Ville Aine created AURORA-1930:
----------------------------------
Summary: Beta API does not work with authentication
Key: AURORA-1930
URL: https://issues.apache.org/jira/browse/AURORA-1930
Project: Aurora
Issue Type: Bug
Components: Scheduler
Affects Versions: 0.17.0
Environment: OpenJDK 1.8.0_121 on 64-bit Linux
Reporter: Ville Aine
Priority: Minor
Issuing any Beta API request that requires authentication results in HTTP 500
response. The logs show that this is caused by a Shiro
{{UnavailableSecurityManagerException}}, which is thrown when
{{ShiroAuthenticatingThriftInterceptor}} tries to acquire the current Shiro
{{Subject}} (see attachments for full stack trace).
The reason for this seems to be twofold:
- The Jersey {{GuiceContainer}} serving the API is installed as a filter, and
during request processing that filter is activated before any of the Shiro
filters are. Therefore Shiro has not yet been initialized when
{{ShiroAuthenticatingThriftInterceptor}} is run.
- There is no {{ShiroWebModule.guiceFilterModule}} installed for
{{/apibeta/*}}, so the authentication filters would not be executed even if
the filters were installed in a proper order.
The attached patch for Aurora 0.17.0 seems to fix the filter ordering issue by
installing the {{GuiceContainer}} as a servlet. It also makes sure that
{{UnauthenicatedExceptions}} thrown from auth interceptors are propagated
properly.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
