search

NCEAS / metacatui

MetacatUI: A client-side web interface for DataONE data repositories
https://nceas.github.io/metacatui
Apache License 2.0
42 stars 28 forks source link

Authentication sometimes hangs #1846

Open helbashandy opened 3 years ago

helbashandy commented 3 years ago

Describe the bug

We noted that sometimes when opening a package page that a user is the rights holder to, the user gets a private data package error. When we tried to replicate (Although is inconsistent and hard to replicate, maybe relates to CN's response time), sometimes I was able to see my name on the top right which indicates that I'm authenticated, and at one time the button held still to "Sign in with Orcid" although I was signed in.

On metacat's end we see this error:

metacat 20210806-19:56:08: [ERROR]: D1ResourceHandler: Serializing exception with code 401: READ not allowed on ess-dive-bb4d81681f10854-20210805T222147794 for subject[s]: public;  [edu.ucsb.nceas.metacat.restservice.D1ResourceHandler:serializeException:555]
org.dataone.service.exceptions.NotAuthorized: READ not allowed on ess-dive-bb4d81681f10854-20210805T222147794 for subject[s]: public; 
    at edu.ucsb.nceas.metacat.dataone.D1AuthHelper.prepareAndThrowNotAuthorized(D1AuthHelper.java:460) ~[metacat.jar:?]
    at edu.ucsb.nceas.metacat.dataone.D1AuthHelper.doGetSysmetaAuthorization(D1AuthHelper.java:434) ~[metacat.jar:?]
    at edu.ucsb.nceas.metacat.dataone.D1NodeService.getSystemMetadata(D1NodeService.java:840) ~[metacat.jar:?]
    at edu.ucsb.nceas.metacat.dataone.MNodeService.getSystemMetadata(MNodeService.java:1199) ~[metacat.jar:?]
    at edu.ucsb.nceas.metacat.restservice.v2.MNResourceHandler.getSystemMetadataObject(MNResourceHandler.java:1587) ~[metacat.jar:?]
    at edu.ucsb.nceas.metacat.restservice.v2.MNResourceHandler.handle(MNResourceHandler.java:276) [metacat.jar:?]
    at edu.ucsb.nceas.metacat.restservice.D1RestServlet.doGet(D1RestServlet.java:86) [metacat.jar:?]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:655) [servlet-api.jar:4.0.FR]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:764) [servlet-api.jar:4.0.FR]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:228) [catalina.jar:9.0.50]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [catalina.jar:9.0.50]
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) [tomcat-websocket.jar:9.0.50]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) [catalina.jar:9.0.50]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [catalina.jar:9.0.50]
    at edu.ucsb.nceas.metacat.restservice.D1URLFilter.doFilter(D1URLFilter.java:54) [metacat.jar:?]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190) [catalina.jar:9.0.50]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:163) [catalina.jar:9.0.50]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) [catalina.jar:9.0.50]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) [catalina.jar:9.0.50]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542) [catalina.jar:9.0.50]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) [catalina.jar:9.0.50]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [catalina.jar:9.0.50]
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) [catalina.jar:9.0.50]
    at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:769) [catalina.jar:9.0.50]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) [catalina.jar:9.0.50]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357) [catalina.jar:9.0.50]
    at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:433) [tomcat-coyote.jar:9.0.50]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-coyote.jar:9.0.50]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893) [tomcat-coyote.jar:9.0.50]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1723) [tomcat-coyote.jar:9.0.50]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:9.0.50]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_292]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_292]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:9.0.50]
    at java.lang.Thread.run(Thread.java:748) [?:1.8.0_292]

To Reproduce Steps to reproduce the behavior:

  1. Go to https://data.ess-dive.lbl.gov/view/ess-dive-bb4d81681f10854-20210805T222147794
  2. Refresh multiple times until you get the error. Note that it is inconsistent and hard to replicate, possibly relates to CN's response time.
  3. See error

Expected behavior Authentication works consistently.

Screenshots The case when it didn't show me as authenticated although I was signed in.

Screen Shot 2021-08-06 at 1 13 38 PM

The case when it did show me as authenticated but told me I don't have access to the package.

Screen Shot 2021-08-06 at 1 31 58 PM

Desktop (please complete the following information):

Note: The reviewer will have to be an ESS-DIVE admin to be able to debug the package. Contact me if you need to be added.

helbashandy commented 3 years ago

Adding details from the console when seeing the error.

Screen Shot 2021-08-12 at 9 51 06 PM