Since upgrading Tomcat and Java to the version shown above Geoserver throws CloneNotSupportedException when using Basic Authentication passed in the request header.
The authentication header is added to the request by the web server running Apache HTTPD. It is different for internal and external users.
The response is as follows (including a stacktrace):
<!doctype html><html lang=“en”><head><title>HTTP Status 500 – Internal Server Error</title><style type=“text/css”>body
{font-family:Tahoma,Arial,sans-serif;}
h1, h2, h3, b
color: Color value is invalid
h1
{font-size:22px;}
h2
{font-size:16px;}
h3
{font-size:14px;}
p
{font-size:12px;}
a
color: Color value is invalid
.line
{height:1px;background-color:#525D76;border:none;}
</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class=“line” /><p><b>Type</b> Exception Report</p><p><b>Message</b> java.lang.CloneNotSupportedException</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b></p><pre>java.lang.RuntimeException: java.lang.CloneNotSupportedException
org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.getCacheKey(GeoServerBasicAuthenticationFilter.java:122)
org.geoserver.security.filter.GeoServerSecurityFilter.authenticateFromCache(GeoServerSecurityFilter.java:76)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:47)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.doFilter(GeoServerBasicAuthenticationFilter.java:81)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:70)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:52)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:74)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:142)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:101)
org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:77)
org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:47)
org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:46)
org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
</pre><p><b>Root Cause</b></p><pre>java.lang.CloneNotSupportedException
java.base/java.security.MessageDigest$Delegate.clone(MessageDigest.java:610)
org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.getCacheKey(GeoServerBasicAuthenticationFilter.java:119)
org.geoserver.security.filter.GeoServerSecurityFilter.authenticateFromCache(GeoServerSecurityFilter.java:76)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:47)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.doFilter(GeoServerBasicAuthenticationFilter.java:81)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:70)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:52)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:74)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:142)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:101)
org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:77)
org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:47)
org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:46)
org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
|