aurora-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ville Aine (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AURORA-1930) Beta API does not work with authentication
Date Thu, 01 Jun 2017 13:10:04 GMT
Ville Aine created AURORA-1930:
----------------------------------

             Summary: Beta API does not work with authentication
                 Key: AURORA-1930
                 URL: https://issues.apache.org/jira/browse/AURORA-1930
             Project: Aurora
          Issue Type: Bug
          Components: Scheduler
    Affects Versions: 0.17.0
         Environment: OpenJDK 1.8.0_121 on 64-bit Linux
            Reporter: Ville Aine
            Priority: Minor


Issuing any Beta API request that requires authentication results in HTTP 500 response. The
logs show that this is caused by a Shiro {{UnavailableSecurityManagerException}}, which is
thrown when {{ShiroAuthenticatingThriftInterceptor}} tries to acquire the current Shiro {{Subject}}
(see attachments for full stack trace).

The reason for this seems to be twofold:

- The Jersey {{GuiceContainer}} serving the API is installed as a filter, and during  request
processing that filter is activated before any of the Shiro filters  are. Therefore Shiro
has not yet been initialized when {{ShiroAuthenticatingThriftInterceptor}} is run.
  
- There is no {{ShiroWebModule.guiceFilterModule}} installed for {{/apibeta/*}}, so  the authentication
filters would not be executed even if the filters were installed in a proper order.

The attached patch for Aurora 0.17.0 seems to fix the filter ordering issue by installing
the {{GuiceContainer}} as a servlet. It also makes sure that {{UnauthenicatedExceptions}}
thrown from auth interceptors are propagated properly.




--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message