Graham Humphries ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5d1da2ae1f0bab0c4a28d7b8 ) *created* an issue
GeoServer ( https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiY2QyZjhkZDg4Nzg3NDliZjk2YjI0M2IxNzliZGEyOTYiLCJwIjoiaiJ9 ) / Bug ( https://osgeo-org.atlassian.net/browse/GEOS-10310?atlOrigin=eyJpIjoiY2QyZjhkZDg4Nzg3NDliZjk2YjI0M2IxNzliZGEyOTYiLCJwIjoiaiJ9 ) GEOS-10310 ( https://osgeo-org.atlassian.net/browse/GEOS-10310?atlOrigin=eyJpIjoiY2QyZjhkZDg4Nzg3NDliZjk2YjI0M2IxNzliZGEyOTYiLCJwIjoiaiJ9 ) Geoserver throws CloneNotSupportedException when using Basic Authentication ( https://osgeo-org.atlassian.net/browse/GEOS-10310?atlOrigin=eyJpIjoiY2QyZjhkZDg4Nzg3NDliZjk2YjI0M2IxNzliZGEyOTYiLCJwIjoiaiJ9 ) Issue Type: Bug Affects Versions: 2.19.2, 2.20.0 Assignee: Unassigned Components: Security Created: 18/Nov/21 10:13 PM Environment: Solaris SunOS 5.11, Apache Tomcat/9.0.53 and Java to 11.0.12+7-LTS Priority: Medium Reporter: Graham Humphries ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5d1da2ae1f0bab0c4a28d7b8 ) Since upgrading Tomcat and Java to the version shown above Geoserver throws CloneNotSupportedException when using Basic Authentication passed in the request header. The authentication header is added to the request by the web server running Apache HTTPD. It is different for internal and external users. The response is as follows (including a stacktrace): <!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b color: Color value is invalid h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a color: Color value is invalid .line {height:1px;background-color:#525D76;border:none;} </style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> java.lang.CloneNotSupportedException</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b></p><pre>java.lang.RuntimeException: java.lang.CloneNotSupportedException org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.getCacheKey(GeoServerBasicAuthenticationFilter.java:122) org.geoserver.security.filter.GeoServerSecurityFilter.authenticateFromCache(GeoServerSecurityFilter.java:76) org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:47) org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91) org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.doFilter(GeoServerBasicAuthenticationFilter.java:81) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:70) org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:52) org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:74) org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:142) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:101) org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:77) org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:47) org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:46) org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42) org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) </pre><p><b>Root Cause</b></p><pre>java.lang.CloneNotSupportedException java.base/java.security.MessageDigest$Delegate.clone(MessageDigest.java:610) org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.getCacheKey(GeoServerBasicAuthenticationFilter.java:119) org.geoserver.security.filter.GeoServerSecurityFilter.authenticateFromCache(GeoServerSecurityFilter.java:76) org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:47) org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91) org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.doFilter(GeoServerBasicAuthenticationFilter.java:81) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:70) org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:52) org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:74) org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:142) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:101) org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:77) org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:47) org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:46) org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42) org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ( https://osgeo-org.atlassian.net/browse/GEOS-10310#add-comment?atlOrigin=eyJpIjoiY2QyZjhkZDg4Nzg3NDliZjk2YjI0M2IxNzliZGEyOTYiLCJwIjoiaiJ9 ) Add Comment ( https://osgeo-org.atlassian.net/browse/GEOS-10310#add-comment?atlOrigin=eyJpIjoiY2QyZjhkZDg4Nzg3NDliZjk2YjI0M2IxNzliZGEyOTYiLCJwIjoiaiJ9 ) Get Jira notifications on your phone! Download the Jira Cloud app for Android ( https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail ) or iOS ( https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100183- sha1:ce6a64b )
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
