[
https://issues.apache.org/jira/browse/AURORA-1930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ville Aine updated AURORA-1930:
-------------------------------
Attachment: aurora-0.17.0-stacktrace.txt
stack trace
> Beta API does not work with authentication
> ------------------------------------------
>
> Key: AURORA-1930
> URL: https://issues.apache.org/jira/browse/AURORA-1930
> Project: Aurora
> Issue Type: Bug
> Components: Scheduler
> Affects Versions: 0.17.0
> Environment: OpenJDK 1.8.0_121 on 64-bit Linux
> Reporter: Ville Aine
> Priority: Minor
> Attachments: aurora-0.17.0-stacktrace.txt,
> aurora-0.17-api-beta-auth-fix.patch
>
>
> Issuing any Beta API request that requires authentication results in HTTP 500
> response. The logs show that this is caused by a Shiro
> {{UnavailableSecurityManagerException}}, which is thrown when
> {{ShiroAuthenticatingThriftInterceptor}} tries to acquire the current Shiro
> {{Subject}} (see attachments for full stack trace).
> The reason for this seems to be twofold:
> - The Jersey {{GuiceContainer}} serving the API is installed as a filter, and
> during request processing that filter is activated before any of the Shiro
> filters are. Therefore Shiro has not yet been initialized when
> {{ShiroAuthenticatingThriftInterceptor}} is run.
>
> - There is no {{ShiroWebModule.guiceFilterModule}} installed for
> {{/apibeta/*}}, so the authentication filters would not be executed even if
> the filters were installed in a proper order.
> The attached patch for Aurora 0.17.0 seems to fix the filter ordering issue
> by installing the {{GuiceContainer}} as a servlet. It also makes sure that
> {{UnauthenicatedExceptions}} thrown from auth interceptors are propagated
> properly.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
