Hi Christopher - Let's step back and get the simplest scenario working...
We will take your custom service out of the picture and concentrate on hitting webhdfs through Knox. First question, why do you appear to have an identity-assertion provider named 'foo' configured? Have you created a custom identity assertion for some reason? Setting aside the whys of it, let's set that back to the name 'Default'. You will also need to configure Knox as a trusted proxy for HDFS to start. Follow the instructions at: http://knox.apache.org/books/knox-0-7-0/user-guide.html#Related+Cluster+Configuration Also, ensure that the 'guest' user is created on each machine in the cluster and is in the 'users' group. If not, add it to each machine: useradd -g groups guest You then *may* have to add a home directory in HDFS for the guest user. Once we have these baselines covered then we should be able to hit webhdfs through Knox curl -ivku guest:guest-password https://hostname:8443/gateway/default/webhdfs/v1/tmp?op=LISTSTATUS Once we get this usecase working as expected then we can start talking about your custom service. thanks, --larry On Thu, Dec 24, 2015 at 1:24 PM, Christopher Jackson < [email protected]> wrote: > Hey everyone, > > First off, Happy Holidays! > > I have hit a wall trying to figure out this issue with accessing a web > application provided by a custom ambari service through the knox gateway in > a kerberized environment and am looking for some guidance. > > Some Background: > - I have added Kerberos support for my custom service which seems to be > working fine, from a install and runtime standpoint. > - I have added Knox support for my custom service which works fine when > kerberos is disabled. In this scenario I can access the 3 web applications > sitting behind the gateway with no issues. > - I’m using HDP 2.3 (HDP-2.3.4.0-3485) on rhel6, and used the automated > kerberos wizard. I’m using the demo LDAP with its default settings. > > When kerberos and knox are both enabled and I try accessing any of my > resources behind the gateway I get prompted for basic auth which looks like > it succeeds according to the logs, however I then receive a 500 response > and the logs show a NPE error that I haven’t quite figured out the cause > of. Below I have included what I believe to be the appropriate > configuration files and logs to help troubleshoot the issue. The logs > contain the failures I am encountering after trying to access one of my > resources from my custom service behind the gateway using the > username/password combo of guest/guest-password. > > Also note that when I try and access other resources behind the gateway I > am also experiencing issues, for instance I get the following error when > accessing > https://server.example.com:8443/gateway/default/webhdfs/v1/?op=LISTSTATUS: > > {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed > to obtain user group information: > org.apache.hadoop.security.authorize.AuthorizationException: User: knox is > not allowed to impersonate guest"}} > > Is there additional configuration I need to add to the default users-ldif > to get knox and kerberos working harmoniously? > > Contents of: /usr/hdp/current/knox-server/data/services/foo/1.0.0/ > > rewrite.xml > <rules> > <rule dir="IN" name=“FOO/foo-console/root/inbound" > pattern="*://*:*/**/foo/fooconfig/"> > <rewrite template="{$serviceUrl[FOO]}/fooconfig/" /> > </rule> > <rule dir="IN" name=“FOO/foo-console/inbound" > pattern="*://*:*/**/foo/fooconfig/{path=**}?{**}"> > <rewrite template="{$serviceUrl[FOO]}/fooconfig/{path=**}?{**}" /> > </rule> > <rule dir="IN" name=“FOO/foo-services/inbound" > pattern="*://*:*/**/foo/fooservices/{path=**}?{**}"> > <rewrite template="{$serviceUrl[FOO]}/fooservices/{path=**}?{**}" /> > </rule> > <rule dir="IN" name=“FOO/foo-search/root/inbound" > pattern="*://*:*/**/foo/pme/"> > <rewrite template="{$serviceUrl[FOO]}/foosearch/" /> > </rule> > <rule dir="IN" name=“FOO/foo-search/inbound" > pattern="*://*:*/**/foo/foosearch/{path=**}?{**}"> > <rewrite template="{$serviceUrl[FOO]}/foosearch/{path=**}?{**}" /> > </rule> > </rules> > > service.xml > <service role=“FOO" name=“foo" version="1.0.0"> > <policies> > <policy role="webappsec" /> > <policy role="authentication" /> > <policy role="rewrite" /> > <policy role="identity-assertion" name=“foo" /> > <policy role="logout" name=“foo" /> > </policies> > <routes> > <route path=“/foo/fooconfig/" /> > <route path=“/foo/fooconfig/**" /> > <route path="/foo/fooservices/**" /> > <route path="/foo/foosearch/" /> > <route path="/foo/foosearch/**" /> > </routes> > </service> > > I added the following snippets to the default topology: > > (the following as children to gateway element) > <provider> > <role>identity-assertion</role> > <name>foo</name> > <enabled>true</enabled> > </provider> > <provider> > <role>logout</role> > <name>foo</name> > <enabled>true</enabled> > </provider> > > (the following as a child to the topology element) > <service> > <role>FOO</role> > <url>https://server2.example.com:9443</url> > </service> > > Contents of gateway-audit.log > 15/12/24 09:44:49 > ||b514c865-46f7-45f4-a80c-9ff51f841b00|audit|FOO||||access|uri|/gateway/default/foo/fooconfig|unavailable| > 15/12/24 09:44:49 > ||b514c865-46f7-45f4-a80c-9ff51f841b00|audit|FOO||||access|uri|/gateway/default/foo/fooconfig|success|Response > status: 401 > 15/12/24 09:44:55 > ||91ef7cb5-090d-4648-a8a1-18b436d51bcb|audit|FOO||||access|uri|/gateway/default/foo/fooconfig|unavailable| > 15/12/24 09:44:55 > ||91ef7cb5-090d-4648-a8a1-18b436d51bcb|audit|FOO|guest|||authentication|uri|/gateway/default/foo/fooconfig|success| > 15/12/24 09:44:55 > ||91ef7cb5-090d-4648-a8a1-18b436d51bcb|audit|FOO|guest|||authentication|uri|/gateway/default/foo/fooconfig|success|Groups: > [] > 15/12/24 09:44:55 > ||91ef7cb5-090d-4648-a8a1-18b436d51bcb|audit|FOO|guest|||dispatch|uri| > https://server2.example.com:9443/fooconfig/|unavailable| > 15/12/24 09:44:55 > ||91ef7cb5-090d-4648-a8a1-18b436d51bcb|audit|FOO|guest|||access|uri|/gateway/default/foo/fooconfig|failure| > > Contents of gateway.log > 2015-12-24 09:44:55,011 INFO hadoop.gateway > (KnoxLdapRealm.java:getUserDn(556)) - Computed userDn: > uid=guest,ou=people,dc=hadoop,dc=apache,dc=org using dnTemplate for > principal: guest > 2015-12-24 09:44:55,032 ERROR hadoop.gateway > (AbstractGatewayFilter.java:doFilter(69)) - Failed to execute filter: > java.lang.NullPointerException > 2015-12-24 09:44:55,032 ERROR hadoop.gateway > (AbstractGatewayFilter.java:doFilter(66)) - Failed to execute filter: > javax.servlet.ServletException: java.lang.NullPointerException > 2015-12-24 09:44:55,032 ERROR hadoop.gateway > (AbstractGatewayFilter.java:doFilter(66)) - Failed to execute filter: > javax.servlet.ServletException: > org.apache.shiro.subject.ExecutionException: > java.security.PrivilegedActionException: javax.servlet.ServletException: > java.lang.NullPointerException > 2015-12-24 09:44:55,032 ERROR hadoop.gateway > (AbstractGatewayFilter.java:doFilter(66)) - Failed to execute filter: > javax.servlet.ServletException: > org.apache.shiro.subject.ExecutionException: > java.security.PrivilegedActionException: javax.servlet.ServletException: > java.lang.NullPointerException > 2015-12-24 09:44:55,033 ERROR hadoop.gateway > (GatewayFilter.java:doFilter(135)) - Gateway processing failed: > javax.servlet.ServletException: > org.apache.shiro.subject.ExecutionException: > java.security.PrivilegedActionException: javax.servlet.ServletException: > java.lang.NullPointerException > javax.servlet.ServletException: > org.apache.shiro.subject.ExecutionException: > java.security.PrivilegedActionException: javax.servlet.ServletException: > java.lang.NullPointerException > at org.apache.shiro.web.servlet.AdviceFilter.cleanup(AdviceFilter.java:196) > at > org.apache.shiro.web.filter.authc.AuthenticatingFilter.cleanup(AuthenticatingFilter.java:155) > at > org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:148) > at > org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) > at > org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) > at > org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) > at > org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) > at > org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) > at > org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) > at > org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) > at > org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) > at > org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) > at > org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:315) > at > org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:215) > at > org.apache.hadoop.gateway.filter.ResponseCookieFilter.doFilter(ResponseCookieFilter.java:38) > at > org.apache.hadoop.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:61) > at > org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:315) > at > org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:215) > at > org.apache.hadoop.gateway.filter.XForwardedHeaderFilter.doFilter(XForwardedHeaderFilter.java:30) > at > org.apache.hadoop.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:61) > at > org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:315) > at > org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:215) > at org.apache.hadoop.gateway.GatewayFilter.doFilter(GatewayFilter.java:129) > at > org.apache.hadoop.gateway.GatewayServlet.service(GatewayServlet.java:121) > at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684) > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) > at > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557) > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428) > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) > at org.eclipse.jetty.server.Server.handle(Server.java:370) > at > org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494) > at > org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971) > at > org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033) > at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) > at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) > at > org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) > at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196) > at > org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:667) > at > org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) > at > org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) > at java.lang.Thread.run(Thread.java:745) > Caused by: org.apache.shiro.subject.ExecutionException: > java.security.PrivilegedActionException: javax.servlet.ServletException: > java.lang.NullPointerException > at > org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:385) > at > org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(ShiroSubjectIdentityAdapter.java:74) > at > org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:315) > at > org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:215) > at > org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) > at > org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) > at > org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) > ... 46 more > Caused by: java.security.PrivilegedActionException: > javax.servlet.ServletException: java.lang.NullPointerException > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at > org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain.call(ShiroSubjectIdentityAdapter.java:129) > at > org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain.call(ShiroSubjectIdentityAdapter.java:77) > at > org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) > at > org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) > at > org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) > ... 52 more > Caused by: javax.servlet.ServletException: java.lang.NullPointerException > at > org.apache.hadoop.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:70) > at > org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:315) > at > org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:215) > at > com.example.knox.filter.FooLogoutFilter.doFilter(FooLogoutFilter.java:63) > at > org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:315) > at > org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:215) > at > org.apache.hadoop.gateway.filter.security.AbstractIdentityAssertionFilter.doFilterInternal(AbstractIdentityAssertionFilter.java:209) > at > org.apache.hadoop.gateway.filter.security.AbstractIdentityAssertionFilter.continueChainAsPrincipal(AbstractIdentityAssertionFilter.java:157) > at > com.example.knox.filter.FooIdentityAssertionFilter.doFilter(FooIdentityAssertionFilter.java:36) > at > org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:315) > at > org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:215) > at > org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteServletFilter.doFilter(UrlRewriteServletFilter.java:60) > at > org.apache.hadoop.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:61) > at > org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:315) > at > org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:215) > at > org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain$1.run(ShiroSubjectIdentityAdapter.java:93) > at > org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain$1.run(ShiroSubjectIdentityAdapter.java:90) > ... 59 more > Caused by: java.lang.NullPointerException > at > org.apache.hadoop.gateway.dispatch.DefaultDispatch.executeOutboundRequest(DefaultDispatch.java:119) > at > org.apache.hadoop.gateway.dispatch.DefaultDispatch.executeRequest(DefaultDispatch.java:105) > at > org.apache.hadoop.gateway.dispatch.DefaultDispatch.doGet(DefaultDispatch.java:285) > at > org.apache.hadoop.gateway.dispatch.GatewayDispatchFilter$GetAdapter.doMethod(GatewayDispatchFilter.java:130) > at > org.apache.hadoop.gateway.dispatch.GatewayDispatchFilter.doFilter(GatewayDispatchFilter.java:102) > at > org.apache.hadoop.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:61) > ... 75 more > 2015-12-24 09:44:55,037 ERROR hadoop.gateway > (GatewayServlet.java:service(126)) - Gateway processing failed: > javax.servlet.ServletException: > org.apache.shiro.subject.ExecutionException: > java.security.PrivilegedActionException: javax.servlet.ServletException: > java.lang.NullPointerException > javax.servlet.ServletException: > org.apache.shiro.subject.ExecutionException: > java.security.PrivilegedActionException: javax.servlet.ServletException: > java.lang.NullPointerException > at org.apache.shiro.web.servlet.AdviceFilter.cleanup(AdviceFilter.java:196) > at > org.apache.shiro.web.filter.authc.AuthenticatingFilter.cleanup(AuthenticatingFilter.java:155) > at > org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:148) > at > org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) > at > org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) > at > org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) > at > org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) > at > org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) > at > org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) > at > org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) > at > org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) > at > org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) > at > org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:315) > at > org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:215) > at > org.apache.hadoop.gateway.filter.ResponseCookieFilter.doFilter(ResponseCookieFilter.java:38) > at > org.apache.hadoop.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:61) > at > org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:315) > at > org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:215) > at > org.apache.hadoop.gateway.filter.XForwardedHeaderFilter.doFilter(XForwardedHeaderFilter.java:30) > at > org.apache.hadoop.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:61) > at > org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:315) > at > org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:215) > at org.apache.hadoop.gateway.GatewayFilter.doFilter(GatewayFilter.java:129) > at > org.apache.hadoop.gateway.GatewayServlet.service(GatewayServlet.java:121) > at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684) > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) > at > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557) > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428) > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) > at org.eclipse.jetty.server.Server.handle(Server.java:370) > at > org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494) > at > org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971) > at > org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033) > at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) > at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) > at > org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) > at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196) > at > org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:667) > at > org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) > at > org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) > at java.lang.Thread.run(Thread.java:745) > Caused by: org.apache.shiro.subject.ExecutionException: > java.security.PrivilegedActionException: javax.servlet.ServletException: > java.lang.NullPointerException > at > org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:385) > at > org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(ShiroSubjectIdentityAdapter.java:74) > at > org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:315) > at > org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:215) > at > org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) > at > org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) > at > org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) > ... 46 more > Caused by: java.security.PrivilegedActionException: > javax.servlet.ServletException: java.lang.NullPointerException > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at > org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain.call(ShiroSubjectIdentityAdapter.java:129) > at > org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain.call(ShiroSubjectIdentityAdapter.java:77) > at > org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) > at > org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) > at > org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) > ... 52 more > Caused by: javax.servlet.ServletException: java.lang.NullPointerException > at > org.apache.hadoop.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:70) > at > org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:315) > at > org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:215) > at > com.example.knox.filter.FooLogoutFilter.doFilter(FooLogoutFilter.java:63) > at > org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:315) > at > org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:215) > at > org.apache.hadoop.gateway.filter.security.AbstractIdentityAssertionFilter.doFilterInternal(AbstractIdentityAssertionFilter.java:209) > at > org.apache.hadoop.gateway.filter.security.AbstractIdentityAssertionFilter.continueChainAsPrincipal(AbstractIdentityAssertionFilter.java:157) > at > com.example.knox.filter.FooIdentityAssertionFilter.doFilter(FooIdentityAssertionFilter.java:36) > at > org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:315) > at > org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:215) > at > org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteServletFilter.doFilter(UrlRewriteServletFilter.java:60) > at > org.apache.hadoop.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:61) > at > org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:315) > at > org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:215) > at > org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain$1.run(ShiroSubjectIdentityAdapter.java:93) > at > org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain$1.run(ShiroSubjectIdentityAdapter.java:90) > ... 59 more > Caused by: java.lang.NullPointerException > at > org.apache.hadoop.gateway.dispatch.DefaultDispatch.executeOutboundRequest(DefaultDispatch.java:119) > at > org.apache.hadoop.gateway.dispatch.DefaultDispatch.executeRequest(DefaultDispatch.java:105) > at > org.apache.hadoop.gateway.dispatch.DefaultDispatch.doGet(DefaultDispatch.java:285) > at > org.apache.hadoop.gateway.dispatch.GatewayDispatchFilter$GetAdapter.doMethod(GatewayDispatchFilter.java:130) > at > org.apache.hadoop.gateway.dispatch.GatewayDispatchFilter.doFilter(GatewayDispatchFilter.java:102) > at > org.apache.hadoop.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:61) > ... 75 more > > > Regards, > > Christopher Jackson > [email protected] > > >
