[jira] [Commented] (KYLIN-2589) Errors in WebUI Authentication
[
https://issues.apache.org/jira/browse/KYLIN-2589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16019112#comment-16019112
]
Shaofeng SHI commented on KYLIN-2589:
-
I changed to use Guava's HashFunction to generate the hashcode, that is thread
safe and has better performance. The commit id is
9ae792c51a934c17dcc76795f3ca064b468d26cf
> Errors in WebUI Authentication
> --
>
> Key: KYLIN-2589
> URL: https://issues.apache.org/jira/browse/KYLIN-2589
> Project: Kylin
> Issue Type: Bug
> Components: General
>Affects Versions: v2.0.0
> Environment: EMR
>Reporter: Young Wu
>Assignee: Shaofeng SHI
> Fix For: v2.1.0
>
> Attachments: 2921494001551_.pic_hd.jpg,
> KYLIN-2589-MessageDigest-is-not-thread-safe.patch, Screenshot 2017-05-06
> 12.29.34.png
>
>
> There seems bugs exist in the webserver's authentication part in kylin. After
> kylin run several hours, user will failed login with username/password. The
> error reported in the log is "Encoded password cannot be null or empty".
> Details:
> {code}
> May 02, 2017 2:15:59 PM org.apache.catalina.core.StandardWrapperValve invoke
> SEVERE: Servlet.service() for servlet [kylin] in context with path [/kylin]
> threw exception
> java.lang.IllegalArgumentException: Encoded password cannot be null or empty
> at
> org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.matches(BCryptPasswordEncoder.java:77)
> at
> org.springframework.security.authentication.dao.DaoAuthenticationProvider$1.isPasswordValid(DaoAuthenticationProvider.java:124)
> at
> org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:64)
> at
> org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:149)
> at
> org.apache.kylin.rest.security.KylinAuthenticationProvider.authenticate(KylinAuthenticationProvider.java:85)
> at
> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
> at
> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
> at
> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209)
> at
> com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
>
[jira] [Commented] (KYLIN-2589) Errors in WebUI Authentication
[
https://issues.apache.org/jira/browse/KYLIN-2589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15999711#comment-15999711
]
Young Wu commented on KYLIN-2589:
-
Solved. I accidentally downloaded a flawed version of kylin-2.0.0(sha1
1412e954f912201dfb298f086b1eb88dc57a386d) at the first time kylin-2.0.0
released which was immediately fixed with kylin-2.0.0(sha1
375fd807c281d8c5deff0620747c806be2019782)
> Errors in WebUI Authentication
> --
>
> Key: KYLIN-2589
> URL: https://issues.apache.org/jira/browse/KYLIN-2589
> Project: Kylin
> Issue Type: Bug
> Components: General
>Affects Versions: v2.0.0
> Environment: EMR
>Reporter: Young Wu
> Attachments: 2921494001551_.pic_hd.jpg, Screenshot 2017-05-06
> 12.29.34.png
>
>
> There seems bugs exist in the webserver's authentication part in kylin. After
> kylin run several hours, user will failed login with username/password. The
> error reported in the log is "Encoded password cannot be null or empty".
> Details:
> {code}
> May 02, 2017 2:15:59 PM org.apache.catalina.core.StandardWrapperValve invoke
> SEVERE: Servlet.service() for servlet [kylin] in context with path [/kylin]
> threw exception
> java.lang.IllegalArgumentException: Encoded password cannot be null or empty
> at
> org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder.matches(BCryptPasswordEncoder.java:77)
> at
> org.springframework.security.authentication.dao.DaoAuthenticationProvider$1.isPasswordValid(DaoAuthenticationProvider.java:124)
> at
> org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:64)
> at
> org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:149)
> at
> org.apache.kylin.rest.security.KylinAuthenticationProvider.authenticate(KylinAuthenticationProvider.java:85)
> at
> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
> at
> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
> at
> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:168)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209)
> at
> com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
> at
>
[jira] [Commented] (KYLIN-2589) Errors in WebUI Authentication
[ https://issues.apache.org/jira/browse/KYLIN-2589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15999441#comment-15999441 ] hongbin ma commented on KYLIN-2589: --- hi [~wooya] by " cleaned up all the info in hbase " do you mean cleaning the xxx_acl, xxx_user htables as well? Can you also describe your environment ( hadoop version, hdp or cloudera)? > Errors in WebUI Authentication > -- > > Key: KYLIN-2589 > URL: https://issues.apache.org/jira/browse/KYLIN-2589 > Project: Kylin > Issue Type: Bug > Components: General >Affects Versions: v2.0.0 > Environment: EMR >Reporter: Young Wu > Attachments: 2921494001551_.pic_hd.jpg, Screenshot 2017-05-06 > 12.29.34.png > > > There seems bugs exist in the webserver's authentication part in kylin. After > kylin run several hours, user will failed login with username/password. The > error reported in the log is "Encoded password cannot be null or empty". > Detailed attached behind. The only solution is restart kylin timely. Restart > can suppress this issue several hours and then suddenly error comes back > again. ISSUE detail is also here: > http://apache-kylin.74782.x6.nabble.com/Re-Encoded-password-cannot-be-null-or-empty-when-login-into-kylin-s-web-UI-td7879.html#a7887 > It is not due to upgrade from 2.0.0-BETA to 2.0.0 since I've already cleaned > up all the info in hbase and spun up a brand new kylin-2.0.0, but the issue > is still there. > Another bug occurs seldom, but it looks like also relates to authentication. > It happens when kylin is having a heavy load of query requests. Details also > attached. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (KYLIN-2589) Errors in WebUI Authentication
[ https://issues.apache.org/jira/browse/KYLIN-2589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15999393#comment-15999393 ] Young Wu commented on KYLIN-2589: - The issue is inevitably happened right after I manually reload metadata in Kylin WebUI. So I suspect this issue is related to metadata and there's a mechanism in Kylin to fresh metadata timely. That's why this issue happens some time after Kylin starts but not immediately. > Errors in WebUI Authentication > -- > > Key: KYLIN-2589 > URL: https://issues.apache.org/jira/browse/KYLIN-2589 > Project: Kylin > Issue Type: Bug > Components: General >Affects Versions: v2.0.0 > Environment: EMR >Reporter: Young Wu > Attachments: 2921494001551_.pic_hd.jpg, Screenshot 2017-05-06 > 12.29.34.png > > > There seems bugs exist in the webserver's authentication part in kylin. After > kylin run several hours, user will failed login with username/password. The > error reported in the log is "Encoded password cannot be null or empty". > Detailed attached behind. The only solution is restart kylin timely. Restart > can suppress this issue several hours and then suddenly error comes back > again. ISSUE detail is also here: > http://apache-kylin.74782.x6.nabble.com/Re-Encoded-password-cannot-be-null-or-empty-when-login-into-kylin-s-web-UI-td7879.html#a7887 > It is not due to upgrade from 2.0.0-BETA to 2.0.0 since I've already cleaned > up all the info in hbase and spun up a brand new kylin-2.0.0, but the issue > is still there. > Another bug occurs seldom, but it looks like also relates to authentication. > It happens when kylin is having a heavy load of query requests. Details also > attached. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
