFO 27932 --- [           main] o.a.c.undertow.spring.boot.Application   : No active profile set, falling back to default profiles: default
      2020-10-24 15:08:28.378  INFO 27932 --- [           main] io.undertow.servlet                      : Initializing Spring embedded WebApplicationContext
      2020-10-24 15:08:28.381  INFO 27932 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1954 ms
      2020-10-24 15:08:28.770  INFO 27932 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5395ea39, org.springframework.security.web.context.SecurityContextPersistenceFilter@5c41d037, org.springframework.security.web.header.HeaderWriterFilter@6d64b553, org.springframework.security.web.csrf.CsrfFilter@12477988, org.springframework.security.web.authentication.logout.LogoutFilter@29a23c3d, org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter@43b0ade, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@5ec77191, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@796d3c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@1517f633, org.springframework.security.web.session.SessionManagementFilter@757529a4, org.springframework.security.web.access.ExceptionTranslationFilter@203dd56b, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@522b2631]
      2020-10-24 15:08:28.876  INFO 27932 --- [           main] o.apache.camel.support.LRUCacheFactory   : Detected and using LRUCacheFactory: camel-caffeine-lrucache
      2020-10-24 15:08:29.309  INFO 27932 --- [           main] io.undertow                              : starting server: Undertow - 2.1.3.Final
      2020-10-24 15:08:29.316  INFO 27932 --- [           main] org.xnio                                 : XNIO version 3.8.0.Final
      2020-10-24 15:08:29.324  INFO 27932 --- [           main] org.xnio.nio                             : XNIO NIO Implementation Version 3.8.0.Final
      2020-10-24 15:08:29.419  INFO 27932 --- [           main] org.jboss.threads                        : JBoss Threads version 3.1.0.Final
      2020-10-24 15:08:29.472  INFO 27932 --- [           main] o.s.b.w.e.undertow.UndertowWebServer     : Undertow started on port(s) 8081 (http)
      2020-10-24 15:08:29.490  INFO 27932 --- [           main] o.a.c.s.boot.SpringBootRoutesCollector   : Loading additional Camel XML routes from: classpath:camel/*.xml
      2020-10-24 15:08:29.495  INFO 27932 --- [           main] o.a.c.s.boot.SpringBootRoutesCollector   : Loading additional Camel XML route templates from: classpath:camel-template/*.xml
      2020-10-24 15:08:29.497  INFO 27932 --- [           main] o.a.c.s.boot.SpringBootRoutesCollector   : Loading additional Camel XML rests from: classpath:camel-rest/*.xml
      2020-10-24 15:08:29.652  INFO 27932 --- [           main] o.a.c.impl.engine.AbstractCamelContext   : Apache Camel 3.5.0 (camel-1) is starting
      2020-10-24 15:08:29.655  INFO 27932 --- [           main] o.a.c.impl.engine.AbstractCamelContext   : StreamCaching is not in use. If using streams then its recommended to enable stream caching. See more details at http://camel.apache.org/stream-caching.html
      2020-10-24 15:08:29.656  INFO 27932 --- [           main] o.a.c.impl.engine.AbstractCamelContext   : Using HealthCheck: camel-health
      2020-10-24 15:08:29.669  INFO 27932 --- [           main] o.a.c.c.undertow.DefaultUndertowHost     : Starting Undertow server on http://localhost:8082
      2020-10-24 15:08:29.669  INFO 27932 --- [           main] io.undertow                              : starting server: Undertow - 2.1.3.Final
      2020-10-24 15:08:29.681  INFO 27932 --- [           main] o.a.c.i.e.InternalRouteStartupManager    : Route: route1 started and consuming from: http://localhost:8082/hi
      2020-10-24 15:08:29.687  INFO 27932 --- [           main] o.a.c.impl.engine.AbstractCamelContext   : Total 1 routes, of which 1 are started
      2020-10-24 15:08:29.688  INFO 27932 --- [           main] o.a.c.impl.engine.AbstractCamelContext   : Apache Camel 3.5.0 (camel-1) started in 0.035 seconds
      2020-10-24 15:08:29.696  INFO 27932 --- [           main] o.a.c.undertow.spring.boot.Application   : Started Application in 3.809 seconds (JVM running for 4.35)
      2020-10-24 15:10:41.530  WARN 27932 --- [  XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer        : Illegal state caused by missing securitProvider but existing allowed roles!
      2020-10-24 15:13:16.234  WARN 27932 --- [  XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer        : Illegal state caused by missing securitProvider but existing allowed roles!
      2020-10-24 15:13:53.090  WARN 27932 --- [  XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer        : Illegal state caused by missing securitProvider but existing allowed roles!
      2020-10-24 15:15:22.183  WARN 27932 --- [  XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer        : Illegal state caused by missing securitProvider but existing allowed roles!
      2020-10-24 15:16:38.260  WARN 27932 --- [  XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer        : Illegal state caused by missing securitProvider but existing allowed roles!

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jondruse Jiri Ondrusek
                Reporter:
                dschulten Dietrich Schulten
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: