Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-18514

Make BasicAuthenticator send a dedicated HTTP status code in case of LDAP Connection reset

    XMLWordPrintable

    Details

    • Tags:
    • Sprint:
      drive-8.1-1
    • Story Points:
      2

      Description

      See NXP-17325.
      We also don't want to recieve a 401 in the case of the following stack trace:

      2015-11-24 17:18:49,459 ERROR [ajp-bio-0.0.0.0-8009-exec-163] [org.nuxeo.ecm.platform.login.NuxeoLoginModule] createIdentity failed
org.nuxeo.ecm.directory.DirectoryException: org.nuxeo.ecm.directory.DirectoryException: error fetching GRP_XXX from groupLdapDirectory: Connection reset
	at org.nuxeo.ecm.directory.ldap.LDAPSession.ldapResultToDocumentModel(LDAPSession.java:976)
	at org.nuxeo.ecm.directory.ldap.LDAPSession.getEntryFromSource(LDAPSession.java:274)
	at org.nuxeo.ecm.directory.DirectoryCache.getEntry(DirectoryCache.java:93)
	at org.nuxeo.ecm.directory.ldap.LDAPSession.getEntry(LDAPSession.java:261)
	at org.nuxeo.ecm.directory.multi.MultiDirectorySession.getEntry(MultiDirectorySession.java:411)
	at org.nuxeo.ecm.directory.multi.MultiDirectorySession.getEntry(MultiDirectorySession.java:395)
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.getGroupModel(UserManagerImpl.java:1291)
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.getGroup(UserManagerImpl.java:600)
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.getGroup(UserManagerImpl.java:595)
	at org.nuxeo.ecm.platform.computedgroups.UserManagerWithComputedGroups.getGroup(UserManagerWithComputedGroups.java:113)
	at org.nuxeo.ecm.platform.usermanager.NuxeoPrincipalImpl.updateAllGroups(NuxeoPrincipalImpl.java:361)
	at org.nuxeo.ecm.platform.usermanager.NuxeoPrincipalImpl.setVirtualGroups(NuxeoPrincipalImpl.java:422)
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.makePrincipal(UserManagerImpl.java:548)
	at org.nuxeo.ecm.platform.computedgroups.UserManagerWithComputedGroups.makePrincipal(UserManagerWithComputedGroups.java:73)
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.makePrincipal(UserManagerImpl.java:518)
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.getPrincipal(UserManagerImpl.java:1354)
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.getPrincipal(UserManagerImpl.java:571)
	at org.nuxeo.ecm.platform.login.NuxeoLoginModule.createIdentity(NuxeoLoginModule.java:298)
	at org.nuxeo.ecm.platform.login.NuxeoLoginModule.validateUserIdentity(NuxeoLoginModule.java:358)
	at org.nuxeo.ecm.platform.login.NuxeoLoginModule.getPrincipal(NuxeoLoginModule.java:210)
	at org.nuxeo.ecm.platform.login.NuxeoLoginModule.login(NuxeoLoginModule.java:261)
	at org.nuxeo.runtime.api.LoginModuleWrapper.login(LoginModuleWrapper.java:77)
	at sun.reflect.GeneratedMethodAccessor53.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
	at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doAuthenticate(NuxeoAuthenticationFilter.java:287)
	at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilterInternal(NuxeoAuthenticationFilter.java:533)
	at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:36)
	at org.nuxeo.ecm.platform.ui.web.auth.oauth2.NuxeoOAuth2Filter.doFilter(NuxeoOAuth2Filter.java:68)
	at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:34)
	at org.nuxeo.ecm.platform.ui.web.auth.oauth.NuxeoOAuthFilter.doFilter(NuxeoOAuthFilter.java:119)
	at org.nuxeo.ecm.platform.ui.web.auth.service.NuxeoAuthFilterChain.doFilter(NuxeoAuthFilterChain.java:34)
	at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilter(NuxeoAuthenticationFilter.java:405)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.nuxeo.ecm.platform.web.common.requestcontroller.filter.NuxeoCorsFilter.doFilter(NuxeoCorsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.doFilter(NuxeoExceptionFilter.java:78)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.nuxeo.ecm.platform.web.common.encoding.NuxeoEncodingFilter.doFilter(NuxeoEncodingFilter.java:73)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
	at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:190)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)
Caused by: org.nuxeo.ecm.directory.DirectoryException: error fetching GRPWIKIDEA from groupLdapDirectory: Connection reset
	at org.nuxeo.ecm.directory.ldap.LDAPReference.getSourceIdsForTarget(LDAPReference.java:519)
	at org.nuxeo.ecm.directory.multi.MultiReference$1.collect(MultiReference.java:95)
	at org.nuxeo.ecm.directory.multi.MultiReference.doCollect(MultiReference.java:77)
	at org.nuxeo.ecm.directory.multi.MultiReference.getSourceIdsForTarget(MultiReference.java:90)
	at org.nuxeo.ecm.directory.InverseReference.getTargetIdsForSource(InverseReference.java:146)
	at org.nuxeo.ecm.directory.ldap.LDAPSession.ldapResultToDocumentModel(LDAPSession.java:974)
	... 64 more
Caused by: javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset]; remaining name 'OU=APPL,DC=ad,DC=nuxeo,DC=com'
	at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2003)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1789)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:412)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:394)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:376)
	at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
	at sun.reflect.GeneratedMethodAccessor147.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.nuxeo.ecm.directory.ldap.LdapRetryHandler.invoke(LdapRetryHandler.java:59)
	at com.sun.proxy.$Proxy178.search(Unknown Source)
	at org.nuxeo.ecm.directory.ldap.LDAPSession.getLdapEntry(LDAPSession.java:325)
	at org.nuxeo.ecm.directory.ldap.LDAPReference.getSourceIdsForTarget(LDAPReference.java:504)
	... 69 more
Caused by: java.net.SocketException: Connection reset
	at java.net.SocketInputStream.read(SocketInputStream.java:196)
	at java.net.SocketInputStream.read(SocketInputStream.java:122)
	at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
	at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
	at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
	at com.sun.jndi.ldap.Connection.run(Connection.java:855)

        Attachments

          Issue Links

          depends on

          Improvement - An improvement or enhancement to an existing feature or task. NXP-17325 Make BasicAuthenticator send a 408 HTTP status code in case of LDAP response timeout

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: