Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-23878

Fix direct links to binaries in case of shibboleth

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 7.10-HF34
    • Fix Version/s: 7.10-HF35
    • Component/s: Shibboleth
    • Release Notes Summary:
      Direct file download works with Shibboleth authentication
    • Tags:

      Description

      Follow-up of NXP-23311

      Following a direct link to a binary, such as https://sp.shibboleth.com/nuxeo/nxfile/default/188cfdb9-0277-4d7b-bb9c-cc641a5547aa/blobholder:0/Document%20Microsoft%20Word.docx leads to an error in the requesting browser and the following exception in the log:

      2017-12-07 11:21:18,978 ERROR [http-bio-0.0.0.0-8080-exec-8] [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/nuxeo].[Nuxeo Downloader]] Servlet.service() for servlet [Nuxeo Downloader] in context with path [/nuxeo] threw exception [java.lang.IllegalStateException: No active session context] with root cause
      java.lang.IllegalStateException: No active session context
      	at org.jboss.seam.web.Session.instance(Session.java:111)
      	at org.nuxeo.ecm.platform.shibboleth.auth.exceptionhandling.ShibbolethSecurityExceptionHandler.handleAnonymousException(ShibbolethSecurityExceptionHandler.java:60)
      	at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoSecurityExceptionHandler.handleException(NuxeoSecurityExceptionHandler.java:69)
      	at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.handleException(NuxeoExceptionFilter.java:69)
      	at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.doFilter(NuxeoExceptionFilter.java:78)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      	at org.nuxeo.ecm.platform.web.common.encoding.NuxeoEncodingFilter.doFilter(NuxeoEncodingFilter.java:73)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
      	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)
      	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)
      	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
      	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      	at java.lang.Thread.run(Thread.java:748)
      

      The problem arises only if you are not authenticated before requesting a direct link to a binary attached to a document that requires authentication.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 45 minutes
                  45m

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.