[ https://issues.apache.org/jira/browse/KNOX-2400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17183421#comment-17183421 ]
rohannimmagadda edited comment on KNOX-2400 at 8/28/20, 6:07 PM: ----------------------------------------------------------------- [~lmccay] We faced similar issue with Knox 1.4 + JDK 1.8 while creating the file in HDFS with Knox+webHDFS curl , However here is the few steps we have taken to fix this issue # Step1 : We've started the Knox Service alone with Open JDK 11 by exporting JAVA command in gateway.sh (ex: export JAVA=/usr/java/openjdk-11/bin/java) # Step2: If you’r using http auth to non Kerberos which means (hadoop.http.authentication.type: simple, hadoop.http.authentication.simple.anonymous.allowed: true) the above export JAVA command would work # Otherwise , If your are using OpenJDK 11 and have http authentication enabled to Kerberos, you may experience authentication errors (i.e HTTP ERROR 401 ** Authentication require like in YARN and WebHDFS gateway URLs *)* when running Knox Services . To work around this problem: We tried setting this sun.security.krb5.disableReferrals=true` value in java.security file but it didn’t worked out in our case # Here is the fix : By removing `renew_lifetime` property from /etc/krb5.conf resolved our issue # we can also run below command to keep renew_lifetime (renew_lifetime = 1d 0h 0m 1s) in krb5.conf modprinc -maxlife 1days -maxrenewlife 7days +allow_renewable knox/Knox_node@Realm was (Author: rohannimmagadda): [~lmccay] We faced similar issue with Knox 1.4 + JDK 1.8 while creating the file in HDFS with Knox+webHDFS curl , However here is the few steps we have taken to fix this issue # Step1 : We've started the Knox Service alone with Open JDK 11 by exporting JAVA command in gateway.sh (ex: export JAVA=/usr/java/openjdk-11/bin/java) # Step2: If you’r using http auth to non Kerberos which means (hadoop.http.authentication.type: simple, hadoop.http.authentication.simple.anonymous.allowed: true) the above export JAVA command would work # Otherwise , If your are using OpenJDK 11 and have http authentication enabled to Kerberos, you may experience authentication errors (i.e HTTP ERROR 401 ** Authentication require like in YARN and WebHDFS gateway URLs *)* when running Knox Services . To work around this problem: We tried setting this sun.security.krb5.disableReferrals=true` value in java.security file but it didn’t worked out in our case # Here is the fix : By removing `renew_lifetime` property from /etc/krb5.conf resolved our issue # we can also run below command to keep renew_lifetime in krb5.conf modprinc -maxlife 1days -maxrenewlife 7days +allow_renewable knox/Knox_node@Realm > Can't login with SSO+CAS > ------------------------ > > Key: KNOX-2400 > URL: https://issues.apache.org/jira/browse/KNOX-2400 > Project: Apache Knox > Issue Type: Bug > Components: KnoxSSO > Affects Versions: 1.4.0 > Environment: java8 > Reporter: cdmikechen > Priority: Major > > If we use CAS to login by KNOX-SSO, the request will fail with an error: > {code} > 2020-07-07 18:20:14,783 ERROR knox.gateway > (AbstractGatewayFilter.java:doFilter(63)) - Failed to execute filter: > java.lang.NoSuchMethodError: java.nio.ByteBuffer.flip()Ljava/nio/ByteBuffer; > java.lang.NoSuchMethodError: java.nio.ByteBuffer.flip()Ljava/nio/ByteBuffer; > at > org.apache.knox.gateway.services.security.EncryptionResult.toByteAray(EncryptionResult.java:45) > at > org.apache.knox.gateway.pac4j.session.KnoxSessionStore.compressEncryptBase64(KnoxSessionStore.java:132) > at > org.apache.knox.gateway.pac4j.session.KnoxSessionStore.set(KnoxSessionStore.java:150) > at > org.pac4j.core.engine.DefaultSecurityLogic.saveRequestedUrl(DefaultSecurityLogic.java:204) > at > org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:148) > at > org.pac4j.j2e.filter.SecurityFilter.internalFilter(SecurityFilter.java:92) > at > org.pac4j.j2e.filter.AbstractConfigFilter.doFilter(AbstractConfigFilter.java:84) > at > org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.doFilter(Pac4jDispatcherFilter.java:272) > at > org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:348) > at > org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262) > at > org.apache.knox.gateway.filter.XForwardedHeaderFilter.doFilter(XForwardedHeaderFilter.java:50) > at > org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:58) > at > org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:348) > at > org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262) > at > org.apache.knox.gateway.webappsec.filter.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:52) > at > org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:348) > at > org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262) > at > org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:166) > at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:93) > at > org.apache.knox.gateway.GatewayServlet.service(GatewayServlet.java:135) > at > org.eclipse.jetty.servlet.ServletHolder$NotAsyncServlet.service(ServletHolder.java:1386) > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755) > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) > at > org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:226) > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) > at > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:590) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1610) > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1300) > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1580) > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1215) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > at > org.apache.knox.gateway.trace.TraceHandler.handle(TraceHandler.java:51) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > at > org.apache.knox.gateway.filter.CorrelationHandler.handle(CorrelationHandler.java:41) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > at > org.apache.knox.gateway.filter.PortMappingHelperHandler.handle(PortMappingHelperHandler.java:106) > at > org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > at org.eclipse.jetty.server.Server.handle(Server.java:500) > at > org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383) > at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547) > at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375) > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273) > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > at > org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543) > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398) > at > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135) > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) > at java.lang.Thread.run(Thread.java:748) > 2020-07-07 18:20:14,784 ERROR knox.gateway (GatewayFilter.java:doFilter(168)) > - Gateway processing failed: javax.servlet.ServletException: > java.lang.NoSuchMethodError: java.nio.ByteBuffer.flip()Ljava/nio/ByteBuffer; > javax.servlet.ServletException: java.lang.NoSuchMethodError: > java.nio.ByteBuffer.flip()Ljava/nio/ByteBuffer; > at > org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:64) > at > org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:348) > at > org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262) > at > org.apache.knox.gateway.webappsec.filter.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:52) > at > org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:348) > at > org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262) > at > org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:166) > at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:93) > at > org.apache.knox.gateway.GatewayServlet.service(GatewayServlet.java:135) > at > org.eclipse.jetty.servlet.ServletHolder$NotAsyncServlet.service(ServletHolder.java:1386) > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755) > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1617) > at > org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:226) > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1604) > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:545) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) > at > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:590) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1610) > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1300) > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485) > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1580) > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1215) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > at > org.apache.knox.gateway.trace.TraceHandler.handle(TraceHandler.java:51) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > at > org.apache.knox.gateway.filter.CorrelationHandler.handle(CorrelationHandler.java:41) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > at > org.apache.knox.gateway.filter.PortMappingHelperHandler.handle(PortMappingHelperHandler.java:106) > at > org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > at org.eclipse.jetty.server.Server.handle(Server.java:500) > at > org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383) > at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547) > at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375) > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273) > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > at > org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:543) > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:398) > at > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135) > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.lang.NoSuchMethodError: > java.nio.ByteBuffer.flip()Ljava/nio/ByteBuffer; > at > org.apache.knox.gateway.services.security.EncryptionResult.toByteAray(EncryptionResult.java:45) > at > org.apache.knox.gateway.pac4j.session.KnoxSessionStore.compressEncryptBase64(KnoxSessionStore.java:132) > at > org.apache.knox.gateway.pac4j.session.KnoxSessionStore.set(KnoxSessionStore.java:150) > at > org.pac4j.core.engine.DefaultSecurityLogic.saveRequestedUrl(DefaultSecurityLogic.java:204) > at > org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:148) > at > org.pac4j.j2e.filter.SecurityFilter.internalFilter(SecurityFilter.java:92) > at > org.pac4j.j2e.filter.AbstractConfigFilter.doFilter(AbstractConfigFilter.java:84) > at > org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.doFilter(Pac4jDispatcherFilter.java:272) > at > org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:348) > at > org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:262) > at > org.apache.knox.gateway.filter.XForwardedHeaderFilter.doFilter(XForwardedHeaderFilter.java:50) > at > org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:58) > ... 55 more > {code} > I use java8 to start KNOX. If I use java9, this error would not have happened -- This message was sent by Atlassian Jira (v8.3.4#803005)