Comments (4)
cwperks
commented on June 26, 2024
1
@scrawfor99 @RyanL1997 @peternied I filed an issue to capture the errors we are seeing in the integration tests for 2.x
from security-dashboards-plugin.
cwperks
commented on June 26, 2024
Full error:
io.jsonwebtoken.lang.InstantiationException: Unable to instantiate class [io.jsonwebtoken.impl.DefaultJwtParser]
at io.jsonwebtoken.lang.Classes.newInstance(Classes.java:159) ~[jjwt-api-0.11.5.jar:0.11.5]
at io.jsonwebtoken.lang.Classes.newInstance(Classes.java:137) ~[jjwt-api-0.11.5.jar:0.11.5]
at io.jsonwebtoken.Jwts.parser(Jwts.java:124) ~[jjwt-api-0.11.5.jar:0.11.5]
at com.amazon.dlic.auth.http.jwt.HTTPJwtAuthenticator.<init>(HTTPJwtAuthenticator.java:96) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:67) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:484) ~[?:?]
at org.opensearch.security.support.ReflectionHelper.instantiateAAA(ReflectionHelper.java:62) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.securityconf.DynamicConfigModelV7.newInstance(DynamicConfigModelV7.java:406) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.securityconf.DynamicConfigModelV7.buildAAA(DynamicConfigModelV7.java:310) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.securityconf.DynamicConfigModelV7.<init>(DynamicConfigModelV7.java:87) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.securityconf.DynamicConfigFactory.onChange(DynamicConfigFactory.java:283) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.configuration.ConfigurationRepository.notifyAboutChanges(ConfigurationRepository.java:406) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration0(ConfigurationRepository.java:395) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration(ConfigurationRepository.java:379) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.configuration.ConfigurationRepository.lambda$new$0(ConfigurationRepository.java:221) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at java.lang.Thread.run(Thread.java:1589) [?:?]
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) ~[?:?]
at java.security.AccessController.checkPermission(AccessController.java:1068) ~[?:?]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:411) ~[?:?]
at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:2070) ~[?:?]
at java.lang.Thread.getContextClassLoader(Thread.java:2420) ~[?:?]
at io.jsonwebtoken.impl.lang.Services$1.getClassLoader(Services.java:37) ~[jjwt-impl-0.11.5.jar:0.11.5]
at io.jsonwebtoken.impl.lang.Services.loadAll(Services.java:68) ~[jjwt-impl-0.11.5.jar:0.11.5]
at io.jsonwebtoken.impl.compression.DefaultCompressionCodecResolver.<init>(DefaultCompressionCodecResolver.java:57) ~[jjwt-impl-0.11.5.jar:0.11.5]
at io.jsonwebtoken.impl.DefaultJwtParser.<init>(DefaultJwtParser.java:51) ~[jjwt-impl-0.11.5.jar:0.11.5]
at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:67) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.ReflectAccess.newInstance(ReflectAccess.java:128) ~[?:?]
at jdk.internal.reflect.ReflectionFactory.newInstance(ReflectionFactory.java:306) ~[?:?]
at java.lang.Class.newInstance(Class.java:684) ~[?:?]
at io.jsonwebtoken.lang.Classes.newInstance(Classes.java:157) ~[jjwt-api-0.11.5.jar:0.11.5]
... 16 more
[2023-08-16T12:07:23,908][WARN ][o.o.s.s.ReflectionHelper ] [smoketestnode] Unable to enable 'com.amazon.dlic.auth.http.jwt.HTTPJwtAuthenticator' due to java.lang.reflect.InvocationTargetException
[2023-08-16T12:07:23,912][ERROR][o.o.s.s.DynamicConfigModelV7] [smoketestnode] Unable to initialize auth domain jwt_auth_domain=AuthcDomain [http_enabled=true, transport_enabled=false, order=5, http_authenticator=HttpAuthenticator [challenge=true, type=jwt, config={signing_key=VGhpcyBpcyBhIHZlcnkgc2VjdXJlIHNlY3JldC4gTm8gb25lIHdpbGwgZXZlciBiZSBhYmxlIHRvIGd1ZXNzIGl0IQ==, jwt_header=Authorization, jwt_url_parameter=token, roles_key=roles, subject_key=sub}], authentication_backend=AuthcBackend [type=noop, config={}], description=Authenticate via Json Web Token] due to OpenSearchException[java.lang.reflect.InvocationTargetException]; nested: InvocationTargetException; nested: RuntimeException[io.jsonwebtoken.lang.InstantiationException: Unable to instantiate class [io.jsonwebtoken.impl.DefaultJwtParser]]; nested: InstantiationException[Unable to instantiate class [io.jsonwebtoken.impl.DefaultJwtParser]]; nested: AccessControlException[access denied ("java.lang.RuntimePermission" "getClassLoader")];
org.opensearch.OpenSearchException: java.lang.reflect.InvocationTargetException
at org.opensearch.security.support.ReflectionHelper.instantiateAAA(ReflectionHelper.java:73) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.securityconf.DynamicConfigModelV7.newInstance(DynamicConfigModelV7.java:406) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.securityconf.DynamicConfigModelV7.buildAAA(DynamicConfigModelV7.java:310) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.securityconf.DynamicConfigModelV7.<init>(DynamicConfigModelV7.java:87) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.securityconf.DynamicConfigFactory.onChange(DynamicConfigFactory.java:283) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.configuration.ConfigurationRepository.notifyAboutChanges(ConfigurationRepository.java:406) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration0(ConfigurationRepository.java:395) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration(ConfigurationRepository.java:379) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.configuration.ConfigurationRepository.lambda$new$0(ConfigurationRepository.java:221) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at java.lang.Thread.run(Thread.java:1589) [?:?]
Caused by: java.lang.reflect.InvocationTargetException
at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:79) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:484) ~[?:?]
at org.opensearch.security.support.ReflectionHelper.instantiateAAA(ReflectionHelper.java:62) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
... 9 more
Caused by: java.lang.RuntimeException: io.jsonwebtoken.lang.InstantiationException: Unable to instantiate class [io.jsonwebtoken.impl.DefaultJwtParser]
at com.amazon.dlic.auth.http.jwt.HTTPJwtAuthenticator.<init>(HTTPJwtAuthenticator.java:102) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:67) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:484) ~[?:?]
at org.opensearch.security.support.ReflectionHelper.instantiateAAA(ReflectionHelper.java:62) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
... 9 more
Caused by: io.jsonwebtoken.lang.InstantiationException: Unable to instantiate class [io.jsonwebtoken.impl.DefaultJwtParser]
at io.jsonwebtoken.lang.Classes.newInstance(Classes.java:159) ~[jjwt-api-0.11.5.jar:0.11.5]
at io.jsonwebtoken.lang.Classes.newInstance(Classes.java:137) ~[jjwt-api-0.11.5.jar:0.11.5]
at io.jsonwebtoken.Jwts.parser(Jwts.java:124) ~[jjwt-api-0.11.5.jar:0.11.5]
at com.amazon.dlic.auth.http.jwt.HTTPJwtAuthenticator.<init>(HTTPJwtAuthenticator.java:96) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:67) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:484) ~[?:?]
at org.opensearch.security.support.ReflectionHelper.instantiateAAA(ReflectionHelper.java:62) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
... 9 more
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) ~[?:?]
at java.security.AccessController.checkPermission(AccessController.java:1068) ~[?:?]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:411) ~[?:?]
at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:2070) ~[?:?]
at java.lang.Thread.getContextClassLoader(Thread.java:2420) ~[?:?]
at io.jsonwebtoken.impl.lang.Services$1.getClassLoader(Services.java:37) ~[jjwt-impl-0.11.5.jar:0.11.5]
at io.jsonwebtoken.impl.lang.Services.loadAll(Services.java:68) ~[jjwt-impl-0.11.5.jar:0.11.5]
at io.jsonwebtoken.impl.compression.DefaultCompressionCodecResolver.<init>(DefaultCompressionCodecResolver.java:57) ~[jjwt-impl-0.11.5.jar:0.11.5]
at io.jsonwebtoken.impl.DefaultJwtParser.<init>(DefaultJwtParser.java:51) ~[jjwt-impl-0.11.5.jar:0.11.5]
at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:67) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.ReflectAccess.newInstance(ReflectAccess.java:128) ~[?:?]
at jdk.internal.reflect.ReflectionFactory.newInstance(ReflectionFactory.java:306) ~[?:?]
at java.lang.Class.newInstance(Class.java:684) ~[?:?]
at io.jsonwebtoken.lang.Classes.newInstance(Classes.java:157) ~[jjwt-api-0.11.5.jar:0.11.5]
at io.jsonwebtoken.lang.Classes.newInstance(Classes.java:137) ~[jjwt-api-0.11.5.jar:0.11.5]
at io.jsonwebtoken.Jwts.parser(Jwts.java:124) ~[jjwt-api-0.11.5.jar:0.11.5]
at com.amazon.dlic.auth.http.jwt.HTTPJwtAuthenticator.<init>(HTTPJwtAuthenticator.java:96) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:67) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:484) ~[?:?]
at org.opensearch.security.support.ReflectionHelper.instantiateAAA(ReflectionHelper.java:62) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
... 9 more
from security-dashboards-plugin.
scrawfor99
commented on June 26, 2024
[Triage] Thank you for filing this issue @cwperks. Leaving this without the triaged label since this requires further action to determine what the desired outcome should be.
from security-dashboards-plugin.
cwperks
commented on June 26, 2024
Closing this issue as it is now solved. The fix was targeted to 2.x and not necessary in main because all HTTP Authenticators are instantiated in a privileged block in main. See details here: opensearch-project/security#3213 (comment)
from security-dashboards-plugin.
Related Issues (20)
- Add template for compatibility with new versions
- [BUG] Impossible to add customized permission group to a role HOT 2
- [Flaky CI] Intermittent failures with Cypress HOT 3
- [AUTOCUT] Integration Test failed for securityDashboards: 3.0.0 tar distribution HOT 8
- [AUTOCUT] Integration Test failed for securityDashboards: 2.11.0 tar distribution HOT 3
- [Campaign] Ensure Github workflow runs on docker image used by Production Distribution Build HOT 8
- [RELEASE] Release version 2.12.0 HOT 1
- [BUG] Integration Test Failures after OpenSearch node reaches high watermark HOT 3
- [CI] Re-enable Cypress workflow run HOT 2
- [BUG] 2.11 Deleting log type fails HOT 3
- Improve stability and speed of the integration tests running on the Windows runner
- [BUG] Dashboards permalink and iframe losses url param JWT on internal API calls HOT 14
- Stabilize CI for dashboards repo HOT 4
- [BUG] 1.3.12 Short URL raises 400 error during SAML login HOT 4
- [FEATURE] Add UI support to add existing roles while creating a user HOT 1
- [BUG] Opensearch logout trggier by wrong api call in devtool console from Firefox HOT 1
- [BUG] Security cookie could be too large when using JWT auth type HOT 5
- `Global` showing in user dropdown when multi-tenancy is disabled HOT 4
- [Action Required] Ensure 2.11 branch readiness for 2.11.1 release HOT 2
- [AUTOCUT] Integration Test failed for securityDashboards: 3.0.0 tar distribution HOT 169
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-dashboards-plugin.