You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@aurora.apache.org by "Ville Aine (JIRA)" <ji...@apache.org> on 2017/06/01 13:10:04 UTC

[jira] [Created] (AURORA-1930) Beta API does not work with authentication

Ville Aine created AURORA-1930:
----------------------------------

             Summary: Beta API does not work with authentication
                 Key: AURORA-1930
                 URL: https://issues.apache.org/jira/browse/AURORA-1930
             Project: Aurora
          Issue Type: Bug
          Components: Scheduler
    Affects Versions: 0.17.0
         Environment: OpenJDK 1.8.0_121 on 64-bit Linux
            Reporter: Ville Aine
            Priority: Minor


Issuing any Beta API request that requires authentication results in HTTP 500 response. The logs show that this is caused by a Shiro {{UnavailableSecurityManagerException}}, which is thrown when {{ShiroAuthenticatingThriftInterceptor}} tries to acquire the current Shiro {{Subject}} (see attachments for full stack trace).

The reason for this seems to be twofold:

- The Jersey {{GuiceContainer}} serving the API is installed as a filter, and during  request processing that filter is activated before any of the Shiro filters  are. Therefore Shiro has not yet been initialized when {{ShiroAuthenticatingThriftInterceptor}} is run.
  
- There is no {{ShiroWebModule.guiceFilterModule}} installed for {{/apibeta/*}}, so  the authentication filters would not be executed even if the filters were installed in a proper order.

The attached patch for Aurora 0.17.0 seems to fix the filter ordering issue by installing the {{GuiceContainer}} as a servlet. It also makes sure that {{UnauthenicatedExceptions}} thrown from auth interceptors are propagated properly.




--
This message was sent by Atlassian JIRA
(v6.3.15#6346)