aurora-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ville Aine (JIRA)" <>
Subject [jira] [Created] (AURORA-1930) Beta API does not work with authentication
Date Thu, 01 Jun 2017 13:10:04 GMT
Ville Aine created AURORA-1930:

             Summary: Beta API does not work with authentication
                 Key: AURORA-1930
             Project: Aurora
          Issue Type: Bug
          Components: Scheduler
    Affects Versions: 0.17.0
         Environment: OpenJDK 1.8.0_121 on 64-bit Linux
            Reporter: Ville Aine
            Priority: Minor

Issuing any Beta API request that requires authentication results in HTTP 500 response. The
logs show that this is caused by a Shiro {{UnavailableSecurityManagerException}}, which is
thrown when {{ShiroAuthenticatingThriftInterceptor}} tries to acquire the current Shiro {{Subject}}
(see attachments for full stack trace).

The reason for this seems to be twofold:

- The Jersey {{GuiceContainer}} serving the API is installed as a filter, and during  request
processing that filter is activated before any of the Shiro filters  are. Therefore Shiro
has not yet been initialized when {{ShiroAuthenticatingThriftInterceptor}} is run.
- There is no {{ShiroWebModule.guiceFilterModule}} installed for {{/apibeta/*}}, so  the authentication
filters would not be executed even if the filters were installed in a proper order.

The attached patch for Aurora 0.17.0 seems to fix the filter ordering issue by installing
the {{GuiceContainer}} as a servlet. It also makes sure that {{UnauthenicatedExceptions}}
thrown from auth interceptors are propagated properly.

This message was sent by Atlassian JIRA

View raw message