[jira] [Resolved] (GEODE-3951) ClassCastException in PULSE Logout - Default Configurations

Tue, 14 Nov 2017 08:02:55 -0800 

     [ 
https://issues.apache.org/jira/browse/GEODE-3951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Juan José Ramos Cassella resolved GEODE-3951.
---------------------------------------------
       Resolution: Fixed
    Fix Version/s: 1.4.0

Pull Request already merged into develop.
Closing this ticket, as described in [Developer 
Workflow|https://cwiki.apache.org/confluence/display/GEODE/Developer+Workflow]

> ClassCastException in PULSE Logout - Default Configurations
> -----------------------------------------------------------
>
>                 Key: GEODE-3951
>                 URL: https://issues.apache.org/jira/browse/GEODE-3951
>             Project: Geode
>          Issue Type: Bug
>          Components: pulse
>            Reporter: Juan José Ramos Cassella
>            Assignee: Juan José Ramos Cassella
>            Priority: Trivial
>             Fix For: 1.4.0
>
>
> The issue is 100% reproducible (latest {{develop}} branch) when using PULSE 
> in embedded mode and the default configurations, *the integrated security 
> feature must not be enabled*.
> Steps to reproduce:
> {noformat}
> 1. Start locator: gfsh start locator --name=locator1.
> 2. Open Pulse: gfsh start pulse.
> 3. Login into pulse application.
> 4. Click on the logout button.
> {noformat}
> At this stage, the following exception will be shown:
> {code}
> HTTP ERROR 500
> Problem accessing /pulse/clusterLogout. Reason:
>     Server Error
> Caused by:
> java.lang.ClassCastException: 
> org.springframework.security.authentication.UsernamePasswordAuthenticationToken
>  cannot be cast to 
> org.apache.geode.tools.pulse.internal.security.GemFireAuthentication
>       at 
> org.apache.geode.tools.pulse.internal.security.LogoutHandler.onLogoutSuccess(LogoutHandler.java:43)
>       at 
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:111)
>       at 
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>       at 
> org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
>       at 
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>       at 
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>       at 
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
>       at 
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>       at 
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>       at 
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
>       at 
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
>       at 
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
>       at 
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
>       at 
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>       at 
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
>       at 
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
>       at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
>       at 
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
>       at 
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
>       at 
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
>       at 
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
>       at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
>       at 
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)
>       at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
>       at org.eclipse.jetty.server.Server.handle(Server.java:524)
>       at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:319)
>       at 
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:253)
>       at 
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
>       at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
>       at 
> org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
>       at 
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
>       at 
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
>       at 
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
>       at 
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
>       at 
> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
>       at java.lang.Thread.run(Thread.java:745)
> {code}
> The problem is within the {{LogoutHandler}} class, it's always trying to get 
> an instance of {{GemFireAuthentication}} through downcasting, but the 
> {{Authentication}} object is an instance of {{GemFireAuthentication}} *only* 
> when the Integrated Security feature is used. This means that the 
> {{LogoutHandler}} will only be successful when the profile 
> {{pulse.authentication.gemfire}} is active and the 
> {{GemFireAuthenticationProvider}} is in charge. In the default case scenario, 
> on the other hand, the {{Authentication}} object is populated by the default 
> classes from {{spring-security}} and, thus, the exception is thrown.
> The fix should be quick and without major impact, anyway: the filter actually 
> doesn't need to downcast to {{GemFireAuthentication}} since there's nothing 
> extra on that object that needs to be used by the handler, it just needs to 
> use the instance of {{Authentication}} as follows:
> {code:java;title=LogoutHandler.java}
> public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse 
> response, Authentication authentication) throws IOException, ServletException 
> {
>       logger.debug("Invoked #LogoutHandler ...");
>     if (authentication != null) {
>       Repository.get().logoutUser(authentication.getName());
>       logger.info("#LogoutHandler : Closing GemFireAuthentication JMX 
> Connection...");
>       }
>       super.onLogoutSuccess(request, response, authentication);
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to