search

SoftInstigate / restheart

Rapid API Development with MongoDB
https://restheart.org
GNU Affero General Public License v3.0
805 stars 171 forks source link

Unable to start RestHeart Security #374

Closed wannesrams closed 4 years ago

wannesrams commented 4 years ago

I am unable to start Restheart Security. Anyone knows what might be wrong? I am in the dark. I get the following error

[main] [1;31mERROR[0;39m org.restheart.security.Bootstrapper - Error starting RESTHeart Security. Exiting...
com.google.common.util.concurrent.UncheckedExecutionException: java.lang.IllegalStateException: Error configuring Authentication Mechanism basicAuthMechanism
    at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2050)
    at com.google.common.cache.LocalCache.get(LocalCache.java:3952)
    at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3974)
    at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4958)
    at com.google.common.cache.LocalCache$LocalLoadingCache.getUnchecked(LocalCache.java:4964)
    at org.restheart.security.cache.impl.GuavaLoadingCache.getLoading(GuavaLoadingCache.java:63)
    at org.restheart.security.plugins.PluginsRegistry.getAuthenticationMechanism(PluginsRegistry.java:320)
    at org.restheart.security.Bootstrapper.lambda$authMechanisms$7(Bootstrapper.java:760)
    at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
    at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
    at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177)
    at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
    at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1654)
    at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
    at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
    at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
    at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
    at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
    at java.base/java.util.stream.ReferencePipeline.forEachOrdered(ReferencePipeline.java:502)
    at org.restheart.security.Bootstrapper.authMechanisms(Bootstrapper.java:756)
    at org.restheart.security.Bootstrapper.startCoreSystem(Bootstrapper.java:615)
    at org.restheart.security.Bootstrapper.startServer(Bootstrapper.java:478)
    at org.restheart.security.Bootstrapper.run(Bootstrapper.java:220)
    at org.restheart.security.Bootstrapper.main(Bootstrapper.java:188)
Caused by: java.lang.IllegalStateException: Error configuring Authentication Mechanism basicAuthMechanism
    at org.restheart.security.plugins.PluginsRegistry.lambda$static$3(PluginsRegistry.java:103)
    at org.restheart.security.cache.impl.GuavaLoadingCache$1.load(GuavaLoadingCache.java:51)
    at org.restheart.security.cache.impl.GuavaLoadingCache$1.load(GuavaLoadingCache.java:48)
    at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3528)
    at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2277)
    at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2154)
    at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2044)
    ... 23 common frames omitted
Caused by: org.restheart.security.ConfigurationException: Error configuring Authentication Mechanism basicAuthMechanism
    at org.restheart.security.plugins.PluginsFactory.createAutenticationMechanism(PluginsFactory.java:99)
    at org.restheart.security.plugins.PluginsRegistry.lambda$static$3(PluginsRegistry.java:100)
    ... 29 common frames omitted
Caused by: java.lang.reflect.InvocationTargetException: null
    at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
    at org.restheart.security.plugins.PluginsFactory.createAutenticationMechanism(PluginsFactory.java:87)
    ... 30 common frames omitted
Caused by: com.google.common.util.concurrent.UncheckedExecutionException: java.lang.IllegalStateException: Error configuring Authenticator simpleFileAuthenticator
    at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2050)
    at com.google.common.cache.LocalCache.get(LocalCache.java:3952)
    at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3974)
    at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4958)
    at com.google.common.cache.LocalCache$LocalLoadingCache.getUnchecked(LocalCache.java:4964)
    at org.restheart.security.cache.impl.GuavaLoadingCache.getLoading(GuavaLoadingCache.java:63)
    at org.restheart.security.plugins.PluginsRegistry.getAuthenticator(PluginsRegistry.java:302)
    at org.restheart.security.plugins.mechanisms.BasicAuthMechanism.<init>(BasicAuthMechanism.java:46)
    ... 35 common frames omitted
Caused by: java.lang.IllegalStateException: Error configuring Authenticator simpleFileAuthenticator
    at org.restheart.security.plugins.PluginsRegistry.lambda$static$1(PluginsRegistry.java:75)
    at org.restheart.security.cache.impl.GuavaLoadingCache$1.load(GuavaLoadingCache.java:51)
    at org.restheart.security.cache.impl.GuavaLoadingCache$1.load(GuavaLoadingCache.java:48)
    at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3528)
    at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2277)
    at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2154)
    at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2044)
    ... 42 common frames omitted
Caused by: org.restheart.security.ConfigurationException: Error configuring Authenticator simpleFileAuthenticator
    at org.restheart.security.plugins.PluginsFactory.createAuthenticator(PluginsFactory.java:168)
    at org.restheart.security.plugins.PluginsRegistry.lambda$static$1(PluginsRegistry.java:72)
    ... 48 common frames omitted
Caused by: java.lang.reflect.InvocationTargetException: null
    at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
    at org.restheart.security.plugins.PluginsFactory.createAuthenticator(PluginsFactory.java:156)
    ... 49 common frames omitted
Caused by: org.yaml.snakeyaml.error.YAMLException: java.nio.charset.MalformedInputException: Input length = 1
    at org.yaml.snakeyaml.reader.StreamReader.update(StreamReader.java:218)
    at org.yaml.snakeyaml.reader.StreamReader.ensureEnoughData(StreamReader.java:176)
    at org.yaml.snakeyaml.reader.StreamReader.ensureEnoughData(StreamReader.java:171)
    at org.yaml.snakeyaml.reader.StreamReader.peek(StreamReader.java:126)
    at org.yaml.snakeyaml.scanner.ScannerImpl.scanToNextToken(ScannerImpl.java:1177)
    at org.yaml.snakeyaml.scanner.ScannerImpl.fetchMoreTokens(ScannerImpl.java:287)
    at org.yaml.snakeyaml.scanner.ScannerImpl.checkToken(ScannerImpl.java:227)
    at org.yaml.snakeyaml.parser.ParserImpl$ParseImplicitDocumentStart.produce(ParserImpl.java:195)
    at org.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:158)
    at org.yaml.snakeyaml.parser.ParserImpl.checkEvent(ParserImpl.java:148)
    at org.yaml.snakeyaml.composer.Composer.getSingleNode(Composer.java:107)
    at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:139)
    at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:524)
    at org.yaml.snakeyaml.Yaml.load(Yaml.java:452)
    at org.restheart.security.plugins.FileConfigurablePlugin.init(FileConfigurablePlugin.java:65)
    at org.restheart.security.plugins.authenticators.SimpleFileAuthenticator.<init>(SimpleFileAuthenticator.java:65)
    ... 54 common frames omitted
Caused by: java.nio.charset.MalformedInputException: Input length = 1
    at java.base/java.nio.charset.CoderResult.throwException(CoderResult.java:274)
    at java.base/sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:339)
    at java.base/sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
    at java.base/java.io.InputStreamReader.read(InputStreamReader.java:185)
    at org.yaml.snakeyaml.reader.UnicodeReader.read(UnicodeReader.java:125)
    at org.yaml.snakeyaml.reader.StreamReader.update(StreamReader.java:183)
    ... 69 common frames omitted
16:56:46.445 [main] [34mINFO [0;39m org.restheart.security.Bootstrapper - Stopping RESTHeart Security...
16:56:46.446 [main] [34mINFO [0;39m org.restheart.security.Bootstrapper - Cleaning up temporary directories...
16:56:46.448 [main] [34mINFO [0;39m org.restheart.security.Bootstrapper - [32;1mRESTHeart Security stopped[m

The start command is

"D:\apps\MongoDB\jdk-11.0.5_windows-x64_bin\jdk-11.0.5\bin\java.exe" -Dfile.encoding=UTF-8 -server -Djavax.net.ssl.trustStore=.\etc\rhTrustStore -Djavax.net.ssl.trustStorePassword=hidden -Djavax.security.auth.useSubjectCredsOnly=false -jar restheart-security.jar .\etc\restheart-security.yml -e .\etc\default.properties

the relevant block in my main config file is

auth-mechanisms:
 #   - name: tokenBasicAuthMechanism
 #     class: org.restheart.security.plugins.mechanisms.TokenBasicAuthMechanism
 #     args:
 #       realm: RESTHeart Realm
    - name: basicAuthMechanism
      class:  org.restheart.security.plugins.mechanisms.BasicAuthMechanism
      args:
        realm: RESTHeart Realm
        authenticator: simpleFileAuthenticator
  #  - name: digestAuthMechanism
  #    class:  org.restheart.security.plugins.mechanisms.DigestAuthMechanism
  #    args:
  #      realm: RESTHeart Realm
  #      domain: localhost
  #      authenticator: simpleFileAuthenticator
#    - name: identityAuthenticationMechanism
#      class: org.restheart.security.plugins.mechanisms.IdentityAuthMechanism
#      args:
#        username: admin
#        roles:
#            - admin
#            - user

## Authenticators

 # An Authenticator verify user credential and are used by one or more
 # AuthMachanisms

 # See README.md for the list of available Authenticators

authenticators:
    - name: simpleFileAuthenticator
      class: org.restheart.security.plugins.authenticators.SimpleFileAuthenticator
      args:
        conf-file: .\etc\users.yml

## Authorizers

 # Authorizers verify if a request is allowed.

 # As an in-bound request is received and authenticated the isAllowed() method is
 # called on each authenticator in turn until one of the following occurs:
 # an authenticator allows the incoming request or the list of authenticators is
 # exhausted. In the latter case, the request ends and 403 Forbidden is returned.

 # See README.md for the list of available Authorizers

authorizers:
    - name: requestPredicatesAuthorizer
      class: org.restheart.security.plugins.authorizers.RequestPredicatesAuthorizer
      args:
        conf-file: .\etc\acl.yml

And the users and acl files are configuration file for simpleFileAuthenticator

users:      
   - userid: hidden
    password: hidden
    roles: [users]

  - userid: hidden
    password: hidden
    roles: [users]

## configuration file for requestPredicatesAuthorizer
permissions:
    # OPTIONS is always allowed

    - role: $unauthenticated
      predicate: path-prefix[path="/echo"] and method[value="GET"]

    - role: admin
      predicate: path-prefix[path="/"]

  # Users with role 'users' can GET any collection or document resource (excluding dbs and _logic )
  - role: users
    predicate: regex[pattern="/.*/.*", value="%R", full-match=true] and method[value="GET"] and not path-prefix[path="/_logic"]

  # Users with role 'users' can request URI /_logic/csv
  - role: users
    predicate: path["/_logic/csv"]

  # Users with role 'users' can do anything on the collection /publicdb/{username}
  - role: users
    predicate: path-template[value="/publicdb/{username}"] and equals[%u, "${username}"]

  # Users with role 'users' can do anything on documents of the collection /publicdb/{username}
  - role: users
    predicate: path-template[value="/publicdb/{username}/{doc}"] and equals[%u, "${username}"]

Using version 4.1.3 and I have no clue what is wrong.

mkjsix commented 4 years ago

Hi @wannesrams

Relevant message seems to be: "Error configuring Authenticator simpleFileAuthenticator"

Your configuration file for simpleFileAuthenticator looks to have an indentation problem:

users:      
   - userid: hidden
    password: hidden
    roles: [users]

  - userid: hidden
    password: hidden
    roles: [users]

Please check if this is the problem.

ujibang commented 4 years ago

you can use an online yaml validator as https://codebeautify.org/yaml-validator to check your conf file

the correct users.yml file is 

users:      
  - userid: hidden
    password: hidden
    roles: [users]

  - userid: hidden
    password: hidden
    roles: [users]

## configuration file for requestPredicatesAuthorizer
permissions:
    # OPTIONS is always allowed

  - role: $unauthenticated
      predicate: path-prefix[path="/echo"] and method[value="GET"]

  - role: admin
      predicate: path-prefix[path="/"]

  # Users with role 'users' can GET any collection or document resource (excluding dbs and _logic )
  - role: users
    predicate: regex[pattern="/.*/.*", value="%R", full-match=true] and method[value="GET"] and not path-prefix[path="/_logic"]

  # Users with role 'users' can request URI /_logic/csv
  - role: users
    predicate: path["/_logic/csv"]

  # Users with role 'users' can do anything on the collection /publicdb/{username}
  - role: users
    predicate: path-template[value="/publicdb/{username}"] and equals[%u, "${username}"]

  # Users with role 'users' can do anything on documents of the collection /publicdb/{username}
  - role: users
    predicate: path-template[value="/publicdb/{username}/{doc}"] and equals[%u, "${username}"]
wannesrams commented 4 years ago

Thanks for the quick answer. Corrected the files same error

## configuration file for simpleFileAuthenticator
users:
  - userid: hidden
    password: hidden
    roles: [users]

  - userid: hidden
    password: hidden
    roles: [users]``

## configuration file for requestPredicatesAuthorizer
permissions:
    # OPTIONS is always allowed

   - role: $unauthenticated
     predicate: path-prefix[path="/echo"] and method[value="GET"]

   - role: admin
     predicate: path-prefix[path="/"]

   #Users with role 'users' can GET any collection or document resource (excluding dbs and _logic )
   - role: users
     predicate: regex[pattern="/.*/.*", value="%R", full-match=true] and method[value="GET"] and not path-prefix[path="/_logic"]

   #Users with role 'users' can request URI /_logic/csv
   - role: users
     predicate: path["/_logic/csv"]

   #Users with role 'users' can do anything on the collection /publicdb/{username}
   - role: users
     predicate: path-template[value="/publicdb/{username}"] and equals[%u, "${username}"]

   #Users with role 'users' can do anything on documents of the collection /publicdb/{username}
   - role: users
     predicate: path-template[value="/publicdb/{username}/{doc}"] and equals[%u, "${username}"]``
wannesrams commented 4 years ago

Downloaded the latest release with all default settings and config files, same error

ujibang commented 4 years ago

we noticed a small misconfiguration in restheart-security.yml file and fixed it (going to publish a new release soon)

the issue was in the following configuration options:

conf-file: ../etc/acl.yml and conf-file: ../etc/users.yml

the correct values are:

conf-file: ./etc/acl.yml and conf-file: ./etc/users.yml (only one dot .)

(the path are relative to the directory where the restheart-security.jar file is)

However your issue you reported seems to be related to an error with yml formatting

see org.yaml.snakeyaml.error.YAMLException: java.nio.charset.MalformedInputException: Input length = 1

snakeyaml is the yml parser.....

mkjsix commented 4 years ago

The following stracktrace:

Caused by: java.nio.charset.MalformedInputException: Input length = 1
    at java.base/java.nio.charset.CoderResult.throwException(CoderResult.java:274)
    at java.base/sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:339)
    at java.base/sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
    at java.base/java.io.InputStreamReader.read(InputStreamReader.java:185)
    at org.yaml.snakeyaml.reader.UnicodeReader.read(UnicodeReader.java:125)

Says there's a failure in the UnicodeReader class of snakeyaml parser. Often it indicates that the YAML file contains some non UTF-8 character. Maybe the file has been saved in a different charset, like Windows-1252 ? Could you please try to be sure that the YAML file is saved as UTF-8 and it doesn't contain any non-visible character?

ujibang commented 4 years ago

version 1.3.2 with conf file fix is out https://github.com/SoftInstigate/restheart-security/releases/tag/1.3.2

closing for now, feel free to reopen in case your problem persists.

wannesrams commented 4 years ago

Thanks @ujibang I already found and fixed the 2 dot issue, but good to see it fixed in the release. Issue found as @mkjsix indicated. a € symbol should not be in the file, it was part of a password