-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 3.5.0
-
Fix Version/s: 3.10.0
-
Component/s: camel-spring-security, camel-undertow
-
Labels:None
-
Environment:
Windows 10, Java 8
-
Estimated Complexity:Unknown
Make sure port 8081 is not in use.
All requests to http://localhost:8082/hi get a 403 response, no matter if I send an oauth Token or not. The oauth token itself seems correct, I have decoded it on jwt.io and it shows that the role is present:
{
"exp": 1603546060,
"iat": 1603546000,
"jti": "3392de8c-8309-4187-8b9a-9f8edaefe226",
"iss": "http://localhost:8080/auth/realms/master",
"aud": "account",
"sub": "4612ff79-81a8-4209-a7f7-fd4b963c574e",
"typ": "Bearer",
"azp": "example-service",
"session_state": "693f9c78-2e54-447e-9749-ce6a1288877d",
"acr": "1",
"allowed-origins": [
"http://localhost:8082"
],
"realm_access": {
"roles": [
"role01",
"offline_access",
"uma_authorization"
]
},
"resource_access": {
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]
}
},
"scope": "email profile",
"email_verified": false,
"preferred_username": "user01"
}
The reason seems to be that the camel-undertow-spring-security-starter tries to start two Undertow servlets: the Spring Undertow servlet runs on port 8081, and the Camel Undertow servlet on port 8082. Only the Spring servlet has token security, but not the Camel Undertow Servlet.
In the log below you see that the org.springframework.boot.web.embedded.undertow.UndertowWebServer starts on port 8081, and it receives the filter chain with the BearerTokenAuthenticationFilter.
Then the org.apache.camel.component.undertow.DefaultUndertowHost comes up on port 8082. The log message Illegal state caused by missing securitProvider but existing allowed roles! which is written for every request to /hi also seems to show that no securityProvider is configured on the DefaultUndertowHost which runs on port 8082.
. ____ _ __ _ _ /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \ ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \ \\/ ___)| |_)| | | | | || (_| | ) ) ) ) ' |____| .__|_| |_|_| |_\__, | / / / / =========|_|==============|___/=/_/_/_/ :: Spring Boot :: (v2.3.3.RELEASE)2020-10-24 15:08:26.339 INFO 27932 --- [ main] o.a.c.undertow.spring.boot.Application : Starting Application on DZS20N436 with PID 27932 (C:\Users\Schulten\Documents\projekte\camel-spring-boot-examples-3.5.0\camel-example-spring-boot-undertow-spring-security\target\classes started by Schulten in C:\Users\Schulten\Documents\projekte\camel-spring-boot-examples-3.5.0\camel-example-spring-boot-undertow-spring-security) 2020-10-24 15:08:26.343 INFO 27932 --- [ main] o.a.c.undertow.spring.boot.Application : No active profile set, falling back to default profiles: default 2020-10-24 15:08:28.378 INFO 27932 --- [ main] io.undertow.servlet : Initializing Spring embedded WebApplicationContext 2020-10-24 15:08:28.381 INFO 27932 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1954 ms 2020-10-24 15:08:28.770 INFO 27932 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5395ea39, org.springframework.security.web.context.SecurityContextPersistenceFilter@5c41d037, org.springframework.security.web.header.HeaderWriterFilter@6d64b553, org.springframework.security.web.csrf.CsrfFilter@12477988, org.springframework.security.web.authentication.logout.LogoutFilter@29a23c3d, org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter@43b0ade, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@5ec77191, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@796d3c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@1517f633, org.springframework.security.web.session.SessionManagementFilter@757529a4, org.springframework.security.web.access.ExceptionTranslationFilter@203dd56b, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@522b2631] 2020-10-24 15:08:28.876 INFO 27932 --- [ main] o.apache.camel.support.LRUCacheFactory : Detected and using LRUCacheFactory: camel-caffeine-lrucache 2020-10-24 15:08:29.309 INFO 27932 --- [ main] io.undertow : starting server: Undertow - 2.1.3.Final 2020-10-24 15:08:29.316 INFO 27932 --- [ main] org.xnio : XNIO version 3.8.0.Final 2020-10-24 15:08:29.324 INFO 27932 --- [ main] org.xnio.nio : XNIO NIO Implementation Version 3.8.0.Final 2020-10-24 15:08:29.419 INFO 27932 --- [ main] org.jboss.threads : JBoss Threads version 3.1.0.Final 2020-10-24 15:08:29.472 INFO 27932 --- [ main] o.s.b.w.e.undertow.UndertowWebServer : Undertow started on port(s) 8081 (http) 2020-10-24 15:08:29.490 INFO 27932 --- [ main] o.a.c.s.boot.SpringBootRoutesCollector : Loading additional Camel XML routes from: classpath:camel/*.xml 2020-10-24 15:08:29.495 INFO 27932 --- [ main] o.a.c.s.boot.SpringBootRoutesCollector : Loading additional Camel XML route templates from: classpath:camel-template/*.xml 2020-10-24 15:08:29.497 INFO 27932 --- [ main] o.a.c.s.boot.SpringBootRoutesCollector : Loading additional Camel XML rests from: classpath:camel-rest/*.xml 2020-10-24 15:08:29.652 INFO 27932 --- [ main] o.a.c.impl.engine.AbstractCamelContext : Apache Camel 3.5.0 (camel-1) is starting 2020-10-24 15:08:29.655 INFO 27932 --- [ main] o.a.c.impl.engine.AbstractCamelContext : StreamCaching is not in use. If using streams then its recommended to enable stream caching. See more details at http://camel.apache.org/stream-caching.html 2020-10-24 15:08:29.656 INFO 27932 --- [ main] o.a.c.impl.engine.AbstractCamelContext : Using HealthCheck: camel-health 2020-10-24 15:08:29.669 INFO 27932 --- [ main] o.a.c.c.undertow.DefaultUndertowHost : Starting Undertow server on http://localhost:8082 2020-10-24 15:08:29.669 INFO 27932 --- [ main] io.undertow : starting server: Undertow - 2.1.3.Final 2020-10-24 15:08:29.681 INFO 27932 --- [ main] o.a.c.i.e.InternalRouteStartupManager : Route: route1 started and consuming from: http://localhost:8082/hi 2020-10-24 15:08:29.687 INFO 27932 --- [ main] o.a.c.impl.engine.AbstractCamelContext : Total 1 routes, of which 1 are started 2020-10-24 15:08:29.688 INFO 27932 --- [ main] o.a.c.impl.engine.AbstractCamelContext : Apache Camel 3.5.0 (camel-1) started in 0.035 seconds 2020-10-24 15:08:29.696 INFO 27932 --- [ main] o.a.c.undertow.spring.boot.Application : Started Application in 3.809 seconds (JVM running for 4.35) 2020-10-24 15:10:41.530 WARN 27932 --- [ XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer : Illegal state caused by missing securitProvider but existing allowed roles! 2020-10-24 15:13:16.234 WARN 27932 --- [ XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer : Illegal state caused by missing securitProvider but existing allowed roles! 2020-10-24 15:13:53.090 WARN 27932 --- [ XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer : Illegal state caused by missing securitProvider but existing allowed roles! 2020-10-24 15:15:22.183 WARN 27932 --- [ XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer : Illegal state caused by missing securitProvider but existing allowed roles! 2020-10-24 15:16:38.260 WARN 27932 --- [ XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer : Illegal state caused by missing securitProvider but existing allowed roles!
- links to