Dear experts, Could you please shed some light on this topic? We remain at your disposal for any questions if needed.
Best regards Tien Dat PHAN On 2021/03/08 09:09:53, Tien Dat PHAN <[email protected]> wrote: > Dear experts, > > We are using Knox to secure the access to HDFS Webhdfs, using Pac4j provider > to authenticate using our CAS server. > Version information: > - Knox 1.5.0 > - CentOS 7.5 > - JDK 9.0.4 > - HDFS 2.7.3 > > Here is our configuration: > sandbox.xml: > > <gateway> > <provider> > <role>federation</role> > <name>SSOCookieProvider</name> > <enabled>true</enabled> > <param> > <name>sso.authentication.provider.url</name> > <value>https://127.0.0.1:8443/gateway/knoxsso/api/v1/websso</value> > </param> > </provider> > <provider> > <role>identity-assertion</role> > <name>Default</name> > <enabled>true</enabled> > </provider> > </gateway> > > <service> > <role>NAMENODE</role> > <url>hdfs://localhost:8020</url> > </service> > > . > > > knoxsso.xml: > <gateway> > <provider> > <role>federation</role> > <name>pac4j</name> > <enabled>true</enabled> > <param> > <name>pac4j.callbackUrl</name> > <value>https://127.0.0.1:8443/gateway/knoxsso/api/v1/websso</value> > </param> > <param> > <name>pac4j.session.store</name> > <value>J2ESessionStore</value> > </param> > <param> > <name>cas.loginUrl</name> > <value>https://ourCasServer:453/iam/login</value> > </param> > <param> > <name>cas.protocol</name> > <value>CAS20</value> > </param> > <param> > <name>clientName</name> > <value>CasClient</value> > </param> > </provider> > <provider> > <role>identity-assertion</role> > <name>Default</name> > <enabled>true</enabled> > </provider> > </gateway> > > <service> > <role>KNOXSSO</role> > <param> > <name>knoxsso.cookie.secure.only</name> > <value>true</value> > </param> > <param> > <name>knoxsso.token.ttl</name> > <value>100000</value> > </param> > <param> > <name>knoxsso.cookie.name</name> > <value>OurCookie</value> > </param> > <param> > <name>knoxsso.redirect.whitelist.regex</name> > > <value>^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$</value> > </param> > </service> > > When we started to connect to Knox WebSSO, the URL is redirected to our CAS > login page. But after the inputing username and password and clicking the > login button, we received a 500 HTTP status, with this exception thrown in > gateway log. > > 2021-03-05 16:31:15,912 INFO service.knoxsso > (WebSSOResource.java:getCookieValue(381)) - Unable to find cookie with name: > original-url > 2021-03-05 16:31:15,918 ERROR knox.gateway > (AbstractGatewayFilter.java:doFilter(63)) - Failed to execute filter: > java.lang.RuntimeException: javax.servlet.ServletException: > java.lang.NullPointerException > java.lang.RuntimeException: javax.servlet.ServletException: > java.lang.NullPointerException > at > org.pac4j.core.engine.AbstractExceptionAwareLogic.runtimeException(AbstractExceptionAwareLogic.java:63) > at > org.pac4j.core.engine.AbstractExceptionAwareLogic.handleException(AbstractExceptionAwareLogic.java:48) > at > org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:163) > at > org.pac4j.j2e.filter.SecurityFilter.internalFilter(SecurityFilter.java:92) > at > org.pac4j.j2e.filter.AbstractConfigFilter.doFilter(AbstractConfigFilter.java:84) > at > org.apache.knox.gateway.pac4j.filter.Pac4jDispatcherFilter.doFilter(Pac4jDispatcherFilter.java:271) > at > org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:349) > at > org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:263) > at > org.apache.knox.gateway.filter.XForwardedHeaderFilter.doFilter(XForwardedHeaderFilter.java:50) > at > org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:58) > at > org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:349) > at > org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:263) > at > org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:167) > at > org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:92) > at > org.apache.knox.gateway.GatewayServlet.service(GatewayServlet.java:135) > at > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:868) > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623) > at > org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:214) > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) > at > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1711) > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1347) > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480) > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1678) > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1249) > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) > at > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) > at > org.apache.knox.gateway.trace.TraceHandler.handle(TraceHandler.java:51) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) > at > org.apache.knox.gateway.filter.CorrelationHandler.handle(CorrelationHandler.java:41) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) > at > org.apache.knox.gateway.filter.PortMappingHelperHandler.handle(PortMappingHelperHandler.java:150) > at > org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:152) > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) > at org.eclipse.jetty.server.Server.handle(Server.java:505) > at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370) > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267) > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > at > org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:427) > at > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:321) > at > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159) > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) > at > org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) > at > org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:781) > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:917) > at java.lang.Thread.run(Thread.java:748) > Caused by: javax.servlet.ServletException: java.lang.NullPointerException > at > org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:392) > at > org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:381) > at > org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:534) > at > org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:482) > at > org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:419) > at > org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:349) > at > org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:263) > at > org.apache.knox.gateway.identityasserter.common.filter.AbstractIdentityAssertionFilter.doFilterInternal(AbstractIdentityAssertionFilter.java:193) > at > org.apache.knox.gateway.identityasserter.common.filter.AbstractIdentityAssertionFilter.continueChainAsPrincipal(AbstractIdentityAssertionFilter.java:149) > at > org.apache.knox.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter.doFilter(CommonIdentityAssertionFilter.java:94) > at > org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:349) > at > org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:263) > at > org.apache.knox.gateway.pac4j.filter.Pac4jIdentityAdapter$1.run(Pac4jIdentityAdapter.java:129) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at > org.apache.knox.gateway.pac4j.filter.Pac4jIdentityAdapter.doAs(Pac4jIdentityAdapter.java:124) > at > org.apache.knox.gateway.pac4j.filter.Pac4jIdentityAdapter.doFilter(Pac4jIdentityAdapter.java:116) > at > org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:349) > at > org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:263) > at > org.pac4j.j2e.filter.SecurityFilter.lambda$internalFilter$0(SecurityFilter.java:94) > at > org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:140) > ... 57 more > Caused by: java.lang.NullPointerException > at java.lang.StringBuilder.<init>(StringBuilder.java:112) > at > org.apache.knox.gateway.service.knoxsso.WebSSOResource.getOriginalUrlFromQueryParams(WebSSOResource.java:290) > at > org.apache.knox.gateway.service.knoxsso.WebSSOResource.getAuthenticationToken(WebSSOResource.java:204) > at > org.apache.knox.gateway.service.knoxsso.WebSSOResource.doGet(WebSSOResource.java:186) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) > at > org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:151) > at > org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:171) > at > org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:152) > at > org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:104) > at > org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:406) > at > org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:350) > at > org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:106) > at > org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:259) > at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) > at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) > at org.glassfish.jersey.internal.Errors.process(Errors.java:315) > at org.glassfish.jersey.internal.Errors.process(Errors.java:297) > at org.glassfish.jersey.internal.Errors.process(Errors.java:267) > at > org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:319) > at > org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:236) > at > org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1028) > at > org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:373) > ... 77 more > > Have any of you seen such exception when running Apache Knox? Could you > please let us know what could be the reason? > > Best regards > Tien Dat PHAN >
