[Geoserver-devel] [JIRA] (GEOS-8762) Monitor asynchronous post processing does not play well with security

GeoServer GeoServer Developer
1

Andrea Aime created an issue

GeoServer / BugGEOS-8762

Monitor asynchronous post processing does not play well with security

Issue Type:

BugBug

Assignee:

Unassigned

Components:

Monitoring

Created:

30/May/18 9:24 AM

Priority:

MediumMedium

Reporter:

Andrea Aime

The monitoring plugins does some post processing in a fixed size thread pool.
If the resources involved are secured, the following logs pop up in the logs:

Jussila Ville via aruba.it 
9:08 AM (14 minutes ago)
to Andrea 
2018-05-30 08:07:47,649 WARN [geoserver.monitor] - Post process task failed

org.springframework.security.authentication.InsufficientAuthenticationException: Cannot access johto as anonymous

                             at org.geoserver.security.SecureCatalogImpl.unauthorizedAccess(SecureCatalogImpl.java:933)

                             at org.geoserver.security.SecureCatalogImpl.buildWrapperPolicy(SecureCatalogImpl.java:910)

                             at org.geoserver.security.SecureCatalogImpl.buildWrapperPolicy(SecureCatalogImpl.java:792)

                             at org.geoserver.security.SecureCatalogImpl.checkAccess(SecureCatalogImpl.java:699)

                             at org.geoserver.security.SecureCatalogImpl.checkAccess(SecureCatalogImpl.java:683)

                             at org.geoserver.security.SecureCatalogImpl.getNamespaceByPrefix(SecureCatalogImpl.java:366)

                             at org.geoserver.catalog.impl.AbstractFilteredCatalog.getNamespaceByPrefix(AbstractFilteredCatalog.java:279)

                             at org.geoserver.catalog.impl.AbstractCatalogDecorator.getNamespaceByPrefix(AbstractCatalogDecorator.java:564)

                             at org.geoserver.monitor.LayerNameNormalizer.run(LayerNameNormalizer.java:53)

                             at org.geoserver.monitor.MonitorFilter$PostProcessTask.run(MonitorFilter.java:252)

                             at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

                             at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

                             at java.lang.Thread.run(Unknown Source)

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS

This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100086-sha1:eabe2b7)

Atlassian logo