Issue with Auth Key authentication Plugin in geoserver 2.26

I’m trying to implement Auth key authentication plugin in geoserver 2.26. I have deployed geoserver.war in weblogic container.

The steps I followed are:

Added the authkey plugin jar in LIB folder. Auth Key Plugin is visible in Geoserver modules GUI. Created the authkey filter.
Issue: When I am clicking on Geoserver -->Security—> Authentication icon It will throw error …(error screenshot attached)

Kindly help me with this.

Akshay Gore

That is great, nobody has tested in a web logic container for … quite some time! (We used to have manual instructions on the old wiki for web logic).

If you check the logs should be able to see some “caused by” details which indicate where the problem occurred.

Just to double check what folder exactly is LIB folder?

The tomcat instructions rely on webapps/geoserver/WEB-INF/lib because tomcat unzips the geoserver.war when deployed.

Not all application servers work that way - if I remember WebLogic had user interface screens to manage war deployment? You may also consider unzip geoserver.war, add the extension, re-zip geoserver.war and deploy.

Hi Jive,

Thanks for the reply.

I am using weblogic 14 with Java 11.

I have extracted geoserver 2.26 war and then I have updated geoserver data directory path in web.xml.

I am deploying that folder inside weblogic.

Lib folder is inside weblogic directory/geoserver/WEB-INF/lib

Weblogic can deploy geoserver.war unzip folder.

If I deploy geoserver without authkey extension, it will work fine.

Only issue occurs when we deploy auth key plugin and then try to configure it.

Hi @AkshayGore

The challenge with the security integration is that it can be quite a challenge for anyone without access to a similar environment to test and/or understand the challenge.

Can I ask you to try the geoserver binary installation with the authkey extension to installed so we can understand if the extension functions at all (or if it just has problems with the WebLogic environment).

Other than that we sill need more information from the log or stack trace to understand where it failed (screen snap is not so useful - as we want the initial “caused by” problem).

Hi Jive,
I have installed geoserver binary with authkey and its working fine.

Can we connect ? I will share logs and geoserver env configuration.

Logs:
org.apache.wicket.WicketRuntimeException: Can’t instantiate page using constructor ‘public org.geoserver.security.web.auth.AuthenticationPage()’. An exception has been thrown during construction!
at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:194)
at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:67)
at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:103)
at org.apache.wicket.DefaultMapperContext.newPageInstance(DefaultMapperContext.java:106)
at org.apache.wicket.core.request.handler.PageProvider.resolvePageInstance(PageProvider.java:271)
at org.apache.wicket.core.request.handler.PageProvider.getPageInstance(PageProvider.java:169)
at org.apache.wicket.request.handler.render.PageRenderer.getPage(PageRenderer.java:78)
at org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:231)
at org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)
at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:895)
at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:265)
at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:222)
at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293)
at org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261)
at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203)
at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:137)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
at org.springframework.web.servlet.mvc.ServletWrappingController.handleRequestInternal(ServletWrappingController.java:166)
at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:177)
at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:51)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1072)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:965)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:645)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:295)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:260)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:137)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:353)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:82)
at org.geoserver.filters.ThreadLocalsCleanupFilter.doFilter(ThreadLocalsCleanupFilter.java:28)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:82)
at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:73)
at org.geoserver.ows.HTTPHeadersCollector.doFilter(HTTPHeadersCollector.java:48)
at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:70)
at org.geoserver.filters.HTTPMethodFilter.doFilter(HTTPMethodFilter.java:36)
at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:70)
at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:190)
at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:70)
at org.geoserver.filters.SpringDelegatingFilter.doFilter(SpringDelegatingFilter.java:43)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:82)
at org.geoserver.platform.AdvancedDispatchFilter.doFilter(AdvancedDispatchFilter.java:39)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:82)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:352)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:71)
at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:100)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:75)
at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:71)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:75)
at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.geoserver.security.filter.GeoServerAnonymousAuthenticationFilter.doFilter(GeoServerAnonymousAuthenticationFilter.java:53)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:71)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:75)
at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
at org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter.doFilter(GeoServerUserNamePasswordAuthenticationFilter.java:122)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:71)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:110)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:101)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:75)
at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:71)
at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilterInternal(GeoServerSecurityContextPersistenceFilter.java:74)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:75)
at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190)
at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:141)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:82)
at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:116)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:82)
at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:48)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:82)
at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:49)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:82)
at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:82)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:82)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:32)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:82)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3869)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3832)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:344)
at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197)
at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)
at weblogic.servlet.internal.WebAppServletContext.processSecuredExecute(WebAppServletContext.java:2505)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2354)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2329)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2307)
at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1798)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1752)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:272)
at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352)
at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337)
at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57)
at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:651)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:420)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:360)
Caused by: java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:175)
… 119 more
Caused by: org.apache.commons.lang.SerializationException: java.lang.ClassNotFoundException: org.geoserver.security.AuthenticationKeyFilterConfig
at org.apache.commons.lang.SerializationUtils.deserialize(SerializationUtils.java:166)
at org.apache.commons.lang.SerializationUtils.deserialize(SerializationUtils.java:193)
at org.apache.commons.lang.SerializationUtils.clone(SerializationUtils.java:81)
at org.geoserver.security.AuthenticationKeyFilterConfig.clone(AuthenticationKeyFilterConfig.java:99)
at org.geoserver.security.GeoServerSecurityManager.loadConfigFile(GeoServerSecurityManager.java:2734)
at org.geoserver.security.GeoServerSecurityManager.loadConfigFile(GeoServerSecurityManager.java:2745)
at org.geoserver.security.GeoServerSecurityManager$HelperBase.loadConfig(GeoServerSecurityManager.java:2789)
at org.geoserver.security.GeoServerSecurityManager$HelperBase.loadConfig(GeoServerSecurityManager.java:2795)
at org.geoserver.security.GeoServerSecurityManager.loadFilterConfig(GeoServerSecurityManager.java:1451)
at org.geoserver.security.GeoServerSecurityManager.listFilters(GeoServerSecurityManager.java:1405)
at org.geoserver.security.web.auth.AuthenticationFiltersProvider.getItems(AuthenticationFiltersProvider.java:23)
at org.geoserver.web.wicket.GeoServerDataProvider.getFilteredItems(GeoServerDataProvider.java:219)
at org.geoserver.web.wicket.GeoServerDataProvider.size(GeoServerDataProvider.java:237)
at org.geoserver.web.wicket.GeoServerTablePanel$PagerDelegate.updateMatched(GeoServerTablePanel.java:662)
at org.geoserver.web.wicket.GeoServerTablePanel$PagerDelegate.(GeoServerTablePanel.java:657)
at org.geoserver.web.wicket.GeoServerTablePanel.(GeoServerTablePanel.java:236)
at org.geoserver.security.web.SecurityNamedServicesPanel$SecurityNamedServiceTablePanel.(SecurityNamedServicesPanel.java:176)
at org.geoserver.security.web.SecurityNamedServicesPanel$2.(SecurityNamedServicesPanel.java:71)
at org.geoserver.security.web.SecurityNamedServicesPanel.(SecurityNamedServicesPanel.java:69)
at org.geoserver.security.web.auth.AuthenticationFiltersPanel.(AuthenticationFiltersPanel.java:19)
at org.geoserver.security.web.auth.AuthenticationPage.initComponents(AuthenticationPage.java:197)
at org.geoserver.security.web.auth.AuthenticationPage.(AuthenticationPage.java:80)
… 124 more
Caused by: java.lang.ClassNotFoundException: org.geoserver.security.AuthenticationKeyFilterConfig
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
at java.base/java.lang.Class.forName0(Native Method)
at java.base/java.lang.Class.forName(Class.java:398)
at java.base/java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:763)
at java.base/java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:2025)
at java.base/java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1892)
at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2223)
at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1709)
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:500)
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:458)
at org.apache.commons.lang.SerializationUtils.deserialize(SerializationUtils.java:163)

That is an interesting result; so you do have a limitation that is specific to web logic environment.

Caused by: java.lang.ClassNotFoundException: org.geoserver.security.AuthenticationKeyFilterConfig
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
at java.base/java.lang.Class.forName0(Native Method)
at java.base/java.lang.Class.forName(Class.java:398)
at java.base/java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:763)
at java.base/java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:2025)
at java.base/java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1892)
at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2223)
at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1709)
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:500)
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:458)
at org.apache.commons.lang.SerializationUtils.deserialize(SerializationUtils.java:163)

My next step as a developer would be to try and compare the class loader configuration in WebLogic to the class loader configuration that works in the GeoSever binary.

WebLogic is supposed to load each web application in its own sandboxed class loader; and something must be going strange with that.

Doing a search for the things going wrong above “serialization” “Weblogic” “wicket” gives several possibilities:

Thethis one for example talks about having the same jar from the app and from weblogic and produces a similar problem. It looks like there may be some weblogic.xml file and recommends Weblogic specific tools to troubleshoot.

Do you think Weblogic makes use of Auth Key authentication as well?

aside: If you wish to reach me directly please contact via geocat.net. My employer is one of the core GeoServer service providers and tend to focus on product rather than consulting work.