You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Gareth Collins (JIRA)" <ji...@apache.org> on 2011/07/27 21:08:09 UTC
[jira] [Updated] (KARAF-785) Interaction Problem Between Karaf
Jetty Security and Spring Security - Jetty Exception
[ https://issues.apache.org/jira/browse/KARAF-785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gareth Collins updated KARAF-785:
---------------------------------
Attachment: SpringSecurityTest.war
Simple web application war deployed to Karaf
> Interaction Problem Between Karaf Jetty Security and Spring Security - Jetty Exception
> --------------------------------------------------------------------------------------
>
> Key: KARAF-785
> URL: https://issues.apache.org/jira/browse/KARAF-785
> Project: Karaf
> Issue Type: Bug
> Components: karaf-webcontainer
> Affects Versions: 2.2.2
> Environment: Mac Snow Leopard 10.6.8, java version 1.6.0.6. Features installed in Karaf: spring/spring-web(3.0.5.RELEASE), spring-dm/spring-dm-web(1.2.1), config/http/war/webconsole-base/webconsole/ssh/management (2.2.2), hazelcast/hazelcast-monitor (1.9.3), cellar/celar-webconsole (2.2.1), activemq/activemq-spring/activemq-web-console (5.5.0), jetty (7.4.2.v20110526), default karaf jetty configuration.
> Reporter: Gareth Collins
> Priority: Minor
> Attachments: SpringSecurityTest.war
>
>
> Hello,
> This issue has been initiated from a thread in the karaf user forum:
> http://karaf.922171.n3.nabble.com/Mixing-Jetty-Security-and-Spring-Security-In-Karaf-tc3202093.html
> I created a simple web application (which I hope I can attach) with two locations secured with spring security configured for basic authentication:
> http://localhost:8181/sst/index.html - static web page
> http://localhost:8181/sst/sst - executes a test servlet
> To reproduce the jetty exception, I:
> (1) First connect to http://localhost:8181/sst/index.html - a 401 response is returned and I enter username "rod", password "koala" ("rod" is a valid user in my sample app). The index.html page "Hello OSGi World" is displayed.
> (2) Now I repoint my browser at the servlet http://localhost:8181/sst/sst. I get through to my servlet page which displays "Hello OSGi World Servlet. User Principle = <User Principle>". Whilst the page is displayed correctly I also see the following exception from Jetty:
> 14:58:52,909 | WARN | 56-57 - /sst/sst | log | .eclipse.jetty.util.log.Slf4jLog 50 | 46 - org.eclipse.jetty.util - 7.4.2.v20110526 | EXCEPTION
> javax.security.auth.login.FailedLoginException: User rod does not exist
> at org.apache.karaf.jaas.modules.properties.PropertiesLoginModule.login(PropertiesLoginModule.java:98)
> at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)[karaf-jaas-boot.jar:]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.6.0_26]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)[:1.6.0_26]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)[:1.6.0_26]
> at java.lang.reflect.Method.invoke(Method.java:597)[:1.6.0_26]
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)[:1.6.0_26]
> at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)[:1.6.0_26]
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> at java.security.AccessController.doPrivileged(Native Method)[:1.6.0_26]
> at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)[:1.6.0_26]
> at javax.security.auth.login.LoginContext.login(LoginContext.java:579)[:1.6.0_26]
> at org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:203)[59:org.eclipse.jetty.plus:7.4.2.v20110526]
> at org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:77)[53:org.eclipse.jetty.security:7.4.2.v20110526]
> at org.eclipse.jetty.security.authentication.DeferredAuthentication.authenticate(DeferredAuthentication.java:100)[53:org.eclipse.jetty.security:7.4.2.v20110526]
> at org.eclipse.jetty.server.Request.getAuthType(Request.java:353)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at javax.servlet.http.HttpServletRequestWrapper.getAuthType(HttpServletRequestWrapper.java:59)[43:org.apache.geronimo.specs.geronimo-servlet_2.5_spec:1.1.2]
> at javax.servlet.http.HttpServletRequestWrapper.getAuthType(HttpServletRequestWrapper.java:59)[43:org.apache.geronimo.specs.geronimo-servlet_2.5_spec:1.1.2]
> at com.mytestcompany.sst.SSTServlet.service(SSTServlet.java:36)[752:com.mytestcompany.spring-security-test:1.0.0]
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)[43:org.apache.geronimo.specs.geronimo-servlet_2.5_spec:1.1.2]
> at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:538)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1352)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:368)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)[752:com.mytestcompany.spring-security-test:1.0.0]
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at org.ops4j.pax.web.service.internal.WelcomeFilesFilter.doFilter(WelcomeFilesFilter.java:169)[62:org.ops4j.pax.web.pax-web-runtime:1.0.4]
> at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:476)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:70)[63:org.ops4j.pax.web.pax-web-jetty:1.0.4]
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:480)[53:org.eclipse.jetty.security:7.4.2.v20110526]
> at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:116)[63:org.ops4j.pax.web.pax-web-jetty:1.0.4]
> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:72)[63:org.ops4j.pax.web.pax-web-jetty:1.0.4]
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at org.eclipse.jetty.server.Server.handle(Server.java:342)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1048)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:601)[48:org.eclipse.jetty.http:7.4.2.v20110526]
> at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)[48:org.eclipse.jetty.http:7.4.2.v20110526]
> at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)[47:org.eclipse.jetty.io:7.4.2.v20110526]
> at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)[47:org.eclipse.jetty.io:7.4.2.v20110526]
> at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)[46:org.eclipse.jetty.util:7.4.2.v20110526]
> at java.lang.Thread.run(Thread.java:680)[:1.6.0_26]
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira