[AAA-215] Shiro throws a warning about SecurityManager Created: 26/Jul/21  Updated: 31/Oct/22  Resolved: 16/Aug/22

Status: Resolved
Project: aaa
Component/s: General
Affects Version/s: 0.16.0
Fix Version/s: 0.16.1, 0.15.6, 0.14.14

Type: Bug Priority: Highest
Reporter: Robert Varga Assignee: Robert Varga
Resolution: Done Votes: 0
Labels: pt, regression
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File Steps to reproduce.TXT     Text File logs.log    
Issue Links:
Duplicate
is duplicated by AAA-229 ODLAuthenticator does not work Resolved
Relates
relates to AAA-210 Convert ODLAuthenticator into a compo... Resolved
relates to AAA-225 Reimplement web-osgi-impl with HTTP W... Resolved

 Description   

The following splat happens in

:

 

2021-07-26T03:51:44,953 | WARN  | qtp1591851327-398 | HttpChannel                      | 160 - org.eclipse.jetty.util - 9.4.40.v20210413 | /jolokia/read/org.opendaylight.controller:Category=ShardManager,name=shard-manager-config,type=DistributedConfigDatastore
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
        at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123) ~[?:?]
        at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:626) ~[?:?]
        at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56) ~[?:?]
        at org.opendaylight.aaa.authenticator.ODLAuthenticator.login(ODLAuthenticator.java:87) ~[?:?]
        at org.opendaylight.aaa.authenticator.ODLAuthenticator.authenticate(ODLAuthenticator.java:59) ~[?:?]
        at org.jolokia.osgi.security.ServiceAuthenticationHttpContext.handleSecurity(ServiceAuthenticationHttpContext.java:72) ~[?:?]
        at org.ops4j.pax.web.service.internal.WebContainerContextWrapper.handleSecurity(WebContainerContextWrapper.java:46) ~[?:?]
        at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:69) ~[?:?]
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602) ~[?:?]
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435) ~[bundleFile:9.4.40.v20210413]
        at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:294) ~[?:?]
        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) ~[?:?]
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350) ~[bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[bundleFile:9.4.40.v20210413]
        at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:82) ~[?:?]
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) ~[bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) ~[bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) [bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277) [bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) [bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) [bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:882) [bundleFile:9.4.40.v20210413]
        at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1036) [bundleFile:9.4.40.v20210413]
        at java.lang.Thread.run(Thread.java:829) [?:?]

 

 

 Comments   
Comment by Robert Varga [ 06/Jul/22 ]

I failed to link the CSIT run, hence we need to try to re-create the issue.

Comment by Oleksandr Zharov [ 14/Jul/22 ]

Added steps to reproduce. I tried debug it but on step when we getting SecurityManager from resources by key it just return null and I don't know where to go after.

Comment by Ivan Hrasko [ 14/Jul/22 ]

ojo can you attach logs too? To verify that you hit the same issue.

Comment by Oleksandr Zharov [ 14/Jul/22 ]

Done

 

Comment by Robert Varga [ 16/Aug/22 ]

Duplicated by AAA-229, where this should be fixed.

Comment by Robert Varga [ 16/Aug/22 ]

This might be happening due to initialization delays, where static environment is just not ready when Jolokia is queried.
Might be caused by AAA-210 in previous releases.

Comment by Robert Varga [ 16/Aug/22 ]

The interesting bit here is that we are invoking Jolokia authenticator for RESTCONF resources – I wonder why that is.

Generated at Wed Feb 07 19:08:56 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.