Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Cannot get AuthContext without subject (Invalid session?) #2710
Issue type: Bug report/Enhancement Request
My Rundeck detail
Not to get an exception when using Rundeck.
While using Rundeck we receive this exception:
This then causes Rundeck to cease working correctly until the service is restarted. It appears this is a result of a corrupted / invalid session object that does not contain a subject.
How to reproduce Behavior
Unfortunately we are not certain what causes this bug to trigger but I have found others discussing it at:
I tried to trace the exception back and these are the lines of code I found:
The exception that is triggered is here:
And the function that calls it is here:
But the problem seems to start here:
However I was not able to trace it back to the session creation code to be able to determine how a session could exist and not contain a subject.
the only case where i've seen that happen is if the web app container auth constraint is disabled (e.g. for pre-authenticated mode), in which case the container isn't enforcing a log in before loading application pages, and if the pre-auth mode is not configured correctly, a HTTP request to the app might occur without the appropriate subject in the session.
how is your authentication configured? what pages/urls seem to cause the problem?
Sorry for the delay in replying I was on holiday.
The authentication system in use is default (using: org.eclipse.jetty.jaas.spi.PropertyFileLoginModule) and the users and passwords are stored in the realm.properties file with CRYPT passwords and the groups that the user should be assigned to.
We are unsure what page triggers the exception but once it has been triggered it causes everyone to be unable to login to the server. Would it be possible to add a check to the code so that if a session is found without subject then the session is invalidated (effectively logging out that user) which would prevent this from causing everyone to be unable to login.
I'd like to bump this one up too. I had pretty much the same error and behavior of the application - the website stopped functioning for those of us already logged in, new users couldn't get logged in, and, most importantly, jobs weren't executing anymore. You can see an error below similar to the one reported by @alanjjenkins (from service.log):
Prior to the error, you'll notice that execution 77455 failed. This happened at 9:50 am. The other six jobs scheduled to execute at the same time as 77455 (e.g., 77456, 77460, etc.) completed their work in a second or two, but they didn't "finish" until I stopped and started Rundeck, which then marked them as "incomplete" after 1h 31m 27s. You can see that no other jobs were executed after 77455 failed and nothing else was logged to service.log until one of my coworkers tried to login at 10:48 am. They got ahold of me and I restarted the app.
We didn't notice anything had happened so I'll be writing a log monitor for rundeck... Anyhow, did you have any failed jobs prior to your freeze, @alanjjenkins?
Edit: I'm on rundeck 2.9.3-1 via RPMs on CentOS 7.
Bump. Ran into this error too. Same software version, Amazon Linux 2017.03. The software ran fine for about 4-5 hours, then stopped processing jobs. Attempts to log in would result in the error. After restarting the process, Rundeck would again execute jobs and allow login. I ended up exporting all of my projects and importing them into a clean build. This seems to have solved the issue for myself.
The bug struck us again. No warning and no failed jobs this time. @gschueler, is there a work around or fix coming for this?
added a commit
Nov 21, 2017
Hited the bug on 2.10.7-1. version.
and restarted the server.