You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Jiri Ondrusek (Jira)" <ji...@apache.org> on 2020/12/01 10:17:00 UTC

[jira] [Assigned] (CAMEL-15750) camel-undertow-spring-security-starter always forbidden

     [ https://issues.apache.org/jira/browse/CAMEL-15750?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jiri Ondrusek reassigned CAMEL-15750:
-------------------------------------

    Assignee: Jiri Ondrusek

> camel-undertow-spring-security-starter always forbidden
> -------------------------------------------------------
>
>                 Key: CAMEL-15750
>                 URL: https://issues.apache.org/jira/browse/CAMEL-15750
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-spring-security, camel-undertow
>    Affects Versions: 3.5.0
>         Environment: Windows 10, Java 8
>            Reporter: Dietrich Schulten
>            Assignee: Jiri Ondrusek
>            Priority: Major
>
> Example: [https://github.com/apache/camel-spring-boot-examples/tree/master/camel-example-spring-boot-undertow-spring-security]
> Make sure port 8081 is not in use.
> All requests to [http://localhost:8082/hi] get a 403 response, no matter if I send an oauth Token or not. The oauth token itself seems correct, I have decoded it on jwt.io  and it shows that the role is present:
> {code:java}
>  {
>   "exp": 1603546060,
>   "iat": 1603546000,
>   "jti": "3392de8c-8309-4187-8b9a-9f8edaefe226",
>   "iss": "http://localhost:8080/auth/realms/master",
>   "aud": "account",
>   "sub": "4612ff79-81a8-4209-a7f7-fd4b963c574e",
>   "typ": "Bearer",
>   "azp": "example-service",
>   "session_state": "693f9c78-2e54-447e-9749-ce6a1288877d",
>   "acr": "1",
>   "allowed-origins": [
>     "http://localhost:8082"
>   ],
>   "realm_access": {
>     "roles": [
>       "role01",
>       "offline_access",
>       "uma_authorization"
>     ]
>   },
>   "resource_access": {
>     "account": {
>       "roles": [
>         "manage-account",
>         "manage-account-links",
>         "view-profile"
>       ]
>     }
>   },
>   "scope": "email profile",
>   "email_verified": false,
>   "preferred_username": "user01"
> }{code}
>  
> The reason seems to be that the camel-undertow-spring-security-starter tries to start two Undertow servlets: the Spring Undertow servlet runs on port 8081, and the Camel Undertow servlet on port 8082. Only the Spring servlet has token security, but not the Camel Undertow Servlet.
> In the log below you see that the org.springframework.boot.web.embedded.undertow.UndertowWebServer starts on port 8081, and it receives the filter chain with the BearerTokenAuthenticationFilter.
> Then the org.apache.camel.component.undertow.DefaultUndertowHost comes up on port 8082. The log message {{Illegal state caused by missing securitProvider but existing allowed roles!}} which is written for every request to _/hi_ also seems to show that no securityProvider is configured on the DefaultUndertowHost which runs on port 8082.
> {code:java}
>    .   ____          _            __ _ _
>  /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
> ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
>  \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
>   '  |____| .__|_| |_|_| |_\__, | / / / /
>  =========|_|==============|___/=/_/_/_/
>  :: Spring Boot ::        (v2.3.3.RELEASE)2020-10-24 15:08:26.339  INFO 27932 --- [           main] o.a.c.undertow.spring.boot.Application   : Starting Application on DZS20N436 with PID 27932 (C:\Users\Schulten\Documents\projekte\camel-spring-boot-examples-3.5.0\camel-example-spring-boot-undertow-spring-security\target\classes started by Schulten in C:\Users\Schulten\Documents\projekte\camel-spring-boot-examples-3.5.0\camel-example-spring-boot-undertow-spring-security)
> 2020-10-24 15:08:26.343  INFO 27932 --- [           main] o.a.c.undertow.spring.boot.Application   : No active profile set, falling back to default profiles: default
> 2020-10-24 15:08:28.378  INFO 27932 --- [           main] io.undertow.servlet                      : Initializing Spring embedded WebApplicationContext
> 2020-10-24 15:08:28.381  INFO 27932 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1954 ms
> 2020-10-24 15:08:28.770  INFO 27932 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5395ea39, org.springframework.security.web.context.SecurityContextPersistenceFilter@5c41d037, org.springframework.security.web.header.HeaderWriterFilter@6d64b553, org.springframework.security.web.csrf.CsrfFilter@12477988, org.springframework.security.web.authentication.logout.LogoutFilter@29a23c3d, org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter@43b0ade, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@5ec77191, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@796d3c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@1517f633, org.springframework.security.web.session.SessionManagementFilter@757529a4, org.springframework.security.web.access.ExceptionTranslationFilter@203dd56b, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@522b2631]
> 2020-10-24 15:08:28.876  INFO 27932 --- [           main] o.apache.camel.support.LRUCacheFactory   : Detected and using LRUCacheFactory: camel-caffeine-lrucache
> 2020-10-24 15:08:29.309  INFO 27932 --- [           main] io.undertow                              : starting server: Undertow - 2.1.3.Final
> 2020-10-24 15:08:29.316  INFO 27932 --- [           main] org.xnio                                 : XNIO version 3.8.0.Final
> 2020-10-24 15:08:29.324  INFO 27932 --- [           main] org.xnio.nio                             : XNIO NIO Implementation Version 3.8.0.Final
> 2020-10-24 15:08:29.419  INFO 27932 --- [           main] org.jboss.threads                        : JBoss Threads version 3.1.0.Final
> 2020-10-24 15:08:29.472  INFO 27932 --- [           main] o.s.b.w.e.undertow.UndertowWebServer     : Undertow started on port(s) 8081 (http)
> 2020-10-24 15:08:29.490  INFO 27932 --- [           main] o.a.c.s.boot.SpringBootRoutesCollector   : Loading additional Camel XML routes from: classpath:camel/*.xml
> 2020-10-24 15:08:29.495  INFO 27932 --- [           main] o.a.c.s.boot.SpringBootRoutesCollector   : Loading additional Camel XML route templates from: classpath:camel-template/*.xml
> 2020-10-24 15:08:29.497  INFO 27932 --- [           main] o.a.c.s.boot.SpringBootRoutesCollector   : Loading additional Camel XML rests from: classpath:camel-rest/*.xml
> 2020-10-24 15:08:29.652  INFO 27932 --- [           main] o.a.c.impl.engine.AbstractCamelContext   : Apache Camel 3.5.0 (camel-1) is starting
> 2020-10-24 15:08:29.655  INFO 27932 --- [           main] o.a.c.impl.engine.AbstractCamelContext   : StreamCaching is not in use. If using streams then its recommended to enable stream caching. See more details at http://camel.apache.org/stream-caching.html
> 2020-10-24 15:08:29.656  INFO 27932 --- [           main] o.a.c.impl.engine.AbstractCamelContext   : Using HealthCheck: camel-health
> 2020-10-24 15:08:29.669  INFO 27932 --- [           main] o.a.c.c.undertow.DefaultUndertowHost     : Starting Undertow server on http://localhost:8082
> 2020-10-24 15:08:29.669  INFO 27932 --- [           main] io.undertow                              : starting server: Undertow - 2.1.3.Final
> 2020-10-24 15:08:29.681  INFO 27932 --- [           main] o.a.c.i.e.InternalRouteStartupManager    : Route: route1 started and consuming from: http://localhost:8082/hi
> 2020-10-24 15:08:29.687  INFO 27932 --- [           main] o.a.c.impl.engine.AbstractCamelContext   : Total 1 routes, of which 1 are started
> 2020-10-24 15:08:29.688  INFO 27932 --- [           main] o.a.c.impl.engine.AbstractCamelContext   : Apache Camel 3.5.0 (camel-1) started in 0.035 seconds
> 2020-10-24 15:08:29.696  INFO 27932 --- [           main] o.a.c.undertow.spring.boot.Application   : Started Application in 3.809 seconds (JVM running for 4.35)
> 2020-10-24 15:10:41.530  WARN 27932 --- [  XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer        : Illegal state caused by missing securitProvider but existing allowed roles!
> 2020-10-24 15:13:16.234  WARN 27932 --- [  XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer        : Illegal state caused by missing securitProvider but existing allowed roles!
> 2020-10-24 15:13:53.090  WARN 27932 --- [  XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer        : Illegal state caused by missing securitProvider but existing allowed roles!
> 2020-10-24 15:15:22.183  WARN 27932 --- [  XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer        : Illegal state caused by missing securitProvider but existing allowed roles!
> 2020-10-24 15:16:38.260  WARN 27932 --- [  XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer        : Illegal state caused by missing securitProvider but existing allowed roles!{code}
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)