Bug #7417
Solr queries return error when authenticated user has an identity mapped with an ORCID
100%
Description
Seen on cn-sandbox-2 today:
When a user is logged in with a CILogon account and makes any solr query, such as:
https://cn-sandbox-2.test.dataone.org/cn/v2/query/solr/?q=*:*
The following error is returned:
class java.lang.IllegalArgumentException: improperly specified input name: 0000-0002-1871-0794
With "0000-0002-1871-0794" being the ORCID that this user is mapped to.
If I log in to DataONE using that ORCID account, I don't get an error and the query is executed.
History
#1 Updated by Ben Leinfelder over 8 years ago
Here's the stacktrace
20151008-18:31:06: [ERROR]: improperly specified input name: 0000-0002-1871-0794 [org.dataone.solr.servlet.SessionAuthorizationFilterStrategy]
java.lang.IllegalArgumentException: improperly specified input name: 0000-0002-1871-0794
at javax.security.auth.x500.X500Principal.(X500Principal.java:169)
at javax.security.auth.x500.X500Principal.(X500Principal.java:121)
at org.dataone.client.auth.CertificateManager.standardizeDN(CertificateManager.java:573)
at org.dataone.solr.servlet.SessionAuthorizationUtil.addAuthenticatedSubjectsToRequest(SessionAuthorizationUtil.java:168)
at org.dataone.solr.servlet.SearchServiceSessionAuthorizationFilter.addAuthenticatedSubjectsToRequest(SearchServiceSessionAuthorizationFilter.java:51)
at org.dataone.solr.servlet.SessionAuthorizationFilterStrategy.doFilter(SessionAuthorizationFilterStrategy.java:253)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:497)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: Incorrect AVA format
at sun.security.x509.AVA.readChar(AVA.java:564)
at sun.security.x509.AVA.(AVA.java:185)
at sun.security.x509.AVA.(AVA.java:145)
at sun.security.x509.RDN.(RDN.java:151)
at sun.security.x509.X500Name.parseDN(X500Name.java:935)
at sun.security.x509.X500Name.(X500Name.java:165)
at javax.security.auth.x500.X500Principal.(X500Principal.java:167)
... 25 more
#2 Updated by Ben Leinfelder over 8 years ago
- Status changed from New to Closed
- Assignee set to Ben Leinfelder
- % Done changed from 0 to 100
Updated the solr auth filter to not completely fail when an equivalent ID is not a valid DN format. Works as expected now.
