[NXP-23878] Fix direct links to binaries in case of shibboleth - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.10-HF34
Fix Version/s: 7.10-HF35
Component/s: Shibboleth

Release Notes Summary:
Direct file download works with Shibboleth authentication
Tags:
- SupCom

Description

Following a direct link to a binary, such as https://sp.shibboleth.com/nuxeo/nxfile/default/188cfdb9-0277-4d7b-bb9c-cc641a5547aa/blobholder:0/Document%20Microsoft%20Word.docx leads to an error in the requesting browser and the following exception in the log:

2017-12-07 11:21:18,978 ERROR [http-bio-0.0.0.0-8080-exec-8] [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/nuxeo].[Nuxeo Downloader]] Servlet.service() for servlet [Nuxeo Downloader] in context with path [/nuxeo] threw exception [java.lang.IllegalStateException: No active session context] with root cause
java.lang.IllegalStateException: No active session context
	at org.jboss.seam.web.Session.instance(Session.java:111)
	at org.nuxeo.ecm.platform.shibboleth.auth.exceptionhandling.ShibbolethSecurityExceptionHandler.handleAnonymousException(ShibbolethSecurityExceptionHandler.java:60)
	at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoSecurityExceptionHandler.handleException(NuxeoSecurityExceptionHandler.java:69)
	at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.handleException(NuxeoExceptionFilter.java:69)
	at org.nuxeo.ecm.platform.web.common.exceptionhandling.NuxeoExceptionFilter.doFilter(NuxeoExceptionFilter.java:78)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.nuxeo.ecm.platform.web.common.encoding.NuxeoEncodingFilter.doFilter(NuxeoEncodingFilter.java:73)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)

The problem arises only if you are not authenticated before requesting a direct link to a binary attached to a document that requires authentication.

Attachments

Issue Links

depends on

NXP-23311 Fix login in anonymous configuration with Shibboleth broken by NXP-22326

Resolved

Activity

People

Assignee:

Thierry Martins

Reporter:

Patrick Abgrall

Participants:

Jenkins, Patrick Abgrall, Thierry Martins

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2017-12-07 11:38

Updated:

2017-12-14 08:23

Resolved:

2017-12-13 10:14

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

45m