You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@aurora.apache.org by "Ville Aine (JIRA)" <ji...@apache.org> on 2017/06/01 13:10:04 UTC
[jira] [Created] (AURORA-1930) Beta API does not work with
authentication
Ville Aine created AURORA-1930:
----------------------------------
Summary: Beta API does not work with authentication
Key: AURORA-1930
URL: https://issues.apache.org/jira/browse/AURORA-1930
Project: Aurora
Issue Type: Bug
Components: Scheduler
Affects Versions: 0.17.0
Environment: OpenJDK 1.8.0_121 on 64-bit Linux
Reporter: Ville Aine
Priority: Minor
Issuing any Beta API request that requires authentication results in HTTP 500 response. The logs show that this is caused by a Shiro {{UnavailableSecurityManagerException}}, which is thrown when {{ShiroAuthenticatingThriftInterceptor}} tries to acquire the current Shiro {{Subject}} (see attachments for full stack trace).
The reason for this seems to be twofold:
- The Jersey {{GuiceContainer}} serving the API is installed as a filter, and during request processing that filter is activated before any of the Shiro filters are. Therefore Shiro has not yet been initialized when {{ShiroAuthenticatingThriftInterceptor}} is run.
- There is no {{ShiroWebModule.guiceFilterModule}} installed for {{/apibeta/*}}, so the authentication filters would not be executed even if the filters were installed in a proper order.
The attached patch for Aurora 0.17.0 seems to fix the filter ordering issue by installing the {{GuiceContainer}} as a servlet. It also makes sure that {{UnauthenicatedExceptions}} thrown from auth interceptors are propagated properly.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)