kylin-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hoang Le Trung <hoangletr...@orenj.com>
Subject Can not load, create project on Kylin using Ldap authentication
Date Tue, 07 Feb 2017 09:16:01 GMT

Hi

Last time I use default authentication for kylin that mean login Kylin with user/pass:  ADMIN/KYLIN
Now I change to using Ldap for authentication on my Kylin.

***Here is my configure:

ldap.server=ldap://...........:389
ldap.username=kylin         # user kylin belong to kylin_admin group
ldap.password=VMJlI4YQrEFg0LSfLCQMfQ==

ldap.user.searchBase=CN=Users,DC=example,DC=com
ldap.user.searchPattern=(&(cn={0}))
ldap.user.groupSearchBase=CN=Groups,DC=example,DC=com


acl.defaultRole=ROLE_ANALYST,ROLE_MODELER
acl.adminRole=ROLE_kylin_admin  # Group kylin_admin belong to (CN=Groups,DC=example,DC=com)


***With this configure I can login kylin success with above user.

2017-02-07 16:12:41,801 DEBUG [http-bio-7070-exec-9] controller.UserController:64 : authentication.getPrincipal()
is org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@707b9d35: Dn: cn=kylin,cn=Users,dc=example,dc=com;
Username: kylin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired:
true; AccountNonLocked: true; Granted Authorities: ROLE_KYLIN_ADMIN, ROLE_ANALYST, ROLE_MODELER
2017-02-07 16:12:41,842 DEBUG [http-bio-7070-exec-9] controller.UserController:64 : authentication.getPrincipal()
is org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@707b9d35: Dn: cn=kylin,cn=Users,dc=example,dc=com;
Username: kylin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired:
true; AccountNonLocked: true; Granted Authorities: ROLE_KYLIN_ADMIN, ROLE_ANALYST, ROLE_MODELER
2017-02-07 16:12:41,963 DEBUG [http-bio-7070-exec-9] controller.ProjectController:97 : authentication.getPrincipal()
is org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@707b9d35: Dn: cn=kylin,cn=Users,dc=example,dc=com;
Username: kylin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired:
true; AccountNonLocked: true; Granted Authorities: ROLE_KYLIN_ADMIN, ROLE_ANALYST, ROLE_MODELER


But I my Kylin do not show any project that I create with user ADMIN

I try create new project but false with this log:

.........
2017-02-07 16:04:44,237 ERROR [http-bio-7070-exec-2] controller.ProjectController:207 : Failed
to deal with the request.
org.springframework.security.access.AccessDeniedException: Access is denied
                at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
                at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)
                at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:60)
                at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
                at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:633)
                at org.apache.kylin.rest.service.ProjectService$$EnhancerBySpringCGLIB$$c6b4c59a.createProject(<generated>)
                at org.apache.kylin.rest.controller.ProjectController.saveProject(ProjectController.java:205)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)
                at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136)
                at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
                at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:743)
                at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:672)
                at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:82)
                at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:933)
                at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:867)
                at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:951)
                at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:853)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
                at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:827)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
                at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:201)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
                at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209)
                at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
                at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
                at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
                at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
                at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
                at java.lang.Thread.run(Thread.java:745)
2017-02-07 16:04:44,240 ERROR [http-bio-7070-exec-2] controller.BasicController:44 :
org.apache.kylin.rest.exception.InternalErrorException: Access is denied
                at org.apache.kylin.rest.controller.ProjectController.saveProject(ProjectController.java:208)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)
                at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136)
                at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
                at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:743)
                at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:672)
                at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:82)
                at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:933)
                at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:867)
                at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:951)
                at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:853)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
                at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:827)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
                at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:201)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
                at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209)
                at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
                at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
                at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
                at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
                at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
                at java.lang.Thread.run(Thread.java:745)




________________________________
This e-mail may contain confidential or privileged information. If you received this e-mail
by mistake, please don't forward it to anyone else, please erase it from your device and let
me know so I don't do it again.

Mime
View raw message