Dietrich Schulten created CAMEL-15750:
-----------------------------------------
Summary: camel-undertow-spring-security-starter always forbidden
Key: CAMEL-15750
URL: https://issues.apache.org/jira/browse/CAMEL-15750
Project: Camel
Issue Type: Bug
Components: camel-spring-security, camel-undertow
Affects Versions: 3.5.0
Environment: Windows 10, Java 8
Reporter: Dietrich Schulten
Example:
[https://github.com/apache/camel-spring-boot-examples/tree/master/camel-example-spring-boot-undertow-spring-security]
Make sure port 8081 is not in use.
All requests to [http://localhost:8082/hi] get a 403 response, no matter if I
send an oauth Token or not. The oauth token itself seems correct, I have
decoded it on jwt.io and it shows that the role is present:
{code:java}
{
"exp": 1603546060,
"iat": 1603546000,
"jti": "3392de8c-8309-4187-8b9a-9f8edaefe226",
"iss": "http://localhost:8080/auth/realms/master";,
"aud": "account",
"sub": "4612ff79-81a8-4209-a7f7-fd4b963c574e",
"typ": "Bearer",
"azp": "example-service",
"session_state": "693f9c78-2e54-447e-9749-ce6a1288877d",
"acr": "1",
"allowed-origins": [
"http://localhost:8082";
],
"realm_access": {
"roles": [
"role01",
"offline_access",
"uma_authorization"
]
},
"resource_access": {
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]
}
},
"scope": "email profile",
"email_verified": false,
"preferred_username": "user01"
}{code}
The reason seems to be that the camel-undertow-spring-security-starter tries to
start two Undertow servlets: the Spring Undertow servlet runs on port 8081, and
the Camel Undertow servlet on port 8082. Only the Spring servlet has token
security, but not the Camel Undertow Servlet.
In the log below you see that the
org.springframework.boot.web.embedded.undertow.UndertowWebServer starts on port
8081, and it receives the filter chain with the BearerTokenAuthenticationFilter.
Then the org.apache.camel.component.undertow.DefaultUndertowHost comes up on
port 8082. The log message {{Illegal state caused by missing securitProvider
but existing allowed roles!}} also seem to show that no securityProvider is
configured on the DefaultUndertowHost which runs on port 8082.
{code:java}
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.3.3.RELEASE)2020-10-24 15:08:26.339 INFO 27932
--- [ main] o.a.c.undertow.spring.boot.Application : Starting
Application on DZS20N436 with PID 27932
(C:\Users\Schulten\Documents\projekte\camel-spring-boot-examples-3.5.0\camel-example-spring-boot-undertow-spring-security\target\classes
started by Schulten in
C:\Users\Schulten\Documents\projekte\camel-spring-boot-examples-3.5.0\camel-example-spring-boot-undertow-spring-security)
2020-10-24 15:08:26.343 INFO 27932 --- [ main]
o.a.c.undertow.spring.boot.Application : No active profile set, falling back
to default profiles: default
2020-10-24 15:08:28.378 INFO 27932 --- [ main] io.undertow.servlet
: Initializing Spring embedded WebApplicationContext
2020-10-24 15:08:28.381 INFO 27932 --- [ main]
w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext:
initialization completed in 1954 ms
2020-10-24 15:08:28.770 INFO 27932 --- [ main]
o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request,
[org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5395ea39,
org.springframework.security.web.context.SecurityContextPersistenceFilter@5c41d037,
org.springframework.security.web.header.HeaderWriterFilter@6d64b553,
org.springframework.security.web.csrf.CsrfFilter@12477988,
org.springframework.security.web.authentication.logout.LogoutFilter@29a23c3d,
org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter@43b0ade,
org.springframework.security.web.savedrequest.RequestCacheAwareFilter@5ec77191,
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@796d3c9f,
org.springframework.security.web.authentication.AnonymousAuthenticationFilter@1517f633,
org.springframework.security.web.session.SessionManagementFilter@757529a4,
org.springframework.security.web.access.ExceptionTranslationFilter@203dd56b,
org.springframework.security.web.access.intercept.FilterSecurityInterceptor@522b2631]
2020-10-24 15:08:28.876 INFO 27932 --- [ main]
o.apache.camel.support.LRUCacheFactory : Detected and using LRUCacheFactory:
camel-caffeine-lrucache
2020-10-24 15:08:29.309 INFO 27932 --- [ main] io.undertow
: starting server: Undertow - 2.1.3.Final
2020-10-24 15:08:29.316 INFO 27932 --- [ main] org.xnio
: XNIO version 3.8.0.Final
2020-10-24 15:08:29.324 INFO 27932 --- [ main] org.xnio.nio
: XNIO NIO Implementation Version 3.8.0.Final
2020-10-24 15:08:29.419 INFO 27932 --- [ main] org.jboss.threads
: JBoss Threads version 3.1.0.Final
2020-10-24 15:08:29.472 INFO 27932 --- [ main]
o.s.b.w.e.undertow.UndertowWebServer : Undertow started on port(s) 8081
(http)
2020-10-24 15:08:29.490 INFO 27932 --- [ main]
o.a.c.s.boot.SpringBootRoutesCollector : Loading additional Camel XML routes
from: classpath:camel/*.xml
2020-10-24 15:08:29.495 INFO 27932 --- [ main]
o.a.c.s.boot.SpringBootRoutesCollector : Loading additional Camel XML route
templates from: classpath:camel-template/*.xml
2020-10-24 15:08:29.497 INFO 27932 --- [ main]
o.a.c.s.boot.SpringBootRoutesCollector : Loading additional Camel XML rests
from: classpath:camel-rest/*.xml
2020-10-24 15:08:29.652 INFO 27932 --- [ main]
o.a.c.impl.engine.AbstractCamelContext : Apache Camel 3.5.0 (camel-1) is
starting
2020-10-24 15:08:29.655 INFO 27932 --- [ main]
o.a.c.impl.engine.AbstractCamelContext : StreamCaching is not in use. If
using streams then its recommended to enable stream caching. See more details
at http://camel.apache.org/stream-caching.html
2020-10-24 15:08:29.656 INFO 27932 --- [ main]
o.a.c.impl.engine.AbstractCamelContext : Using HealthCheck: camel-health
2020-10-24 15:08:29.669 INFO 27932 --- [ main]
o.a.c.c.undertow.DefaultUndertowHost : Starting Undertow server on
http://localhost:8082
2020-10-24 15:08:29.669 INFO 27932 --- [ main] io.undertow
: starting server: Undertow - 2.1.3.Final
2020-10-24 15:08:29.681 INFO 27932 --- [ main]
o.a.c.i.e.InternalRouteStartupManager : Route: route1 started and consuming
from: http://localhost:8082/hi
2020-10-24 15:08:29.687 INFO 27932 --- [ main]
o.a.c.impl.engine.AbstractCamelContext : Total 1 routes, of which 1 are
started
2020-10-24 15:08:29.688 INFO 27932 --- [ main]
o.a.c.impl.engine.AbstractCamelContext : Apache Camel 3.5.0 (camel-1) started
in 0.035 seconds
2020-10-24 15:08:29.696 INFO 27932 --- [ main]
o.a.c.undertow.spring.boot.Application : Started Application in 3.809 seconds
(JVM running for 4.35)
2020-10-24 15:10:41.530 WARN 27932 --- [ XNIO-2 task-1]
o.a.c.c.undertow.UndertowConsumer : Illegal state caused by missing
securitProvider but existing allowed roles!
2020-10-24 15:13:16.234 WARN 27932 --- [ XNIO-2 task-1]
o.a.c.c.undertow.UndertowConsumer : Illegal state caused by missing
securitProvider but existing allowed roles!
2020-10-24 15:13:53.090 WARN 27932 --- [ XNIO-2 task-1]
o.a.c.c.undertow.UndertowConsumer : Illegal state caused by missing
securitProvider but existing allowed roles!
2020-10-24 15:15:22.183 WARN 27932 --- [ XNIO-2 task-1]
o.a.c.c.undertow.UndertowConsumer : Illegal state caused by missing
securitProvider but existing allowed roles!
2020-10-24 15:16:38.260 WARN 27932 --- [ XNIO-2 task-1]
o.a.c.c.undertow.UndertowConsumer : Illegal state caused by missing
securitProvider but existing allowed roles!{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
