qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Rudyy (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-7751) [Java Broker] Login attempt using SimpleLDAP might result in 500
Date Mon, 15 May 2017 11:50:04 GMT

    [ https://issues.apache.org/jira/browse/QPID-7751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16010377#comment-16010377
] 

Alex Rudyy commented on QPID-7751:
----------------------------------

The reported issue is not ldap  authentication provider specific. It can occur for any authentication
provider when multiple authentication requests are submitted in parallel on the same session
(for example, by clicking on login button multiple times). As result, when session is invalidated
for the one of the requests, the other request can fail  on attempt to get attribute value
with {{java.lang.IllegalStateException}}. As per servlet documentation,  {{java.lang.IllegalStateException}}
is thrown when method {{getAttribute}} is called on an invalidated session. 

> [Java Broker] Login attempt using SimpleLDAP might result in 500
> ----------------------------------------------------------------
>
>                 Key: QPID-7751
>                 URL: https://issues.apache.org/jira/browse/QPID-7751
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: qpid-java-broker-7.0.0
>            Reporter: Lorenz Quack
>             Fix For: qpid-java-broker-7.0.0
>
>
> Configure SimpleLDAP on a port and attempt an invalid login in the web management console
results in a 500 (in HTML) being returned to the browser.
> The broker log contains the following stacktrace:
> {noformat}
> 2017-04-21 09:18:07,269 INFO  [HttpManagement-ldap-269] (q.m.a.authentication_failed)
- [mng:mp1XixiX(N/A@/0:0:0:0:0:0:0:1:52604)] ATH-1010 : Authentication Failed : "invalid_user"
> 2017-04-21 09:18:07,270 ERROR [HttpManagement-ldap-269] (o.a.q.s.m.p.f.ExceptionHandlingFilter)
- Unexpected exception in servlet '/service/sasl': 
> java.lang.IllegalStateException: null
> 	at org.eclipse.jetty.server.session.AbstractSession.checkValid(AbstractSession.java:109)
> 	at org.eclipse.jetty.server.session.HashedSession.checkValid(HashedSession.java:73)
> 	at org.eclipse.jetty.server.session.AbstractSession.getAttribute(AbstractSession.java:132)
> 	at org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet.cleanup(SaslServlet.java:205)
> 	at org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet.evaluateSaslResponse(SaslServlet.java:288)
> 	at org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet.doPost(SaslServlet.java:158)
> 	at org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.doPost(AbstractServlet.java:141)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
> 	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
> 	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496)
> 	at org.apache.qpid.server.management.plugin.filter.AuthenticationCheckFilter$1.run(AuthenticationCheckFilter.java:157)
> 	at org.apache.qpid.server.management.plugin.filter.AuthenticationCheckFilter$1.run(AuthenticationCheckFilter.java:153)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.security.auth.Subject.doAs(Subject.java:422)
> 	at org.apache.qpid.server.management.plugin.filter.AuthenticationCheckFilter.doFilterChainAs(AuthenticationCheckFilter.java:152)
> 	at org.apache.qpid.server.management.plugin.filter.AuthenticationCheckFilter.doFilter(AuthenticationCheckFilter.java:122)
> 	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
> 	at org.apache.qpid.server.management.plugin.filter.LoggingFilter.doFilter(LoggingFilter.java:63)
> 	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
> 	at org.apache.qpid.server.management.plugin.filter.ForbiddingTraceFilter.doFilter(ForbiddingTraceFilter.java:65)
> 	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
> 	at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:247)
> 	at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:210)
> 	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
> 	at org.apache.qpid.server.management.plugin.filter.ExceptionHandlingFilter.doFilter(ExceptionHandlingFilter.java:59)
> 	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
> 	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)
> 	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229)
> 	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
> 	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429)
> 	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
> 	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
> 	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
> 	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
> 	at org.eclipse.jetty.server.Server.handle(Server.java:370)
> 	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
> 	at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
> 	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
> 	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
> 	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
> 	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
> 	at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196)
> 	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
> 	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
> 	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
> 	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
> 	at java.lang.Thread.run(Thread.java:745)
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message