Uploaded image for project: 'aaa'
  1. aaa
  2. AAA-184

Exception is thrown when ODLJndiLdapRealm is used

    XMLWordPrintable

Details

    • Improvement
    • Status: Open
    • Low
    • Resolution: Unresolved
    • None
    • None
    • General
    • None

    Description

      When trying to get authorization info using ODLJndiLdapRealm, following exception is thrown and logged at ERROR level:

       

      2019-02-05 14:08:05,374 | ERROR | qtp673798733-110 | TokenAuthRealm                   | 199 - org.opendaylight.aaa.shiro - 0.8.1 | Couldn't decode authorization request
      java.lang.ClassCastException: java.lang.String cannot be cast to org.opendaylight.aaa.api.shiro.principal.ODLPrincipal
          at org.opendaylight.aaa.shiro.realm.TokenAuthRealm.doGetAuthorizationInfo(TokenAuthRealm.java:100) [199:org.opendaylight.aaa.shiro:0.8.1]
          at org.apache.shiro.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:341) [138:org.apache.shiro.core:1.3.2]
          at org.apache.shiro.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:573) [138:org.apache.shiro.core:1.3.2]
          at org.apache.shiro.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:374) [138:org.apache.shiro.core:1.3.2]
          at org.apache.shiro.authz.ModularRealmAuthorizer.hasAllRoles(ModularRealmAuthorizer.java:407) [138:org.apache.shiro.core:1.3.2]
          at org.apache.shiro.mgt.AuthorizingSecurityManager.hasAllRoles(AuthorizingSecurityManager.java:161) [138:org.apache.shiro.core:1.3.2]
          at org.apache.shiro.subject.support.DelegatingSubject.hasAllRoles(DelegatingSubject.java:236) [138:org.apache.shiro.core:1.3.2]
          at org.apache.shiro.web.filter.authz.RolesAuthorizationFilter.isAccessAllowed(RolesAuthorizationFilter.java:52) [139:org.apache.shiro.web:1.3.2]
          at org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162) [139:org.apache.shiro.web:1.3.2]
          at org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:203) [139:org.apache.shiro.web:1.3.2]
          at org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:178) [139:org.apache.shiro.web:1.3.2]
          at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131) [139:org.apache.shiro.web:1.3.2]
          at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [139:org.apache.shiro.web:1.3.2]
          at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [139:org.apache.shiro.web:1.3.2]
          at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [139:org.apache.shiro.web:1.3.2]
          at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [139:org.apache.shiro.web:1.3.2]
          at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [139:org.apache.shiro.web:1.3.2]
          at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [139:org.apache.shiro.web:1.3.2]
          at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [139:org.apache.shiro.web:1.3.2]
          at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [139:org.apache.shiro.web:1.3.2]
          at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [138:org.apache.shiro.core:1.3.2]
          at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [138:org.apache.shiro.core:1.3.2]
          at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [138:org.apache.shiro.core:1.3.2]
          at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [139:org.apache.shiro.web:1.3.2]
          at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [139:org.apache.shiro.web:1.3.2]
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [159:org.eclipse.jetty.servlet:9.3.24.v20180605]
          at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:51) [160:org.eclipse.jetty.servlets:9.3.24.v20180605]
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [159:org.eclipse.jetty.servlet:9.3.24.v20180605]
          at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:205) [169:org.eclipse.jetty.websocket.server:9.3.24.v20180605]
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [159:org.eclipse.jetty.servlet:9.3.24.v20180605]
          at org.opendaylight.aaa.filterchain.filters.CustomFilterAdapter.doFilter(CustomFilterAdapter.java:86) [196:org.opendaylight.aaa.filterchain:0.8.1]
          at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751) [159:org.eclipse.jetty.servlet:9.3.24.v20180605]
          at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) [159:org.eclipse.jetty.servlet:9.3.24.v20180605]
          at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:71) [449:org.ops4j.pax.web.pax-web-jetty:6.0.11]
          at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [158:org.eclipse.jetty.server:9.3.24.v20180605]
          at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [156:org.eclipse.jetty.security:9.3.24.v20180605]
          at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [158:org.eclipse.jetty.server:9.3.24.v20180605]
          at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) [158:org.eclipse.jetty.server:9.3.24.v20180605]
          at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:296) [449:org.ops4j.pax.web.pax-web-jetty:6.0.11]
          at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) [159:org.eclipse.jetty.servlet:9.3.24.v20180605]
          at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [158:org.eclipse.jetty.server:9.3.24.v20180605]
          at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) [158:org.eclipse.jetty.server:9.3.24.v20180605]
          at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [158:org.eclipse.jetty.server:9.3.24.v20180605]
          at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80) [449:org.ops4j.pax.web.pax-web-jetty:6.0.11]
          at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) [158:org.eclipse.jetty.server:9.3.24.v20180605]
          at org.eclipse.jetty.server.Server.handle(Server.java:539) [158:org.eclipse.jetty.server:9.3.24.v20180605]
          at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:333) [158:org.eclipse.jetty.server:9.3.24.v20180605]
          at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [158:org.eclipse.jetty.server:9.3.24.v20180605]
          at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) [150:org.eclipse.jetty.io:9.3.24.v20180605]
          at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108) [150:org.eclipse.jetty.io:9.3.24.v20180605]
          at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) [150:org.eclipse.jetty.io:9.3.24.v20180605]
          at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) [161:org.eclipse.jetty.util:9.3.24.v20180605]
          at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) [161:org.eclipse.jetty.util:9.3.24.v20180605]
          at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) [161:org.eclipse.jetty.util:9.3.24.v20180605]
          at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) [161:org.eclipse.jetty.util:9.3.24.v20180605]
          at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)

       

       

      I believe this is cosmetic problem only, as authorization process continues to query LDAP server for group membership.

      Can we change log severity to WARN as exactly same is used when trying to authenticate LDAP user against idmlight?

      2019-02-05 14:08:05,355 | WARN  | qtp673798733-110 | ModularRealmAuthenticator        | 138 - org.apache.shiro.core - 1.3.2 | Realm [org.opendaylight.aaa.shiro.realm.TokenAuthRealm@4cb2a5ed] threw an exception during a multi-realm authentication attempt:
      org.opendaylight.aaa.api.AuthenticationException: User :user2 does not exist in domain sdn

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            rgoulding Ryan Goulding
            rkosegi Richard Kosegi
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: