Comments (4)
@scrawfor99 @RyanL1997 @peternied I filed an issue to capture the errors we are seeing in the integration tests for 2.x
from security-dashboards-plugin.
Full error:
io.jsonwebtoken.lang.InstantiationException: Unable to instantiate class [io.jsonwebtoken.impl.DefaultJwtParser]
at io.jsonwebtoken.lang.Classes.newInstance(Classes.java:159) ~[jjwt-api-0.11.5.jar:0.11.5]
at io.jsonwebtoken.lang.Classes.newInstance(Classes.java:137) ~[jjwt-api-0.11.5.jar:0.11.5]
at io.jsonwebtoken.Jwts.parser(Jwts.java:124) ~[jjwt-api-0.11.5.jar:0.11.5]
at com.amazon.dlic.auth.http.jwt.HTTPJwtAuthenticator.<init>(HTTPJwtAuthenticator.java:96) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:67) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:484) ~[?:?]
at org.opensearch.security.support.ReflectionHelper.instantiateAAA(ReflectionHelper.java:62) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.securityconf.DynamicConfigModelV7.newInstance(DynamicConfigModelV7.java:406) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.securityconf.DynamicConfigModelV7.buildAAA(DynamicConfigModelV7.java:310) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.securityconf.DynamicConfigModelV7.<init>(DynamicConfigModelV7.java:87) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.securityconf.DynamicConfigFactory.onChange(DynamicConfigFactory.java:283) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.configuration.ConfigurationRepository.notifyAboutChanges(ConfigurationRepository.java:406) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration0(ConfigurationRepository.java:395) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration(ConfigurationRepository.java:379) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.configuration.ConfigurationRepository.lambda$new$0(ConfigurationRepository.java:221) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at java.lang.Thread.run(Thread.java:1589) [?:?]
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) ~[?:?]
at java.security.AccessController.checkPermission(AccessController.java:1068) ~[?:?]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:411) ~[?:?]
at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:2070) ~[?:?]
at java.lang.Thread.getContextClassLoader(Thread.java:2420) ~[?:?]
at io.jsonwebtoken.impl.lang.Services$1.getClassLoader(Services.java:37) ~[jjwt-impl-0.11.5.jar:0.11.5]
at io.jsonwebtoken.impl.lang.Services.loadAll(Services.java:68) ~[jjwt-impl-0.11.5.jar:0.11.5]
at io.jsonwebtoken.impl.compression.DefaultCompressionCodecResolver.<init>(DefaultCompressionCodecResolver.java:57) ~[jjwt-impl-0.11.5.jar:0.11.5]
at io.jsonwebtoken.impl.DefaultJwtParser.<init>(DefaultJwtParser.java:51) ~[jjwt-impl-0.11.5.jar:0.11.5]
at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:67) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.ReflectAccess.newInstance(ReflectAccess.java:128) ~[?:?]
at jdk.internal.reflect.ReflectionFactory.newInstance(ReflectionFactory.java:306) ~[?:?]
at java.lang.Class.newInstance(Class.java:684) ~[?:?]
at io.jsonwebtoken.lang.Classes.newInstance(Classes.java:157) ~[jjwt-api-0.11.5.jar:0.11.5]
... 16 more
[2023-08-16T12:07:23,908][WARN ][o.o.s.s.ReflectionHelper ] [smoketestnode] Unable to enable 'com.amazon.dlic.auth.http.jwt.HTTPJwtAuthenticator' due to java.lang.reflect.InvocationTargetException
[2023-08-16T12:07:23,912][ERROR][o.o.s.s.DynamicConfigModelV7] [smoketestnode] Unable to initialize auth domain jwt_auth_domain=AuthcDomain [http_enabled=true, transport_enabled=false, order=5, http_authenticator=HttpAuthenticator [challenge=true, type=jwt, config={signing_key=VGhpcyBpcyBhIHZlcnkgc2VjdXJlIHNlY3JldC4gTm8gb25lIHdpbGwgZXZlciBiZSBhYmxlIHRvIGd1ZXNzIGl0IQ==, jwt_header=Authorization, jwt_url_parameter=token, roles_key=roles, subject_key=sub}], authentication_backend=AuthcBackend [type=noop, config={}], description=Authenticate via Json Web Token] due to OpenSearchException[java.lang.reflect.InvocationTargetException]; nested: InvocationTargetException; nested: RuntimeException[io.jsonwebtoken.lang.InstantiationException: Unable to instantiate class [io.jsonwebtoken.impl.DefaultJwtParser]]; nested: InstantiationException[Unable to instantiate class [io.jsonwebtoken.impl.DefaultJwtParser]]; nested: AccessControlException[access denied ("java.lang.RuntimePermission" "getClassLoader")];
org.opensearch.OpenSearchException: java.lang.reflect.InvocationTargetException
at org.opensearch.security.support.ReflectionHelper.instantiateAAA(ReflectionHelper.java:73) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.securityconf.DynamicConfigModelV7.newInstance(DynamicConfigModelV7.java:406) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.securityconf.DynamicConfigModelV7.buildAAA(DynamicConfigModelV7.java:310) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.securityconf.DynamicConfigModelV7.<init>(DynamicConfigModelV7.java:87) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.securityconf.DynamicConfigFactory.onChange(DynamicConfigFactory.java:283) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.configuration.ConfigurationRepository.notifyAboutChanges(ConfigurationRepository.java:406) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration0(ConfigurationRepository.java:395) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration(ConfigurationRepository.java:379) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at org.opensearch.security.configuration.ConfigurationRepository.lambda$new$0(ConfigurationRepository.java:221) [opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at java.lang.Thread.run(Thread.java:1589) [?:?]
Caused by: java.lang.reflect.InvocationTargetException
at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:79) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:484) ~[?:?]
at org.opensearch.security.support.ReflectionHelper.instantiateAAA(ReflectionHelper.java:62) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
... 9 more
Caused by: java.lang.RuntimeException: io.jsonwebtoken.lang.InstantiationException: Unable to instantiate class [io.jsonwebtoken.impl.DefaultJwtParser]
at com.amazon.dlic.auth.http.jwt.HTTPJwtAuthenticator.<init>(HTTPJwtAuthenticator.java:102) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:67) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:484) ~[?:?]
at org.opensearch.security.support.ReflectionHelper.instantiateAAA(ReflectionHelper.java:62) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
... 9 more
Caused by: io.jsonwebtoken.lang.InstantiationException: Unable to instantiate class [io.jsonwebtoken.impl.DefaultJwtParser]
at io.jsonwebtoken.lang.Classes.newInstance(Classes.java:159) ~[jjwt-api-0.11.5.jar:0.11.5]
at io.jsonwebtoken.lang.Classes.newInstance(Classes.java:137) ~[jjwt-api-0.11.5.jar:0.11.5]
at io.jsonwebtoken.Jwts.parser(Jwts.java:124) ~[jjwt-api-0.11.5.jar:0.11.5]
at com.amazon.dlic.auth.http.jwt.HTTPJwtAuthenticator.<init>(HTTPJwtAuthenticator.java:96) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:67) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:484) ~[?:?]
at org.opensearch.security.support.ReflectionHelper.instantiateAAA(ReflectionHelper.java:62) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
... 9 more
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) ~[?:?]
at java.security.AccessController.checkPermission(AccessController.java:1068) ~[?:?]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:411) ~[?:?]
at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:2070) ~[?:?]
at java.lang.Thread.getContextClassLoader(Thread.java:2420) ~[?:?]
at io.jsonwebtoken.impl.lang.Services$1.getClassLoader(Services.java:37) ~[jjwt-impl-0.11.5.jar:0.11.5]
at io.jsonwebtoken.impl.lang.Services.loadAll(Services.java:68) ~[jjwt-impl-0.11.5.jar:0.11.5]
at io.jsonwebtoken.impl.compression.DefaultCompressionCodecResolver.<init>(DefaultCompressionCodecResolver.java:57) ~[jjwt-impl-0.11.5.jar:0.11.5]
at io.jsonwebtoken.impl.DefaultJwtParser.<init>(DefaultJwtParser.java:51) ~[jjwt-impl-0.11.5.jar:0.11.5]
at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:67) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.ReflectAccess.newInstance(ReflectAccess.java:128) ~[?:?]
at jdk.internal.reflect.ReflectionFactory.newInstance(ReflectionFactory.java:306) ~[?:?]
at java.lang.Class.newInstance(Class.java:684) ~[?:?]
at io.jsonwebtoken.lang.Classes.newInstance(Classes.java:157) ~[jjwt-api-0.11.5.jar:0.11.5]
at io.jsonwebtoken.lang.Classes.newInstance(Classes.java:137) ~[jjwt-api-0.11.5.jar:0.11.5]
at io.jsonwebtoken.Jwts.parser(Jwts.java:124) ~[jjwt-api-0.11.5.jar:0.11.5]
at com.amazon.dlic.auth.http.jwt.HTTPJwtAuthenticator.<init>(HTTPJwtAuthenticator.java:96) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
at jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:67) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:484) ~[?:?]
at org.opensearch.security.support.ReflectionHelper.instantiateAAA(ReflectionHelper.java:62) ~[opensearch-security-2.10.0.0-SNAPSHOT.jar:2.10.0.0-SNAPSHOT]
... 9 more
from security-dashboards-plugin.
[Triage] Thank you for filing this issue @cwperks. Leaving this without the triaged label since this requires further action to determine what the desired outcome should be.
from security-dashboards-plugin.
Closing this issue as it is now solved. The fix was targeted to 2.x and not necessary in main because all HTTP Authenticators are instantiated in a privileged block in main. See details here: opensearch-project/security#3213 (comment)
from security-dashboards-plugin.
Related Issues (20)
- Add template for compatibility with new versions
- [BUG] Impossible to add customized permission group to a role HOT 2
- [Flaky CI] Intermittent failures with Cypress HOT 3
- [AUTOCUT] Integration Test failed for securityDashboards: 3.0.0 tar distribution HOT 8
- [AUTOCUT] Integration Test failed for securityDashboards: 2.11.0 tar distribution HOT 3
- [Campaign] Ensure Github workflow runs on docker image used by Production Distribution Build HOT 8
- [RELEASE] Release version 2.12.0 HOT 1
- [BUG] Integration Test Failures after OpenSearch node reaches high watermark HOT 3
- [CI] Re-enable Cypress workflow run HOT 2
- [BUG] 2.11 Deleting log type fails HOT 3
- Improve stability and speed of the integration tests running on the Windows runner
- [BUG] Dashboards permalink and iframe losses url param JWT on internal API calls HOT 14
- Stabilize CI for dashboards repo HOT 4
- [BUG] 1.3.12 Short URL raises 400 error during SAML login HOT 4
- [FEATURE] Add UI support to add existing roles while creating a user HOT 1
- [BUG] Opensearch logout trggier by wrong api call in devtool console from Firefox HOT 1
- [BUG] Security cookie could be too large when using JWT auth type HOT 5
- `Global` showing in user dropdown when multi-tenancy is disabled HOT 4
- [Action Required] Ensure 2.11 branch readiness for 2.11.1 release HOT 2
- [AUTOCUT] Integration Test failed for securityDashboards: 3.0.0 tar distribution HOT 169
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-dashboards-plugin.