Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-16163

[LDAP Authentication] On setting ldapsVerifyCertificate=false with useLdaps disabled, exception is thrown and user is not able to login

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 6.2.0, 5.1.2
    • Fix Version/s: 6.2.0
    • Component/s: CDAP
    • Labels:
      None
    • Rank:
      1|i00syf:

      Description

      Expectations:
      ldapsVerifyCertificate should not be checked if useLdaps=false and user should be able to login

       

      Error trace:

      2019-12-06 14:18:09,714 - DEBUG [leader-election-leader:c.c.c.s.a.DistributedKeyManager$1@111] - Transitioned to follower2019-12-06 14:18:26,977 - DEBUG [qtp287451432-34:c.c.c.s.s.JAASLoginService@226] -javax.security.auth.login.LoginException: java.lang.IllegalStateException: Unable to establish root context at org.eclipse.jetty.plus.jaas.spi.LdapLoginModule.initialize(LdapLoginModule.java:577) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:736) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:587) at co.cask.cdap.security.server.JAASLoginService.login(JAASLoginService.java:216) at org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:47) at org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:90) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:492) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1088) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:370) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494) at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) at java.lang.Thread.run(Thread.java:748)Caused by: javax.naming.CommunicationException: simple bind failed: lab.openldap.com:389 [Root exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake] at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2791) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.InitialContext.<init>(InitialContext.java:216) at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) at org.eclipse.jetty.plus.jaas.spi.LdapLoginModule.initialize(LdapLoginModule.java:573) ... 34 moreCaused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:994) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:931) at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) at java.io.BufferedInputStream.fill(BufferedInputStream.java:246) at java.io.BufferedInputStream.read1(BufferedInputStream.java:286) at java.io.BufferedInputStream.read(BufferedInputStream.java:345) at com.sun.jndi.ldap.Connection.run(Connection.java:877) ... 1 moreCaused by: java.io.EOFException: SSL peer shut down incorrectly at sun.security.ssl.InputRecord.read(InputRecord.java:505) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975) ... 8 more
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856) ~[na:1.8.0_212] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) ~[na:1.8.0_212] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) ~[na:1.8.0_212] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) ~[na:1.8.0_212] at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_212] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) ~[na:1.8.0_212] at javax.security.auth.login.LoginContext.login(LoginContext.java:587) ~[na:1.8.0_212] at co.cask.cdap.security.server.JAASLoginService.login(JAASLoginService.java:216) ~[co.cask.cdap.cdap-security-5.1.2044.jar:na] at org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:47) [org.eclipse.jetty.jetty-security-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:90) [org.eclipse.jetty.jetty-security-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:492) [org.eclipse.jetty.jetty-security-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1088) [org.eclipse.jetty.jetty-server-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:429) [org.eclipse.jetty.jetty-servlet-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) [org.eclipse.jetty.jetty-server-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) [org.eclipse.jetty.jetty-server-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154) [org.eclipse.jetty.jetty-server-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [org.eclipse.jetty.jetty-server-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.server.Server.handle(Server.java:370) [org.eclipse.jetty.jetty-server-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494) [org.eclipse.jetty.jetty-server-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971) [org.eclipse.jetty.jetty-server-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033) [org.eclipse.jetty.jetty-server-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) [org.eclipse.jetty.jetty-http-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) [org.eclipse.jetty.jetty-http-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) [org.eclipse.jetty.jetty-server-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196) [org.eclipse.jetty.jetty-io-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696) [org.eclipse.jetty.jetty-io-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53) [org.eclipse.jetty.jetty-io-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) [org.eclipse.jetty.jetty-util-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) [org.eclipse.jetty.jetty-util-8.1.15.v20140411.jar:8.1.15.v20140411] at java.lang.Thread.run(Thread.java:748) [na:1.8.0_212]
      

        Attachments

          Activity

            People

            • Assignee:
              sb Shekhar Bansal
              Reporter:
              sb Shekhar Bansal
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: