[Geoserver-devel] [JIRA] (GEOS-10310) Geoserver throws CloneNotSupportedException when using Basic Authentication

Graham Humphries created an issue

GeoServer / BugGEOS-10310

Geoserver throws CloneNotSupportedException when using Basic Authentication

Issue Type:

BugBug

Affects Versions:

2.19.2, 2.20.0

Assignee:

Unassigned

Components:

Security

Created:

18/Nov/21 10:13 PM

Environment:

Solaris SunOS 5.11, Apache Tomcat/9.0.53 and Java to 11.0.12+7-LTS

Priority:

MediumMedium

Reporter:

Graham Humphries

Since upgrading Tomcat and Java to the version shown above Geoserver throws CloneNotSupportedException when using Basic Authentication passed in the request header.

The authentication header is added to the request by the web server running Apache HTTPD. It is different for internal and external users.
The response is as follows (including a stacktrace):

<!doctype html><html lang=“en”><head><title>HTTP Status 500 – Internal Server Error</title><style type=“text/css”>body

{font-family:Tahoma,Arial,sans-serif;}

h1, h2, h3, b

color: Color value is invalid

h1

{font-size:22px;}

h2

{font-size:16px;}

h3

{font-size:14px;}

p

{font-size:12px;}

a

color: Color value is invalid

.line

{height:1px;background-color:#525D76;border:none;}

</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class=“line” /><p><b>Type</b> Exception Report</p><p><b>Message</b> java.lang.CloneNotSupportedException</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b></p><pre>java.lang.RuntimeException: java.lang.CloneNotSupportedException
org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.getCacheKey(GeoServerBasicAuthenticationFilter.java:122)
org.geoserver.security.filter.GeoServerSecurityFilter.authenticateFromCache(GeoServerSecurityFilter.java:76)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:47)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.doFilter(GeoServerBasicAuthenticationFilter.java:81)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:70)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:52)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:74)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:142)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:101)
org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:77)
org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:47)
org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:46)
org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
</pre><p><b>Root Cause</b></p><pre>java.lang.CloneNotSupportedException
java.base/java.security.MessageDigest$Delegate.clone(MessageDigest.java:610)
org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.getCacheKey(GeoServerBasicAuthenticationFilter.java:119)
org.geoserver.security.filter.GeoServerSecurityFilter.authenticateFromCache(GeoServerSecurityFilter.java:76)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:47)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.doFilter(GeoServerBasicAuthenticationFilter.java:81)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:70)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:52)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:74)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:142)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:101)
org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:77)
org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:47)
org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:46)
org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS


This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100183-sha1:ce6a64b)

Atlassian logo