You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kylin.apache.org by "Billy Liu (JIRA)" <ji...@apache.org> on 2017/08/13 12:56:00 UTC

[jira] [Updated] (KYLIN-2589) Enhance thread-safe in Authentication

     [ https://issues.apache.org/jira/browse/KYLIN-2589?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Billy Liu updated KYLIN-2589:
-----------------------------
    Summary: Enhance thread-safe in Authentication  (was: Errors in WebUI Authentication)

> Enhance thread-safe in Authentication
> -------------------------------------
>
>                 Key: KYLIN-2589
>                 URL: https://issues.apache.org/jira/browse/KYLIN-2589
>             Project: Kylin
>          Issue Type: Bug
>          Components: General
>    Affects Versions: v2.0.0
>         Environment: EMR
>            Reporter: Young Wu
>            Assignee: Shaofeng SHI
>             Fix For: v2.1.0
>
>         Attachments: 2921494001551_.pic_hd.jpg, KYLIN-2589-MessageDigest-is-not-thread-safe.patch, Screenshot 2017-05-06 12.29.34.png
>
>
> There seems bugs exist in the webserver's authentication part in kylin. After kylin run several hours, user will failed login with username/password. The error reported in the log is "Encoded password cannot be null or empty". Details:
> {code}
> May 02, 2017 2:15:59 PM org.apache.catalina.core.StandardWrapperValve invoke
> SEVERE: Servlet.service() for servlet [kylin] in context with path [/kylin] threw exception
> java.lang.IllegalArgumentException: Encoded password cannot be null or empty
>         at org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.matches(BCryptPasswordEncoder.java:77)
>         at org.springframework.security.authentication.dao.DaoAuthenticationProvider$1.isPasswordValid(DaoAuthenticationProvider.java:124)
>         at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:64)
>         at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:149)
>         at org.apache.kylin.rest.security.KylinAuthenticationProvider.authenticate(KylinAuthenticationProvider.java:85)
>         at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
>         at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
>         at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>         at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>         at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>         at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>         at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>         at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
>         at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
>         at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
>         at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>         at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209)
>         at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
>         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
>         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>         at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
>         at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
>        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
>         at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>         at java.lang.Thread.run(Thread.java:745)
> {code}
> The only solution is restart kylin timely. Restart can suppress this issue several hours and then suddenly error comes back again. ISSUE detail is also here: http://apache-kylin.74782.x6.nabble.com/Re-Encoded-password-cannot-be-null-or-empty-when-login-into-kylin-s-web-UI-td7879.html#a7887
> It is not due to upgrade from 2.0.0-BETA to 2.0.0 since I've already cleaned up all the info in hbase and spun up a brand new kylin-2.0.0, but the issue is still there.
> (Edited: This issue is solved by updating kylin 2.0.0 with commit hash 375fd807c281d8c5deff0620747c806be2019782)
> Another bug looks like also relates to authentication. It happens on kylin query server when kylin is on a heavy load of query requests. With our 60QPS, this issue has an appearance of 8 per hour. Details:
> {code}
> May 05, 2017 7:12:01 AM org.apache.catalina.core.StandardWrapperValve invoke
> SEVERE: Servlet.service() for servlet [kylin] in context with path [/kylin] threw exception
> java.lang.ArrayIndexOutOfBoundsException
>         at sun.security.provider.DigestBase.engineUpdate(DigestBase.java:114)
>         at sun.security.provider.MD5.implDigest(MD5.java:101)
>         at sun.security.provider.DigestBase.engineDigest(DigestBase.java:181)
>         at sun.security.provider.DigestBase.engineDigest(DigestBase.java:160)
>         at java.security.MessageDigest$Delegate.engineDigest(MessageDigest.java:592)
>         at java.security.MessageDigest.digest(MessageDigest.java:365)
>         at java.security.MessageDigest.digest(MessageDigest.java:411)
>         at org.apache.kylin.rest.security.KylinAuthenticationProvider.authenticate(KylinAuthenticationProvider.java:76)
>         at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
>         at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
>         at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>         at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>         at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>         at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>         at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
>         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>         at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
>         at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
>         at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
>         at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>         at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209)
>         at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
>         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
>         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>         at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
>        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
>         at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
>         at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
>         at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>         at java.lang.Thread.run(Thread.java:745)
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)