[jira] [Commented] (KYLIN-2589) Errors in WebUI Authentication
[ https://issues.apache.org/jira/browse/KYLIN-2589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16019112#comment-16019112 ] Shaofeng SHI commented on KYLIN-2589: - I changed to use Guava's HashFunction to generate the hashcode, that is thread safe and has better performance. The commit id is 9ae792c51a934c17dcc76795f3ca064b468d26cf > Errors in WebUI Authentication > -- > > Key: KYLIN-2589 > URL: https://issues.apache.org/jira/browse/KYLIN-2589 > Project: Kylin > Issue Type: Bug > Components: General >Affects Versions: v2.0.0 > Environment: EMR >Reporter: Young Wu >Assignee: Shaofeng SHI > Fix For: v2.1.0 > > Attachments: 2921494001551_.pic_hd.jpg, > KYLIN-2589-MessageDigest-is-not-thread-safe.patch, Screenshot 2017-05-06 > 12.29.34.png > > > There seems bugs exist in the webserver's authentication part in kylin. After > kylin run several hours, user will failed login with username/password. The > error reported in the log is "Encoded password cannot be null or empty". > Details: > {code} > May 02, 2017 2:15:59 PM org.apache.catalina.core.StandardWrapperValve invoke > SEVERE: Servlet.service() for servlet [kylin] in context with path [/kylin] > threw exception > java.lang.IllegalArgumentException: Encoded password cannot be null or empty > at > org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.matches(BCryptPasswordEncoder.java:77) > at > org.springframework.security.authentication.dao.DaoAuthenticationProvider$1.isPasswordValid(DaoAuthenticationProvider.java:124) > at > org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:64) > at > org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:149) > at > org.apache.kylin.rest.security.KylinAuthenticationProvider.authenticate(KylinAuthenticationProvider.java:85) > at > org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) > at > org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) > at > org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) > at > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209) > at > com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >
[jira] [Commented] (KYLIN-2589) Errors in WebUI Authentication
[ https://issues.apache.org/jira/browse/KYLIN-2589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15999711#comment-15999711 ] Young Wu commented on KYLIN-2589: - Solved. I accidentally downloaded a flawed version of kylin-2.0.0(sha1 1412e954f912201dfb298f086b1eb88dc57a386d) at the first time kylin-2.0.0 released which was immediately fixed with kylin-2.0.0(sha1 375fd807c281d8c5deff0620747c806be2019782) > Errors in WebUI Authentication > -- > > Key: KYLIN-2589 > URL: https://issues.apache.org/jira/browse/KYLIN-2589 > Project: Kylin > Issue Type: Bug > Components: General >Affects Versions: v2.0.0 > Environment: EMR >Reporter: Young Wu > Attachments: 2921494001551_.pic_hd.jpg, Screenshot 2017-05-06 > 12.29.34.png > > > There seems bugs exist in the webserver's authentication part in kylin. After > kylin run several hours, user will failed login with username/password. The > error reported in the log is "Encoded password cannot be null or empty". > Details: > {code} > May 02, 2017 2:15:59 PM org.apache.catalina.core.StandardWrapperValve invoke > SEVERE: Servlet.service() for servlet [kylin] in context with path [/kylin] > threw exception > java.lang.IllegalArgumentException: Encoded password cannot be null or empty > at > org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.matches(BCryptPasswordEncoder.java:77) > at > org.springframework.security.authentication.dao.DaoAuthenticationProvider$1.isPasswordValid(DaoAuthenticationProvider.java:124) > at > org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:64) > at > org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:149) > at > org.apache.kylin.rest.security.KylinAuthenticationProvider.authenticate(KylinAuthenticationProvider.java:85) > at > org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) > at > org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) > at > org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) > at > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209) > at > com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) > at >
[jira] [Commented] (KYLIN-2589) Errors in WebUI Authentication
[ https://issues.apache.org/jira/browse/KYLIN-2589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15999441#comment-15999441 ] hongbin ma commented on KYLIN-2589: --- hi [~wooya] by " cleaned up all the info in hbase " do you mean cleaning the xxx_acl, xxx_user htables as well? Can you also describe your environment ( hadoop version, hdp or cloudera)? > Errors in WebUI Authentication > -- > > Key: KYLIN-2589 > URL: https://issues.apache.org/jira/browse/KYLIN-2589 > Project: Kylin > Issue Type: Bug > Components: General >Affects Versions: v2.0.0 > Environment: EMR >Reporter: Young Wu > Attachments: 2921494001551_.pic_hd.jpg, Screenshot 2017-05-06 > 12.29.34.png > > > There seems bugs exist in the webserver's authentication part in kylin. After > kylin run several hours, user will failed login with username/password. The > error reported in the log is "Encoded password cannot be null or empty". > Detailed attached behind. The only solution is restart kylin timely. Restart > can suppress this issue several hours and then suddenly error comes back > again. ISSUE detail is also here: > http://apache-kylin.74782.x6.nabble.com/Re-Encoded-password-cannot-be-null-or-empty-when-login-into-kylin-s-web-UI-td7879.html#a7887 > It is not due to upgrade from 2.0.0-BETA to 2.0.0 since I've already cleaned > up all the info in hbase and spun up a brand new kylin-2.0.0, but the issue > is still there. > Another bug occurs seldom, but it looks like also relates to authentication. > It happens when kylin is having a heavy load of query requests. Details also > attached. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (KYLIN-2589) Errors in WebUI Authentication
[ https://issues.apache.org/jira/browse/KYLIN-2589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15999393#comment-15999393 ] Young Wu commented on KYLIN-2589: - The issue is inevitably happened right after I manually reload metadata in Kylin WebUI. So I suspect this issue is related to metadata and there's a mechanism in Kylin to fresh metadata timely. That's why this issue happens some time after Kylin starts but not immediately. > Errors in WebUI Authentication > -- > > Key: KYLIN-2589 > URL: https://issues.apache.org/jira/browse/KYLIN-2589 > Project: Kylin > Issue Type: Bug > Components: General >Affects Versions: v2.0.0 > Environment: EMR >Reporter: Young Wu > Attachments: 2921494001551_.pic_hd.jpg, Screenshot 2017-05-06 > 12.29.34.png > > > There seems bugs exist in the webserver's authentication part in kylin. After > kylin run several hours, user will failed login with username/password. The > error reported in the log is "Encoded password cannot be null or empty". > Detailed attached behind. The only solution is restart kylin timely. Restart > can suppress this issue several hours and then suddenly error comes back > again. ISSUE detail is also here: > http://apache-kylin.74782.x6.nabble.com/Re-Encoded-password-cannot-be-null-or-empty-when-login-into-kylin-s-web-UI-td7879.html#a7887 > It is not due to upgrade from 2.0.0-BETA to 2.0.0 since I've already cleaned > up all the info in hbase and spun up a brand new kylin-2.0.0, but the issue > is still there. > Another bug occurs seldom, but it looks like also relates to authentication. > It happens when kylin is having a heavy load of query requests. Details also > attached. -- This message was sent by Atlassian JIRA (v6.3.15#6346)