[AAA-101] token authentication fails intermittently Created: 04/May/16  Updated: 21/Mar/19

Status: Confirmed
Project: aaa
Component/s: General
Affects Version/s: None
Fix Version/s: None

Type: Bug
Reporter: Jamo Luhrsen Assignee: zhengj ingwen
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: All
Platform: All

External issue ID: 5838

 Description   

aaa authn csit jobs see sporadic failures in test cases using token
authentication. The recently (within 1s) retrieved token does not
authenticate and the test REST call returns 401 and the test case
fails.

one job here:
https://jenkins.opendaylight.org/releng/view/aaa/job/aaa-csit-1node-authn-only-boron/

running the same suites locally produces the same failures. While
reproducing, I used TRACE logging on org.opendaylight.aaa and saw
these messages just after the failed token authentication happened:

2016-05-04 00:00:21,915 | DEBUG | tp555984556-1669 | TokenAuthRealm | 212 - org.opendaylight.aaa.shiro - 0.3.2.Beryllium-SR2 | Authentication attempt using org.opendaylight.aaa.basic.HttpBasicAuth
2016-05-04 00:00:21,915 | DEBUG | tp555984556-1669 | IdmLightProxy | 223 - org.opendaylight.aaa.idmlight - 0.3.2.Beryllium-SR2 | get domain
2016-05-04 00:00:21,923 | DEBUG | tp555984556-1669 | AbstractStore | 222 - org.opendaylight.aaa.h2-store - 0.3.2.Beryllium-SR2 | Table DOMAINS already exists
2016-05-04 00:00:21,923 | DEBUG | tp555984556-1669 | DomainStore | 222 - org.opendaylight.aaa.h2-store - 0.3.2.Beryllium-SR2 | query string: prep257: SELECT * FROM DOMAINS WHERE domainid = ?

{1: 'sdn'}

2016-05-04 00:00:21,926 | DEBUG | tp555984556-1669 | IdmLightProxy | 223 - org.opendaylight.aaa.idmlight - 0.3.2.Beryllium-SR2 | check user / pwd
2016-05-04 00:00:21,926 | DEBUG | tp555984556-1669 | UserStore | 222 - org.opendaylight.aaa.h2-store - 0.3.2.Beryllium-SR2 | getUsers for: � in domain sdn
2016-05-04 00:00:21,942 | DEBUG | tp555984556-1669 | AbstractStore | 222 - org.opendaylight.aaa.h2-store - 0.3.2.Beryllium-SR2 | Table USERS already exists
2016-05-04 00:00:21,943 | DEBUG | tp555984556-1669 | UserStore | 222 - org.opendaylight.aaa.h2-store - 0.3.2.Beryllium-SR2 | query string: prep259: SELECT * FROM USERS WHERE userid = ?

{1: STRINGDECODE('\u 00ef\u00bf\u00bd@sdn')}

2016-05-04 00:00:21,945 | DEBUG | tp555984556-1669 | AuthenticationListener | 212 - org.opendaylight.aaa.shiro - 0.3.2.Beryllium-SR2 | Unsuccessful authentication attempt by � from <snip>

I checked against Beryllium SR1, Lithium SR2 and the current Beryllium SR2 candidate. I ran
the robot suite 40 times each and the results:

BeSR2 - 8 failures
BeSR1 - 11 failures
LiSR2 - 0 failures

email thread discussing this issue is here:

https://lists.opendaylight.org/pipermail/integration-dev/2016-May/006612.html

 Comments   
Comment by Ryan Goulding [ 17/May/16 ]

This does happen in Li-SR4 too; it took a little longer to present but it does happen. This isn't a regression, and I feel there may be a race condition in the ehcache implementation. Will look further later.

Generated at Wed Feb 07 19:08:38 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.