ShinyProxy with Auth0 Authentication & Nginx config - infinite redirect loop

Samy · February 20, 2019, 12:37pm

Hi all,

I am trying to set up OIDC authentication for my shinyproxy instance using Auth0 & NGINX over SSL. The application works when authentication is set to none. When setting authentication to Auth0 however Spring appears to encounter an error and then go into an infinite loop.

My application.yml file is as follows :

proxy:
title: Open Analytics Shiny Proxy
logo-url: h!!p://www.openanalytics.eu/sites/www.openanalytics.eu/themes/oa/logo.png
landing-page: /
heartbeat-rate: 10000
heartbeat-timeout: 60000
port: 8080
container-wait-time: 40000
authentication: openid
openid:
auth-url: h!!ps://blabla.eu.auth0.com/authorize
token-url: h!!ps://blabla.eu.auth0.com/oauth/token
jwks-url: h!!ps://blabla.eu.auth0.com/.well-known/jwks.json
client-id: cool_id
client-secret: cool_secret

server:
useForwardHeaders: true

docker:
url: h!!p://localhost:2375
port-range-start: 20000
#internal-networking: true
specs:

id: red_app
container-cmd: [“R”, “-e”, “shiny::runApp(’/srv/shinydockerimage’)”]
container-image: blablapp

logging:
level:
org.springframework.security: debug
file:
shinyproxy.log

My Nginx conf file is the exact same as instructed on the shinyproxy website

Here is an extract from the shinyproxy log when the loop happens :

– [ XNIO-2 task-4] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider
2019-02-20 12:06:19.558 DEBUG 22867 — [ XNIO-2 task-4] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider

Before that the log indicates an error is occuring : " [authorization request _not_found]"

I have set the callback URL within the Auth0 portal accordingly to instructions and I’ve also populated the YAML file for Auth0 accordingly to instructions. I’ve also set my NGINX conf file accordingly to instructiuons.

Thanks in advance for your help.

fmichielssen · February 26, 2019, 7:47am

Hi @Samy,

We’ve had other reports of issues with OIDC + HTTPS. Can you please create an issue on https://github.com/openanalytics/shinyproxy/issues and add any info you have (config, logs) ?

Anatoliy_Vuets · March 5, 2019, 6:58pm

I’ve got the same problem. Cannot make it work with Auth0, however works perfectly with google auth.
Are there any updates on this issue?

Samy · March 6, 2019, 4:42pm

Hi both,

Thanks for your message - I’m somehow embarassed by this but I managed to resolve the problem by … rebooting my server. Somehow I had tried everything but this - I did however make a number of config change which I suspect took effect when I rebooted but I would not know exactly which change resolved the problem that I had.

Sorry for such an underwhelming conclusion !
By the way, thanks to Openanalytics for creating shinyproxy - what an incredible tool to make Shiny scalable and enterprise grade !

Anatoliy_Vuets · March 6, 2019, 5:11pm

Wow, nice! @Sammy, could you please share your nginx and shinyproxy config files? And mb your Auth0 config?

Samy · March 7, 2019, 3:32pm

Hi, sure, my nginx config is very simple :

----------- NGINX CONFIG ---------------
worker_processes 1;
pid /run/nginx.pid;

events {
worker_connections 1024;
# multi_accept on;
}

http {

server {
listen                80;
server_name           blabla.com
rewrite     ^(.*)     https://$server_name$1 permanent;

}

server {

listen                443;
server_name           blabla.com;
access_log            /var/log/nginx/shinyproxy.access.log;
error_log             /var/log/nginx/shinyproxy.error.log error;

ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_certificate      /path/to/cert;
ssl_certificate_key  /path/to/cert_key;
ssl_ciphers tadidadadida;


location / {

   proxy_pass          http://127.0.0.1:8080/;

   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   proxy_read_timeout 600s;
   #proxy_cookie_path ~^/site/.*$ /;

   proxy_redirect    off;
   proxy_set_header  Host             $http_host;
   proxy_set_header  X-Real-IP        $remote_addr;
   proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
   proxy_set_header  X-Forwarded-Proto $scheme;
 }

}
}

and my shinyproxy config :

proxy:
title: blablibla Analytics Hub
template-path: ./templates/2col
logo-url: http://www.openanalytics.eu/sites/www.openanalytics.eu/themes/oa/logo.png
landing-page: /
heartbeat-rate: 10000
heartbeat-timeout: 60000
port: 8080
usage-stats-url: http://localhost:8086/write?db=shinyproxy_usagestats
authentication: openid
openid:
auth-url: https://blablibladatatools.eu.auth0.com/authorize
token-url: https://blablibladatatools.eu.auth0.com/oauth/token
jwks-url: https://blablibladatatools.eu.auth0.com/.well-known/jwks.json
client-id: cool_id
client-secret: cool_secret
roles-claim: https://shinyproxy.io/shinyproxy_roles
logout-url: https://blablibladatatools.eu.auth0.com/v2/logout?returnTo=https%3A%2F%2Fwww.google.com

docker:
cert-path: /home/none
url: http://localhost:2375
port-range-start: 20000

specs:

id: blablibla_app
display-name: cool_name
description: cool_desc
container-cmd: [“R”, “-e”, “shiny::runApp(’/srv/shinydockerimage’)”]
container-image: blablibla_shinyapp
access-groups: [users,employees]

logging:
file:
shinyproxy.log

server:
useForwardHeaders: true

Not sure what you mean by Auth0 config ?

Cheers

Samy

Anatoliy_Vuets · March 9, 2019, 9:07am

Still getting “ERR_TOO_MANY_REDIRECTS” error

Anatoliy_Vuets · March 9, 2019, 9:27am

Adding my Shinyproxy.log file, mb it has some clues to what is happening

2019-03-09 01:19:35.450 DEBUG 2598 --- [XNIO-2 task-28] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/'; against '/css/**'

2019-03-09 01:19:35.657 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against ‘/img/’
2019-03-09 01:19:35.657 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against '/js/’
2019-03-09 01:19:35.657 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against ‘/assets/’
2019-03-09 01:19:35.657 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against '/webjars/’
2019-03-09 01:19:35.657 DEBUG 2598 — [XNIO-2 task-28] o.s.security.web.FilterChainProxy : / at position 1 of 12 in additional filter chain; firing Filter: ‘WebAsyncManagerIntegrationFilter’
2019-03-09 01:19:35.657 DEBUG 2598 — [XNIO-2 task-28] o.s.security.web.FilterChainProxy : / at position 2 of 12 in additional filter chain; firing Filter: ‘SecurityContextPersistenceFilter’
2019-03-09 01:19:35.657 DEBUG 2598 — [XNIO-2 task-28] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2019-03-09 01:19:35.657 DEBUG 2598 — [XNIO-2 task-28] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2019-03-09 01:19:35.657 DEBUG 2598 — [XNIO-2 task-28] o.s.security.web.FilterChainProxy : / at position 3 of 12 in additional filter chain; firing Filter: ‘HeaderWriterFilter’
2019-03-09 01:19:35.657 DEBUG 2598 — [XNIO-2 task-28] o.s.security.web.FilterChainProxy : / at position 4 of 12 in additional filter chain; firing Filter: ‘LogoutFilter’
2019-03-09 01:19:35.657 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against ‘/logout’
2019-03-09 01:19:35.657 DEBUG 2598 — [XNIO-2 task-28] o.s.security.web.FilterChainProxy : / at position 5 of 12 in additional filter chain; firing Filter: ‘UsernamePasswordAuthenticationFilter’
2019-03-09 01:19:35.657 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /’ doesn’t match 'POST /login
2019-03-09 01:19:35.657 DEBUG 2598 — [XNIO-2 task-28] o.s.security.web.FilterChainProxy : / at position 6 of 12 in additional filter chain; firing Filter: ‘BasicAuthenticationFilter’
2019-03-09 01:19:35.657 DEBUG 2598 — [XNIO-2 task-28] o.s.security.web.FilterChainProxy : / at position 7 of 12 in additional filter chain; firing Filter: ‘RequestCacheAwareFilter’
2019-03-09 01:19:35.657 DEBUG 2598 — [XNIO-2 task-28] o.s.security.web.FilterChainProxy : / at position 8 of 12 in additional filter chain; firing Filter: ‘SecurityContextHolderAwareRequestFilter’
2019-03-09 01:19:35.658 DEBUG 2598 — [XNIO-2 task-28] o.s.security.web.FilterChainProxy : / at position 9 of 12 in additional filter chain; firing Filter: ‘AnonymousAuthenticationFilter’
2019-03-09 01:19:35.658 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: ‘org.springframework.security.authentication.AnonymousAuthenticationToken@7d47336b: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 91.206.14.10; SessionId: null; Granted Authorities: ROLE_ANONYMOUS’
2019-03-09 01:19:35.658 DEBUG 2598 — [XNIO-2 task-28] o.s.security.web.FilterChainProxy : / at position 10 of 12 in additional filter chain; firing Filter: ‘SessionManagementFilter’
2019-03-09 01:19:35.658 DEBUG 2598 — [XNIO-2 task-28] o.s.security.web.FilterChainProxy : / at position 11 of 12 in additional filter chain; firing Filter: ‘ExceptionTranslationFilter’
2019-03-09 01:19:35.658 DEBUG 2598 — [XNIO-2 task-28] o.s.security.web.FilterChainProxy : / at position 12 of 12 in additional filter chain; firing Filter: ‘FilterSecurityInterceptor’
2019-03-09 01:19:35.658 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against ‘/app/ProductDashboard’
2019-03-09 01:19:35.658 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against ‘/app/ShopAudience’
2019-03-09 01:19:35.658 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against ‘/app/PurchaseAdsROI’
2019-03-09 01:19:35.658 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against ‘/admin’
2019-03-09 01:19:35.658 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against ‘/login’
2019-03-09 01:19:35.658 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against ‘/signin/**’
2019-03-09 01:19:35.658 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /; Attributes: [fullyAuthenticated]
2019-03-09 01:19:35.658 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@7d47336b: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 91.206.14.10; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2019-03-09 01:19:35.659 DEBUG 2598 — [XNIO-2 task-28] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@7ecba25a, returned: -1
2019-03-09 01:19:35.661 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point

org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) ~[spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:64) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.server.handlers.PathHandler.handleRequest(PathHandler.java:94) ~[undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
at eu.openanalytics.containerproxy.ContainerProxyApplication$ProtectedPathHandler.handleRequest(ContainerProxyApplication.java:111) ~[containerproxy-0.4.0.jar!/:0.4.0]
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) ~[undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) ~[undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) ~[undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) ~[undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) ~[undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:336) ~[undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) ~[undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]

2019-03-09 01:19:35.661 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern=’//favicon.ico’]]
2019-03-09 01:19:35.661 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against '//favicon.ico’
2019-03-09 01:19:35.661 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2019-03-09 01:19:35.661 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@51f03a40, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[/]]]
2019-03-09 01:19:35.661 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.m.MediaTypeRequestMatcher : httpRequestMediaTypes=[]
2019-03-09 01:19:35.661 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.m.MediaTypeRequestMatcher : Did not match any media types
2019-03-09 01:19:35.661 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2019-03-09 01:19:35.661 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
2019-03-09 01:19:35.661 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = true
2019-03-09 01:19:35.661 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.util.matcher.AndRequestMatcher : All requestMatchers returned true
2019-03-09 01:19:35.662 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.s.HttpSessionRequestCache : DefaultSavedRequest added to Session: DefaultSavedRequest[https://letylytics.com/]
2019-03-09 01:19:35.662 DEBUG 2598 — [XNIO-2 task-28] o.s.s.w.a.ExceptionTranslationFilter : Calling Authentication entry point.
2019-03-09 01:19:35.662 DEBUG 2598 — [XNIO-2 task-28] o.s.s.web.DefaultRedirectStrategy : Redirecting to ‘https://letylytics.com/login’
2019-03-09 01:19:35.662 DEBUG 2598 — [XNIO-2 task-28] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2019-03-09 01:19:35.663 DEBUG 2598 — [XNIO-2 task-28] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2019-03-09 01:19:35.799 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login’; against ‘/css/’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login’; against '/img/’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login’; against ‘/js/’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login’; against '/assets/’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login’; against ‘/webjars/’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.security.web.FilterChainProxy : /login at position 1 of 12 in additional filter chain; firing Filter: ‘WebAsyncManagerIntegrationFilter’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.security.web.FilterChainProxy : /login at position 2 of 12 in additional filter chain; firing Filter: ‘SecurityContextPersistenceFilter’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.security.web.FilterChainProxy : /login at position 3 of 12 in additional filter chain; firing Filter: ‘HeaderWriterFilter’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.security.web.FilterChainProxy : /login at position 4 of 12 in additional filter chain; firing Filter: ‘LogoutFilter’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login’; against ‘/logout’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.security.web.FilterChainProxy : /login at position 5 of 12 in additional filter chain; firing Filter: ‘UsernamePasswordAuthenticationFilter’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /login’ doesn’t match 'POST /login
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.security.web.FilterChainProxy : /login at position 6 of 12 in additional filter chain; firing Filter: ‘BasicAuthenticationFilter’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.security.web.FilterChainProxy : /login at position 7 of 12 in additional filter chain; firing Filter: ‘RequestCacheAwareFilter’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.security.web.FilterChainProxy : /login at position 8 of 12 in additional filter chain; firing Filter: ‘SecurityContextHolderAwareRequestFilter’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.security.web.FilterChainProxy : /login at position 9 of 12 in additional filter chain; firing Filter: ‘AnonymousAuthenticationFilter’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: ‘org.springframework.security.authentication.AnonymousAuthenticationToken@7d47336b: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 91.206.14.10; SessionId: null; Granted Authorities: ROLE_ANONYMOUS’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.security.web.FilterChainProxy : /login at position 10 of 12 in additional filter chain; firing Filter: ‘SessionManagementFilter’
2019-03-09 01:19:35.800 DEBUG 2598 — [XNIO-2 task-29] o.s.security.web.FilterChainProxy : /login at position 11 of 12 in additional filter chain; firing Filter: ‘ExceptionTranslationFilter’
2019-03-09 01:19:35.801 DEBUG 2598 — [XNIO-2 task-29] o.s.security.web.FilterChainProxy : /login at position 12 of 12 in additional filter chain; firing Filter: ‘FilterSecurityInterceptor’
2019-03-09 01:19:35.801 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login’; against ‘/app/ProductDashboard’
2019-03-09 01:19:35.801 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login’; against ‘/app/ShopAudience’
2019-03-09 01:19:35.801 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login’; against ‘/app/PurchaseAdsROI’
2019-03-09 01:19:35.801 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login’; against ‘/admin’
2019-03-09 01:19:35.801 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/login’; against ‘/login’
2019-03-09 01:19:35.801 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /login; Attributes: [permitAll]
2019-03-09 01:19:35.801 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@7d47336b: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 91.206.14.10; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2019-03-09 01:19:35.801 DEBUG 2598 — [XNIO-2 task-29] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@7ecba25a, returned: 1
2019-03-09 01:19:35.801 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2019-03-09 01:19:35.801 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2019-03-09 01:19:35.801 DEBUG 2598 — [XNIO-2 task-29] o.s.security.web.FilterChainProxy : /login reached end of additional filter chain; proceeding with original chain
2019-03-09 01:19:35.804 DEBUG 2598 — [XNIO-2 task-29] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2019-03-09 01:19:35.804 DEBUG 2598 — [XNIO-2 task-29] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2019-03-09 01:19:35.804 DEBUG 2598 — [XNIO-2 task-29] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2019-03-09 04:54:52.955 DEBUG 2598 — [XNIO-2 task-3] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against '/css/’
2019-03-09 04:54:52.955 DEBUG 2598 — [XNIO-2 task-3] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against ‘/img/’
2019-03-09 04:54:52.955 DEBUG 2598 — [XNIO-2 task-3] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against '/js/’
2019-03-09 04:54:52.955 DEBUG 2598 — [XNIO-2 task-3] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against ‘/assets/’
2019-03-09 04:54:52.955 DEBUG 2598 — [XNIO-2 task-3] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against '/webjars/’
2019-03-09 04:54:52.956 DEBUG 2598 — [XNIO-2 task-3] o.s.security.web.FilterChainProxy : / at position 1 of 12 in additional filter chain; firing Filter: ‘WebAsyncManagerIntegrationFilter’
2019-03-09 04:54:52.956 DEBUG 2598 — [XNIO-2 task-3] o.s.security.web.FilterChainProxy : / at position 2 of 12 in additional filter chain; firing Filter: ‘SecurityContextPersistenceFilter’
2019-03-09 04:54:52.956 DEBUG 2598 — [XNIO-2 task-3] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2019-03-09 04:54:52.956 DEBUG 2598 — [XNIO-2 task-3] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2019-03-09 04:54:52.956 DEBUG 2598 — [XNIO-2 task-3] o.s.security.web.FilterChainProxy : / at position 3 of 12 in additional filter chain; firing Filter: ‘HeaderWriterFilter’
2019-03-09 04:54:52.956 DEBUG 2598 — [XNIO-2 task-3] o.s.security.web.FilterChainProxy : / at position 4 of 12 in additional filter chain; firing Filter: ‘LogoutFilter’
2019-03-09 04:54:52.956 DEBUG 2598 — [XNIO-2 task-3] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : ‘/’; against ‘/logout’
2019-03-09 04:54:52.956 DEBUG 2598 — [XNIO-2 task-3] o.s.security.web.FilterChainProxy : / at position 5 of 12 in additional filter chain; firing Filter: ‘UsernamePasswordAuthenticationFilter’
2019-03-09 04:54:52.956 DEBUG 2598 — [XNIO-2 task-3] o.s.s.w.u.matcher.AntPathRequestMatcher : Request ‘GET /’ doesn’t match 'POST /login
2019-03-09 04:54:52.956 DEBUG 2598 — [XNIO-2 task-3] o.s.security.web.FilterChainProxy : / at position 6 of 12 in additional filter chain; firing Filter: ‘BasicAuthenticationFilter’
2019-03-09 04:54:52.956 DEBUG 2598 — [XNIO-2 task-3]
o.s.security.web.FilterChainProxy : / at position 8 of 12 in additional filter chain; firing Filter: ‘SecurityContextHolderAwareRequestFilter’
2019-03-09 04:54:52.956 DEBUG 2598 — [XNIO-2 task-3] o.s.security.web.FilterChainProxy : / at position 9 of 12 in additional filter chain; firing Filter: ‘AnonymousAuthenticationFilter’
2019-03-09 04:54:52.956 DEBUG 2598 — [XNIO-2 task-3] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: ‘org.springframework.security.authentication.AnonymousAuthenticationToken@7d50ff07: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 94.102.49.193; SessionId: null; Granted Authorities: ROLE_ANONYMOUS’

ddovgan · March 17, 2019, 1:47pm

Hi All!

I got the same problem. Please find my logs below:

HTTP/1.1 302 Found
Redirect to_ ht_ps_//www.mydomain.com/login(ht_ps_//l.facebook.com/l.php?u=ht_ps%3A%2F%2Fwww.mydomain.com%2Flogin%3Ffbclid%3DIwAR3qcJIXrwDfhgNMuY9AJFQO1AspO5sxXCnVjrXcmzFoy7z4J500nWvIjR4&h=AT0kf1H92ZS2tjq8Q4Cp9lol3nijmOYM2x3wSSyPHDy5gV-oCbvJAshXZnVe6ANxWeiBsbGXHwGpeY9qF1Q857tIXYJcBZ3N6YoC7zfymmHtnvYYgqTbj2851HEywubLIbRMqQ)
Server_ nginx/1.14.0 (Ubuntu)
Date_ Sun, 17 Mar 2019 13_22_08 GMT
Content-Length_ 0
Connection_ keep-alive
Expires_ 0
Cache-Control_ no-cache, no-store, max-age=0, must-revalidate
X-XSS-Protection_ 1; mode=block
Pragma_ no-cache
Location_ ht_ps_//www.mydomain.com/login(ht_ps_//l.facebook.com/l.php?u=ht_ps%3A%2F%2Fwww.mydomain.com%2Flogin%3Ffbclid%3DIwAR2sB1Zc-yyjhE9cWh0BieqzCTq0lSRzPDjoQPXAOLj8j-LDDElvnjbo8Ac&h=AT0kf1H92ZS2tjq8Q4Cp9lol3nijmOYM2x3wSSyPHDy5gV-oCbvJAshXZnVe6ANxWeiBsbGXHwGpeY9qF1Q857tIXYJcBZ3N6YoC7zfymmHtnvYYgqTbj2851HEywubLIbRMqQ)
X-Content-Type-Options_ nosniff
Strict-Transport-Security_ max-age=31536000 ; includeSubDomains

Anatoliy_Vuets · March 18, 2019, 9:17am

+1. This seems to be a common problem… hope to hear from Openanalytics guys.

fmichielssen · March 22, 2019, 9:21am

Hi @Anatoliy_Vuets, @ddovgan,

Can you confirm that you are using https, and have configured this?

server:
  useForwardHeaders: true

Can you also capture the URL for the OIDC provider that shinyproxy is redirecting to from the login page? It should be a URL containing a state and a redirect_uri parameter.

Anatoliy_Vuets · April 4, 2019, 6:38am

@fmichielssen, thank you for your reply!
“Can you confirm that you are using https, and have configured this?” - yes, exactly.

“Can you also capture the URL for the OIDC provider that shinyproxy is redirecting to from the login page?”

Still having the same problem(

infinite redirect loop goes

michaelhogersosis · April 24, 2019, 8:20am

Hi all,

I had a similar issue using Auth0 and HTTPS. In my case it occurred when ‘shinyproxy_roles’ was defined in Auth0 and ShinyProxy, but the metadata for a user as seen below for example was missing. I know this might not apply to some of the responses in this thread, but nevertheless something to watch out for.

{
  "shinyproxy_roles": [ "scientists", "mathematicians" ]
}

Best regards,

Michael

Samy · August 18, 2019, 6:25pm

Hi all,

An update on my situation - although the server reboot appeared to have resolved the issuem this is only partially true - the error seems to come back after a couple of days, where users are typically unable to log in due to the infinite loop / redirects … this of course is a terrible situation to have to reboot the server on a regular basis to avoid errors …

I am not sure whether the error returns after a set number of visits, or whether it is a time issue but it sure seems something is “accumulating” and finally breaking, causing the error.

The error in the log is same as before : Phase 1, followed by Phase 2 repeated over and over, hundreds of time. The contents of Phases 1 and 2 are shown below :

PHASE 1

2019-08-12 16:53:01.595 ERROR 1580 — [XNIO-2 task-11] io.undertow.request : UT005023: Exception handling request to /login/oauth2/code/shinyproxy

java.lang.StackOverflowError: null
at java.lang.Exception.(Exception.java:102) ~[na:1.8.0_201]
at java.lang.ReflectiveOperationException.(ReflectiveOperationException.java:89) ~[na:1.8.0_201]
at java.lang.reflect.InvocationTargetException.(InvocationTargetException.java:72) ~[na:1.8.0_201]
at sun.reflect.GeneratedMethodAccessor26.invoke(Unknown Source) ~[na:na]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_201]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_201]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:338) ~[spring-aop-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:206) ~[spring-aop-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at com.sun.proxy.$Proxy77.authenticate(Unknown Source) ~[na:na]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) ~[spring-security-core-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]

END OF PHASE 1

PHASE 2

at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:502) ~[spring-security-config-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
at sun.reflect.GeneratedMethodAccessor118.invoke(Unknown Source) ~[na:na]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_201]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_201]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:338) ~[spring-aop-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:206) ~[spring-aop-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
at com.sun.proxy.$Proxy77.authenticate(Unknown Source) ~[na:na]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) ~[spring-security-core-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]

END OF PHASE 2

Any help or insight into what is going on would be of course much appreciated.

Samy

Richard_van_der_Pool · April 28, 2020, 9:48pm

I also have this issue using keycloak, shinyproxy on nginx.

Please help…

error