[AAA-184] Exception is thrown when ODLJndiLdapRealm is used Created: 05/Feb/19  Updated: 05/Feb/19

Status: Open
Project: aaa
Component/s: General
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Low
Reporter: Richard Kosegi Assignee: Ryan Goulding
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

When trying to get authorization info using ODLJndiLdapRealm, following exception is thrown and logged at ERROR level:

 

2019-02-05 14:08:05,374 | ERROR | qtp673798733-110 | TokenAuthRealm                   | 199 - org.opendaylight.aaa.shiro - 0.8.1 | Couldn't decode authorization request
java.lang.ClassCastException: java.lang.String cannot be cast to org.opendaylight.aaa.api.shiro.principal.ODLPrincipal
    at org.opendaylight.aaa.shiro.realm.TokenAuthRealm.doGetAuthorizationInfo(TokenAuthRealm.java:100) [199:org.opendaylight.aaa.shiro:0.8.1]
    at org.apache.shiro.realm.AuthorizingRealm.getAuthorizationInfo(AuthorizingRealm.java:341) [138:org.apache.shiro.core:1.3.2]
    at org.apache.shiro.realm.AuthorizingRealm.hasRole(AuthorizingRealm.java:573) [138:org.apache.shiro.core:1.3.2]
    at org.apache.shiro.authz.ModularRealmAuthorizer.hasRole(ModularRealmAuthorizer.java:374) [138:org.apache.shiro.core:1.3.2]
    at org.apache.shiro.authz.ModularRealmAuthorizer.hasAllRoles(ModularRealmAuthorizer.java:407) [138:org.apache.shiro.core:1.3.2]
    at org.apache.shiro.mgt.AuthorizingSecurityManager.hasAllRoles(AuthorizingSecurityManager.java:161) [138:org.apache.shiro.core:1.3.2]
    at org.apache.shiro.subject.support.DelegatingSubject.hasAllRoles(DelegatingSubject.java:236) [138:org.apache.shiro.core:1.3.2]
    at org.apache.shiro.web.filter.authz.RolesAuthorizationFilter.isAccessAllowed(RolesAuthorizationFilter.java:52) [139:org.apache.shiro.web:1.3.2]
    at org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162) [139:org.apache.shiro.web:1.3.2]
    at org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:203) [139:org.apache.shiro.web:1.3.2]
    at org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:178) [139:org.apache.shiro.web:1.3.2]
    at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131) [139:org.apache.shiro.web:1.3.2]
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [139:org.apache.shiro.web:1.3.2]
    at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [139:org.apache.shiro.web:1.3.2]
    at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [139:org.apache.shiro.web:1.3.2]
    at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [139:org.apache.shiro.web:1.3.2]
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [139:org.apache.shiro.web:1.3.2]
    at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [139:org.apache.shiro.web:1.3.2]
    at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [139:org.apache.shiro.web:1.3.2]
    at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [139:org.apache.shiro.web:1.3.2]
    at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [138:org.apache.shiro.core:1.3.2]
    at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [138:org.apache.shiro.core:1.3.2]
    at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [138:org.apache.shiro.core:1.3.2]
    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [139:org.apache.shiro.web:1.3.2]
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [139:org.apache.shiro.web:1.3.2]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [159:org.eclipse.jetty.servlet:9.3.24.v20180605]
    at org.eclipse.jetty.servlets.GzipFilter.doFilter(GzipFilter.java:51) [160:org.eclipse.jetty.servlets:9.3.24.v20180605]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [159:org.eclipse.jetty.servlet:9.3.24.v20180605]
    at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:205) [169:org.eclipse.jetty.websocket.server:9.3.24.v20180605]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [159:org.eclipse.jetty.servlet:9.3.24.v20180605]
    at org.opendaylight.aaa.filterchain.filters.CustomFilterAdapter.doFilter(CustomFilterAdapter.java:86) [196:org.opendaylight.aaa.filterchain:0.8.1]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751) [159:org.eclipse.jetty.servlet:9.3.24.v20180605]
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) [159:org.eclipse.jetty.servlet:9.3.24.v20180605]
    at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:71) [449:org.ops4j.pax.web.pax-web-jetty:6.0.11]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [158:org.eclipse.jetty.server:9.3.24.v20180605]
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [156:org.eclipse.jetty.security:9.3.24.v20180605]
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [158:org.eclipse.jetty.server:9.3.24.v20180605]
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) [158:org.eclipse.jetty.server:9.3.24.v20180605]
    at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:296) [449:org.ops4j.pax.web.pax-web-jetty:6.0.11]
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) [159:org.eclipse.jetty.servlet:9.3.24.v20180605]
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [158:org.eclipse.jetty.server:9.3.24.v20180605]
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) [158:org.eclipse.jetty.server:9.3.24.v20180605]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [158:org.eclipse.jetty.server:9.3.24.v20180605]
    at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80) [449:org.ops4j.pax.web.pax-web-jetty:6.0.11]
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) [158:org.eclipse.jetty.server:9.3.24.v20180605]
    at org.eclipse.jetty.server.Server.handle(Server.java:539) [158:org.eclipse.jetty.server:9.3.24.v20180605]
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:333) [158:org.eclipse.jetty.server:9.3.24.v20180605]
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [158:org.eclipse.jetty.server:9.3.24.v20180605]
    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) [150:org.eclipse.jetty.io:9.3.24.v20180605]
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108) [150:org.eclipse.jetty.io:9.3.24.v20180605]
    at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) [150:org.eclipse.jetty.io:9.3.24.v20180605]
    at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) [161:org.eclipse.jetty.util:9.3.24.v20180605]
    at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) [161:org.eclipse.jetty.util:9.3.24.v20180605]
    at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) [161:org.eclipse.jetty.util:9.3.24.v20180605]
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) [161:org.eclipse.jetty.util:9.3.24.v20180605]
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)

 

 

I believe this is cosmetic problem only, as authorization process continues to query LDAP server for group membership.

Can we change log severity to WARN as exactly same is used when trying to authenticate LDAP user against idmlight?

2019-02-05 14:08:05,355 | WARN  | qtp673798733-110 | ModularRealmAuthenticator        | 138 - org.apache.shiro.core - 1.3.2 | Realm [org.opendaylight.aaa.shiro.realm.TokenAuthRealm@4cb2a5ed] threw an exception during a multi-realm authentication attempt:
org.opendaylight.aaa.api.AuthenticationException: User :user2 does not exist in domain sdn
Generated at Wed Feb 07 19:08:51 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.