You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Claus Ibsen (Jira)" <ji...@apache.org> on 2021/03/25 14:37:00 UTC
[jira] [Commented] (CAMEL-15750)
camel-undertow-spring-security-starter always forbidden
[ https://issues.apache.org/jira/browse/CAMEL-15750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17308720#comment-17308720 ]
Claus Ibsen commented on CAMEL-15750:
-------------------------------------
You are welcome to create a PR with such a change in the order
> camel-undertow-spring-security-starter always forbidden
> -------------------------------------------------------
>
> Key: CAMEL-15750
> URL: https://issues.apache.org/jira/browse/CAMEL-15750
> Project: Camel
> Issue Type: Bug
> Components: camel-spring-security, camel-undertow
> Affects Versions: 3.5.0
> Environment: Windows 10, Java 8
> Reporter: Dietrich Schulten
> Assignee: Jiri Ondrusek
> Priority: Major
> Fix For: 3.7.0
>
>
> Example: [https://github.com/apache/camel-spring-boot-examples/tree/master/camel-example-spring-boot-undertow-spring-security]
> Make sure port 8081 is not in use.
> All requests to [http://localhost:8082/hi] get a 403 response, no matter if I send an oauth Token or not. The oauth token itself seems correct, I have decoded it on jwt.io and it shows that the role is present:
> {code:java}
> {
> "exp": 1603546060,
> "iat": 1603546000,
> "jti": "3392de8c-8309-4187-8b9a-9f8edaefe226",
> "iss": "http://localhost:8080/auth/realms/master",
> "aud": "account",
> "sub": "4612ff79-81a8-4209-a7f7-fd4b963c574e",
> "typ": "Bearer",
> "azp": "example-service",
> "session_state": "693f9c78-2e54-447e-9749-ce6a1288877d",
> "acr": "1",
> "allowed-origins": [
> "http://localhost:8082"
> ],
> "realm_access": {
> "roles": [
> "role01",
> "offline_access",
> "uma_authorization"
> ]
> },
> "resource_access": {
> "account": {
> "roles": [
> "manage-account",
> "manage-account-links",
> "view-profile"
> ]
> }
> },
> "scope": "email profile",
> "email_verified": false,
> "preferred_username": "user01"
> }{code}
>
> The reason seems to be that the camel-undertow-spring-security-starter tries to start two Undertow servlets: the Spring Undertow servlet runs on port 8081, and the Camel Undertow servlet on port 8082. Only the Spring servlet has token security, but not the Camel Undertow Servlet.
> In the log below you see that the org.springframework.boot.web.embedded.undertow.UndertowWebServer starts on port 8081, and it receives the filter chain with the BearerTokenAuthenticationFilter.
> Then the org.apache.camel.component.undertow.DefaultUndertowHost comes up on port 8082. The log message {{Illegal state caused by missing securitProvider but existing allowed roles!}} which is written for every request to _/hi_ also seems to show that no securityProvider is configured on the DefaultUndertowHost which runs on port 8082.
> {code:java}
> . ____ _ __ _ _
> /\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
> ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
> \\/ ___)| |_)| | | | | || (_| | ) ) ) )
> ' |____| .__|_| |_|_| |_\__, | / / / /
> =========|_|==============|___/=/_/_/_/
> :: Spring Boot :: (v2.3.3.RELEASE)2020-10-24 15:08:26.339 INFO 27932 --- [ main] o.a.c.undertow.spring.boot.Application : Starting Application on DZS20N436 with PID 27932 (C:\Users\Schulten\Documents\projekte\camel-spring-boot-examples-3.5.0\camel-example-spring-boot-undertow-spring-security\target\classes started by Schulten in C:\Users\Schulten\Documents\projekte\camel-spring-boot-examples-3.5.0\camel-example-spring-boot-undertow-spring-security)
> 2020-10-24 15:08:26.343 INFO 27932 --- [ main] o.a.c.undertow.spring.boot.Application : No active profile set, falling back to default profiles: default
> 2020-10-24 15:08:28.378 INFO 27932 --- [ main] io.undertow.servlet : Initializing Spring embedded WebApplicationContext
> 2020-10-24 15:08:28.381 INFO 27932 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1954 ms
> 2020-10-24 15:08:28.770 INFO 27932 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5395ea39, org.springframework.security.web.context.SecurityContextPersistenceFilter@5c41d037, org.springframework.security.web.header.HeaderWriterFilter@6d64b553, org.springframework.security.web.csrf.CsrfFilter@12477988, org.springframework.security.web.authentication.logout.LogoutFilter@29a23c3d, org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter@43b0ade, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@5ec77191, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@796d3c9f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@1517f633, org.springframework.security.web.session.SessionManagementFilter@757529a4, org.springframework.security.web.access.ExceptionTranslationFilter@203dd56b, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@522b2631]
> 2020-10-24 15:08:28.876 INFO 27932 --- [ main] o.apache.camel.support.LRUCacheFactory : Detected and using LRUCacheFactory: camel-caffeine-lrucache
> 2020-10-24 15:08:29.309 INFO 27932 --- [ main] io.undertow : starting server: Undertow - 2.1.3.Final
> 2020-10-24 15:08:29.316 INFO 27932 --- [ main] org.xnio : XNIO version 3.8.0.Final
> 2020-10-24 15:08:29.324 INFO 27932 --- [ main] org.xnio.nio : XNIO NIO Implementation Version 3.8.0.Final
> 2020-10-24 15:08:29.419 INFO 27932 --- [ main] org.jboss.threads : JBoss Threads version 3.1.0.Final
> 2020-10-24 15:08:29.472 INFO 27932 --- [ main] o.s.b.w.e.undertow.UndertowWebServer : Undertow started on port(s) 8081 (http)
> 2020-10-24 15:08:29.490 INFO 27932 --- [ main] o.a.c.s.boot.SpringBootRoutesCollector : Loading additional Camel XML routes from: classpath:camel/*.xml
> 2020-10-24 15:08:29.495 INFO 27932 --- [ main] o.a.c.s.boot.SpringBootRoutesCollector : Loading additional Camel XML route templates from: classpath:camel-template/*.xml
> 2020-10-24 15:08:29.497 INFO 27932 --- [ main] o.a.c.s.boot.SpringBootRoutesCollector : Loading additional Camel XML rests from: classpath:camel-rest/*.xml
> 2020-10-24 15:08:29.652 INFO 27932 --- [ main] o.a.c.impl.engine.AbstractCamelContext : Apache Camel 3.5.0 (camel-1) is starting
> 2020-10-24 15:08:29.655 INFO 27932 --- [ main] o.a.c.impl.engine.AbstractCamelContext : StreamCaching is not in use. If using streams then its recommended to enable stream caching. See more details at http://camel.apache.org/stream-caching.html
> 2020-10-24 15:08:29.656 INFO 27932 --- [ main] o.a.c.impl.engine.AbstractCamelContext : Using HealthCheck: camel-health
> 2020-10-24 15:08:29.669 INFO 27932 --- [ main] o.a.c.c.undertow.DefaultUndertowHost : Starting Undertow server on http://localhost:8082
> 2020-10-24 15:08:29.669 INFO 27932 --- [ main] io.undertow : starting server: Undertow - 2.1.3.Final
> 2020-10-24 15:08:29.681 INFO 27932 --- [ main] o.a.c.i.e.InternalRouteStartupManager : Route: route1 started and consuming from: http://localhost:8082/hi
> 2020-10-24 15:08:29.687 INFO 27932 --- [ main] o.a.c.impl.engine.AbstractCamelContext : Total 1 routes, of which 1 are started
> 2020-10-24 15:08:29.688 INFO 27932 --- [ main] o.a.c.impl.engine.AbstractCamelContext : Apache Camel 3.5.0 (camel-1) started in 0.035 seconds
> 2020-10-24 15:08:29.696 INFO 27932 --- [ main] o.a.c.undertow.spring.boot.Application : Started Application in 3.809 seconds (JVM running for 4.35)
> 2020-10-24 15:10:41.530 WARN 27932 --- [ XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer : Illegal state caused by missing securitProvider but existing allowed roles!
> 2020-10-24 15:13:16.234 WARN 27932 --- [ XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer : Illegal state caused by missing securitProvider but existing allowed roles!
> 2020-10-24 15:13:53.090 WARN 27932 --- [ XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer : Illegal state caused by missing securitProvider but existing allowed roles!
> 2020-10-24 15:15:22.183 WARN 27932 --- [ XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer : Illegal state caused by missing securitProvider but existing allowed roles!
> 2020-10-24 15:16:38.260 WARN 27932 --- [ XNIO-2 task-1] o.a.c.c.undertow.UndertowConsumer : Illegal state caused by missing securitProvider but existing allowed roles!{code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)