You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "cdmikechen (Jira)" <ji...@apache.org> on 2021/03/31 14:27:00 UTC
[jira] [Updated] (KNOX-2565) KNOX 1.5.0 can not login sso with oidc
(pac4j 4.0.3)
[ https://issues.apache.org/jira/browse/KNOX-2565?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
cdmikechen updated KNOX-2565:
-----------------------------
Description:
When I upgrade KNOX from 1.4.0 to 1.5.0. I found that I can not login KNOX by oidc. this is error log:
{code}
2021-03-31 18:52:45,094 DEBUG org.apache.knox.gateway.pac4j.session.KnoxSessionStore (KnoxSessionStore.java:get(109)) - Get from session: OidcClient$attemptedAuthentication = null
2021-03-31 18:52:45,095 DEBUG org.apache.knox.gateway.pac4j.session.KnoxSessionStore (KnoxSessionStore.java:set(149)) - Save in session: OidcClient$stateSessionParameter = 2a265d500f
2021-03-31 18:52:45,321 DEBUG org.apache.knox.gateway.pac4j.session.KnoxSessionStore (KnoxSessionStore.java:set(149)) - Save in session: OidcClient$nonceSessionParameter = mKp7Ax_dBk1_RAFHqkF6kSrLkrzlCW_sbV2R6t50psg
2021-03-31 18:52:45,449 DEBUG org.apache.knox.gateway.pac4j.session.KnoxSessionStore (KnoxSessionStore.java:set(149)) - Save in session: OidcClient$codeVerifierSessionParameter = com.nimbusds.oauth2.sdk.pkce.CodeVerifier@8dcb5aae
2021-03-31 18:52:45,450 ERROR org.apache.knox.gateway (AbstractGatewayFilter.java:doFilter(63)) - Failed to execute filter: java.lang.ClassCastException: class com.nimbusds.oauth2.sdk.pkce.CodeVerifier cannot be cast to class java.io.Serializable (com.nimbusds.oauth2.sdk.pkce.CodeVerifier is in unnamed module of loader java.net.URLClassLoader @70177ecd; java.io.Serializable is in module java.base of loader 'bootstrap')
java.lang.ClassCastException: class com.nimbusds.oauth2.sdk.pkce.CodeVerifier cannot be cast to class java.io.Serializable (com.nimbusds.oauth2.sdk.pkce.CodeVerifier is in unnamed module of loader java.net.URLClassLoader @70177ecd; java.io.Serializable is in module java.base of loader 'bootstrap')
at org.apache.knox.gateway.pac4j.session.KnoxSessionStore.compressEncryptBase64(KnoxSessionStore.java:118)
at org.apache.knox.gateway.pac4j.session.KnoxSessionStore.set(KnoxSessionStore.java:151)
at org.pac4j.oidc.redirect.OidcRedirectionActionBuilder.addStateAndNonceParameters(OidcRedirectionActionBuilder.java:112)
at org.pac4j.oidc.redirect.OidcRedirectionActionBuilder.getRedirectionAction(OidcRedirectionActionBuilder.java:77)
at org.pac4j.core.client.IndirectClient.getRedirectionAction(IndirectClient.java:110)
at org.pac4j.core.engine.DefaultSecurityLogic.redirectToIdentityProvider(DefaultSecurityLogic.java:224)
at org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:157)
at org.pac4j.jee.filter.SecurityFilter.internalFilter(SecurityFilter.java:83)
at org.pac4j.jee.filter.AbstractConfigFilter.doFilter(AbstractConfigFilter.java:70)
at org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.doFilter(Pac4jDispatcherFilter.java:267)
at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:363)
at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262)
at org.apache.knox.gateway.filter.XForwardedHeaderFilter.doFilter(XForwardedHeaderFilter.java:50)
at org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:58)
at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:363)
at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262)
at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:166)
at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:93)
at org.apache.knox.gateway.GatewayServlet.service(GatewayServlet.java:135)
at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1443)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:791)
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626)
at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:228)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1612)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1434)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1582)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1349)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:234)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.apache.knox.gateway.trace.TraceHandler.handle(TraceHandler.java:51)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.apache.knox.gateway.filter.CorrelationHandler.handle(CorrelationHandler.java:41)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.apache.knox.gateway.filter.PortMappingHelperHandler.handle(PortMappingHelperHandler.java:106)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.Server.handle(Server.java:516)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
at java.base/java.lang.Thread.run(Unknown Source)
{code}
I check KNOX 1.5 code and I found KNOX upgrade pac4j from 3.8.5 to 4.0.3. In pac4j 4.0.3, pac4j add a new param named *pkce*
https://github.com/pac4j/pac4j/blob/6e6e02947e7d42213130b8fc8116d767e2d944c9/pac4j-oidc/src/main/java/org/pac4j/oidc/config/OidcConfiguration.java#L91
*pkce* is enable by default, so that it will store a *CodeVerifier* object to sessionstore and it is not extend from Serializable.
https://github.com/pac4j/pac4j/blob/c3df8a6dedc2a653f8691bd8efbbbcd8e684bed5/pac4j-oidc/src/main/java/org/pac4j/oidc/redirect/OidcRedirectionActionBuilder.java#L104
was:
When I upgrade KNOX from 1.4.0 to 1.5.0. I found that I can not login KNOX by oidc. this is error log:
{code}
2021-03-31 18:52:45,094 DEBUG org.apache.knox.gateway.pac4j.session.KnoxSessionStore (KnoxSessionStore.java:get(109)) - Get from session: OidcClient$attemptedAuthentication = null
2021-03-31 18:52:45,095 DEBUG org.apache.knox.gateway.pac4j.session.KnoxSessionStore (KnoxSessionStore.java:set(149)) - Save in session: OidcClient$stateSessionParameter = 2a265d500f
2021-03-31 18:52:45,321 DEBUG org.apache.knox.gateway.pac4j.session.KnoxSessionStore (KnoxSessionStore.java:set(149)) - Save in session: OidcClient$nonceSessionParameter = mKp7Ax_dBk1_RAFHqkF6kSrLkrzlCW_sbV2R6t50psg
2021-03-31 18:52:45,449 DEBUG org.apache.knox.gateway.pac4j.session.KnoxSessionStore (KnoxSessionStore.java:set(149)) - Save in session: OidcClient$codeVerifierSessionParameter = com.nimbusds.oauth2.sdk.pkce.CodeVerifier@8dcb5aae
2021-03-31 18:52:45,450 ERROR org.apache.knox.gateway (AbstractGatewayFilter.java:doFilter(63)) - Failed to execute filter: java.lang.ClassCastException: class com.nimbusds.oauth2.sdk.pkce.CodeVerifier cannot be cast to class java.io.Serializable (com.nimbusds.oauth2.sdk.pkce.CodeVerifier is in unnamed module of loader java.net.URLClassLoader @70177ecd; java.io.Serializable is in module java.base of loader 'bootstrap')
java.lang.ClassCastException: class com.nimbusds.oauth2.sdk.pkce.CodeVerifier cannot be cast to class java.io.Serializable (com.nimbusds.oauth2.sdk.pkce.CodeVerifier is in unnamed module of loader java.net.URLClassLoader @70177ecd; java.io.Serializable is in module java.base of loader 'bootstrap')
at org.apache.knox.gateway.pac4j.session.KnoxSessionStore.compressEncryptBase64(KnoxSessionStore.java:118)
at org.apache.knox.gateway.pac4j.session.KnoxSessionStore.set(KnoxSessionStore.java:151)
at org.pac4j.oidc.redirect.OidcRedirectionActionBuilder.addStateAndNonceParameters(OidcRedirectionActionBuilder.java:112)
at org.pac4j.oidc.redirect.OidcRedirectionActionBuilder.getRedirectionAction(OidcRedirectionActionBuilder.java:77)
at org.pac4j.core.client.IndirectClient.getRedirectionAction(IndirectClient.java:110)
at org.pac4j.core.engine.DefaultSecurityLogic.redirectToIdentityProvider(DefaultSecurityLogic.java:224)
at org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:157)
at org.pac4j.jee.filter.SecurityFilter.internalFilter(SecurityFilter.java:83)
at org.pac4j.jee.filter.AbstractConfigFilter.doFilter(AbstractConfigFilter.java:70)
at org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.doFilter(Pac4jDispatcherFilter.java:267)
at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:363)
at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262)
at org.apache.knox.gateway.filter.XForwardedHeaderFilter.doFilter(XForwardedHeaderFilter.java:50)
at org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:58)
at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:363)
at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262)
at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:166)
at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:93)
at org.apache.knox.gateway.GatewayServlet.service(GatewayServlet.java:135)
at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1443)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:791)
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626)
at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:228)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1612)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1434)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1582)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1349)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:234)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.apache.knox.gateway.trace.TraceHandler.handle(TraceHandler.java:51)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.apache.knox.gateway.filter.CorrelationHandler.handle(CorrelationHandler.java:41)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.apache.knox.gateway.filter.PortMappingHelperHandler.handle(PortMappingHelperHandler.java:106)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.Server.handle(Server.java:516)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
at java.base/java.lang.Thread.run(Unknown Source)
{code}
> KNOX 1.5.0 can not login sso with oidc (pac4j 4.0.3)
> ----------------------------------------------------
>
> Key: KNOX-2565
> URL: https://issues.apache.org/jira/browse/KNOX-2565
> Project: Apache Knox
> Issue Type: Bug
> Components: KnoxSSO
> Affects Versions: 1.5.0
> Reporter: cdmikechen
> Priority: Blocker
>
> When I upgrade KNOX from 1.4.0 to 1.5.0. I found that I can not login KNOX by oidc. this is error log:
> {code}
> 2021-03-31 18:52:45,094 DEBUG org.apache.knox.gateway.pac4j.session.KnoxSessionStore (KnoxSessionStore.java:get(109)) - Get from session: OidcClient$attemptedAuthentication = null
> 2021-03-31 18:52:45,095 DEBUG org.apache.knox.gateway.pac4j.session.KnoxSessionStore (KnoxSessionStore.java:set(149)) - Save in session: OidcClient$stateSessionParameter = 2a265d500f
> 2021-03-31 18:52:45,321 DEBUG org.apache.knox.gateway.pac4j.session.KnoxSessionStore (KnoxSessionStore.java:set(149)) - Save in session: OidcClient$nonceSessionParameter = mKp7Ax_dBk1_RAFHqkF6kSrLkrzlCW_sbV2R6t50psg
> 2021-03-31 18:52:45,449 DEBUG org.apache.knox.gateway.pac4j.session.KnoxSessionStore (KnoxSessionStore.java:set(149)) - Save in session: OidcClient$codeVerifierSessionParameter = com.nimbusds.oauth2.sdk.pkce.CodeVerifier@8dcb5aae
> 2021-03-31 18:52:45,450 ERROR org.apache.knox.gateway (AbstractGatewayFilter.java:doFilter(63)) - Failed to execute filter: java.lang.ClassCastException: class com.nimbusds.oauth2.sdk.pkce.CodeVerifier cannot be cast to class java.io.Serializable (com.nimbusds.oauth2.sdk.pkce.CodeVerifier is in unnamed module of loader java.net.URLClassLoader @70177ecd; java.io.Serializable is in module java.base of loader 'bootstrap')
> java.lang.ClassCastException: class com.nimbusds.oauth2.sdk.pkce.CodeVerifier cannot be cast to class java.io.Serializable (com.nimbusds.oauth2.sdk.pkce.CodeVerifier is in unnamed module of loader java.net.URLClassLoader @70177ecd; java.io.Serializable is in module java.base of loader 'bootstrap')
> at org.apache.knox.gateway.pac4j.session.KnoxSessionStore.compressEncryptBase64(KnoxSessionStore.java:118)
> at org.apache.knox.gateway.pac4j.session.KnoxSessionStore.set(KnoxSessionStore.java:151)
> at org.pac4j.oidc.redirect.OidcRedirectionActionBuilder.addStateAndNonceParameters(OidcRedirectionActionBuilder.java:112)
> at org.pac4j.oidc.redirect.OidcRedirectionActionBuilder.getRedirectionAction(OidcRedirectionActionBuilder.java:77)
> at org.pac4j.core.client.IndirectClient.getRedirectionAction(IndirectClient.java:110)
> at org.pac4j.core.engine.DefaultSecurityLogic.redirectToIdentityProvider(DefaultSecurityLogic.java:224)
> at org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:157)
> at org.pac4j.jee.filter.SecurityFilter.internalFilter(SecurityFilter.java:83)
> at org.pac4j.jee.filter.AbstractConfigFilter.doFilter(AbstractConfigFilter.java:70)
> at org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.doFilter(Pac4jDispatcherFilter.java:267)
> at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:363)
> at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262)
> at org.apache.knox.gateway.filter.XForwardedHeaderFilter.doFilter(XForwardedHeaderFilter.java:50)
> at org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:58)
> at org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:363)
> at org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262)
> at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:166)
> at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:93)
> at org.apache.knox.gateway.GatewayServlet.service(GatewayServlet.java:135)
> at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1443)
> at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:791)
> at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626)
> at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:228)
> at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
> at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
> at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
> at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1612)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
> at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1434)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
> at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1582)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
> at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1349)
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
> at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:234)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.apache.knox.gateway.trace.TraceHandler.handle(TraceHandler.java:51)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.apache.knox.gateway.filter.CorrelationHandler.handle(CorrelationHandler.java:41)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.apache.knox.gateway.filter.PortMappingHelperHandler.handle(PortMappingHelperHandler.java:106)
> at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
> at org.eclipse.jetty.server.Server.handle(Server.java:516)
> at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
> at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556)
> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
> at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
> at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
> at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
> at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
> at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
> at java.base/java.lang.Thread.run(Unknown Source)
> {code}
> I check KNOX 1.5 code and I found KNOX upgrade pac4j from 3.8.5 to 4.0.3. In pac4j 4.0.3, pac4j add a new param named *pkce*
> https://github.com/pac4j/pac4j/blob/6e6e02947e7d42213130b8fc8116d767e2d944c9/pac4j-oidc/src/main/java/org/pac4j/oidc/config/OidcConfiguration.java#L91
> *pkce* is enable by default, so that it will store a *CodeVerifier* object to sessionstore and it is not extend from Serializable.
> https://github.com/pac4j/pac4j/blob/c3df8a6dedc2a653f8691bd8efbbbcd8e684bed5/pac4j-oidc/src/main/java/org/pac4j/oidc/redirect/OidcRedirectionActionBuilder.java#L104
--
This message was sent by Atlassian Jira
(v8.3.4#803005)