[jira] [Commented] (QPID-7751) [Java Broker] Login attempt using SimpleLDAP might result in 500

Alex Rudyy (JIRA) Mon, 15 May 2017 04:50:38 -0700

    [ 
https://issues.apache.org/jira/browse/QPID-7751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16010377#comment-16010377
 ]


Alex Rudyy commented on QPID-7751:
----------------------------------

The reported issue is not ldap  authentication provider specific. It can occur 
for any authentication provider when multiple authentication requests are 
submitted in parallel on the same session (for example, by clicking on login 
button multiple times). As result, when session is invalidated for the one of 
the requests, the other request can fail  on attempt to get attribute value 
with {{java.lang.IllegalStateException}}. As per servlet documentation,  
{{java.lang.IllegalStateException}} is thrown when method {{getAttribute}} is 
called on an invalidated session. 

> [Java Broker] Login attempt using SimpleLDAP might result in 500
> ----------------------------------------------------------------
>
>                 Key: QPID-7751
>                 URL: https://issues.apache.org/jira/browse/QPID-7751
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: qpid-java-broker-7.0.0
>            Reporter: Lorenz Quack
>             Fix For: qpid-java-broker-7.0.0
>
>
> Configure SimpleLDAP on a port and attempt an invalid login in the web 
> management console results in a 500 (in HTML) being returned to the browser.
> The broker log contains the following stacktrace:
> {noformat}
> 2017-04-21 09:18:07,269 INFO  [HttpManagement-ldap-269] 
> (q.m.a.authentication_failed) - [mng:mp1XixiX(N/A@/0:0:0:0:0:0:0:1:52604)] 
> ATH-1010 : Authentication Failed : "invalid_user"
> 2017-04-21 09:18:07,270 ERROR [HttpManagement-ldap-269] 
> (o.a.q.s.m.p.f.ExceptionHandlingFilter) - Unexpected exception in servlet 
> '/service/sasl': 
> java.lang.IllegalStateException: null
>       at 
> org.eclipse.jetty.server.session.AbstractSession.checkValid(AbstractSession.java:109)
>       at 
> org.eclipse.jetty.server.session.HashedSession.checkValid(HashedSession.java:73)
>       at 
> org.eclipse.jetty.server.session.AbstractSession.getAttribute(AbstractSession.java:132)
>       at 
> org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet.cleanup(SaslServlet.java:205)
>       at 
> org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet.evaluateSaslResponse(SaslServlet.java:288)
>       at 
> org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet.doPost(SaslServlet.java:158)
>       at 
> org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.doPost(AbstractServlet.java:141)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
>       at 
> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1496)
>       at 
> org.apache.qpid.server.management.plugin.filter.AuthenticationCheckFilter$1.run(AuthenticationCheckFilter.java:157)
>       at 
> org.apache.qpid.server.management.plugin.filter.AuthenticationCheckFilter$1.run(AuthenticationCheckFilter.java:153)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at javax.security.auth.Subject.doAs(Subject.java:422)
>       at 
> org.apache.qpid.server.management.plugin.filter.AuthenticationCheckFilter.doFilterChainAs(AuthenticationCheckFilter.java:152)
>       at 
> org.apache.qpid.server.management.plugin.filter.AuthenticationCheckFilter.doFilter(AuthenticationCheckFilter.java:122)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
>       at 
> org.apache.qpid.server.management.plugin.filter.LoggingFilter.doFilter(LoggingFilter.java:63)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
>       at 
> org.apache.qpid.server.management.plugin.filter.ForbiddingTraceFilter.doFilter(ForbiddingTraceFilter.java:65)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
>       at 
> org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:247)
>       at 
> org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:210)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
>       at 
> org.apache.qpid.server.management.plugin.filter.ExceptionHandlingFilter.doFilter(ExceptionHandlingFilter.java:59)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1467)
>       at 
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)
>       at 
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229)
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
>       at 
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429)
>       at 
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
>       at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
>       at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
>       at org.eclipse.jetty.server.Server.handle(Server.java:370)
>       at 
> org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
>       at 
> org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
>       at 
> org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
>       at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
>       at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
>       at 
> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
>       at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196)
>       at 
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
>       at 
> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
>       at 
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
>       at 
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
>       at java.lang.Thread.run(Thread.java:745)
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

[jira] [Commented] (QPID-7751) [Java Broker] Login attempt using SimpleLDAP might result in 500

Reply via email to