search

cloudogu / sonar-cas-plugin

CAS Authentication support for SonarQube
14 stars 8 forks source link

html parser throw exception #28

Closed commanderback closed 3 years ago

commanderback commented 3 years ago

ERROR web[...][...] The element type "input" must be terminated by the matching end-tag "".

ppxl commented 3 years ago

Hi and thank you for request. In order to reproduce your issue I need to know a bit more about your system:

  1. Which version of SonarQube did you use?
  2. Which version of sonar-cas-plugin did you use?
  3. If possible: What is the nature of the request that leads to this error?
    1. like: Browser requests vs REST request
    2. what file/endpoint was requested

Would it be possible to supply any stacktraces, or is this a single log line without any further references?

Thanks in advance

commanderback commented 3 years ago

1.Which version of SonarQube did you use? sonarqube 7.9.5 LTS

2.Which version of sonar-cas-plugin did you use? sonar-cas-plugin-2.0.2.jar

  1. sonarqube cas related config $SONAR_HOME/conf/sonar.properties  sonar.web.sso.enable=true sonar.web.sso.loginHeader=X-Forwarded-Login sonar.web.sso.nameHeader=X-Forwarded-Name sonar.web.sso.emailHeader=X-Forwarded-Email

sonar.security.realm=cas sonar.authenticator.createUsers=true sonar.cas.forceCasLogin=true sonar.cas.protocol=cas3 sonar.cas.casServerUrlPrefix=https://cas.xx.com/     sonar.cas.casServerLoginUrl=https://cas.xx.com/login sonar.cas.casServerLogoutUrl=https://cas.xx.com/logout sonar.cas.sonarServerUrl=http://sonarqube:9000 sonar.cas.urlAfterCasRedirectCookieMaxAgeSeconds=300 sonar.cas.sessionStorePath=/opt/app/usr/sonarqube/data/sonarcas/sessionstore sonar.cas.sessionStore.cleanUpIntervalInSeconds=1800

sonar.cas.rolesAttributes=groups,roles sonar.cas.fullNameAttribute=displayName sonar.cas.eMailAttribute=mail sonar.cas.saml11.toleranceMilliseconds=1000 sonar.cas.disableCertValidation=true

4.If possible: What is the nature of the request that leads to this error? 4.1like: Browser requests vs REST request I browser http://xx:9000 then input the name/passwd, the browser stop at http://sonarqube:9000/sessions/init/cas?ticket=.... and I check the sonarqube server log file $SONAR_HOME/logs/web.log 2021.01.14 17:17:11 ERROR web[AXcAATOqwIh5Ck86AAAM][o.j.c.c.u.XmlUtils] The element type "input" must be terminated by the matching end-tag "</input>". org.xml.sax.SAXParseException: The element type "input" must be terminated by the matching end-tag "</input>".         at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:204)         at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178)         at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400)         at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327)         at java.xml/com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1471)         at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1683)         at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2881)         at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605)         at java.xml/com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:112)         at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:534)         at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:888)         at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:824)         at java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)         at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1216)         at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:635)         at org.jasig.cas.client.util.XmlUtils.getTextForElement(XmlUtils.java:192) at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseProxyGrantingTicketFromResponse(Cas20ServiceTicketValidator.java:117)         at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:88)         at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:201)         at org.sonar.plugins.cas.LoginHandler.handleLogin(LoginHandler.java:62)         at org.sonar.plugins.cas.CasIdentityProvider.init(CasIdentityProvider.java:69)         at org.sonar.server.authentication.InitFilter.handleBaseIdentityProvider(InitFilter.java:106)         at org.sonar.server.authentication.InitFilter.handleProvider(InitFilter.java:80)         at org.sonar.server.authentication.InitFilter.doFilter(InitFilter.java:73)         at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)         at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)         at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)         at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)         at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)         at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)         at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)         at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)         at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)         at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)         at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)         at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)         at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)         at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)         at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806)         at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)         at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)         at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)         at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)         at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:834) 2021.01.14 17:17:11 ERROR web[AXcAATOqwIh5Ck86AAAM][o.s.p.c.CasIdentityProvider] authentication or logout failed org.jasig.cas.client.validation.TicketValidationException: No principal was found in the response from the CAS server.         at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:98)         at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:201)         at org.sonar.plugins.cas.LoginHandler.handleLogin(LoginHandler.java:62)         at org.sonar.plugins.cas.CasIdentityProvider.init(CasIdentityProvider.java:69)         at org.sonar.server.authentication.InitFilter.handleBaseIdentityProvider(InitFilter.java:106)         at org.sonar.server.authentication.InitFilter.handleProvider(InitFilter.java:80)         at org.sonar.server.authentication.InitFilter.doFilter(InitFilter.java:73)         at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)         at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)         at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)         at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)         at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)         at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)         at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)         at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)         at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)         at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)         at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)         at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)         at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)         at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)         at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806)         at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)         at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)         at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)         at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)         at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)         at java.base/java.lang.Thread.run(Thread.java:834) 2021.01.14 17:26:41 DEBUG web[][o.s.p.c.s.SessionStoreCleaner] CAS session writeJwtFile clean up started. 2021.01.14 17:26:41 DEBUG web[][o.s.p.c.s.SessionStoreCleaner] CAS session writeJwtFile clean up finished and removed 0 entries.

what file/endpoint was requested

Thanks.

------------------ 原始邮件 ------------------ 发件人: "cloudogu/sonar-cas-plugin" <notifications@github.com>; 发送时间: 2021年1月14日(星期四) 下午5:22 收件人: "cloudogu/sonar-cas-plugin"<sonar-cas-plugin@noreply.github.com>; 抄送: "神丸"<794608009@qq.com>;"Author"<author@noreply.github.com>; 主题: Re: [cloudogu/sonar-cas-plugin] html parser throw exception (#28)

Hi and thank you for request. In order to reproduce your issue I need to know a bit more about your system:

Which version of SonarQube did you use?

Which version of sonar-cas-plugin did you use?

If possible: What is the nature of the request that leads to this error?
like: Browser requests vs REST request

what file/endpoint was requested

Would it be possible to supply any stacktraces, or is this a single log line without any further references?

Thanks in advance

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

ppxl commented 3 years ago

Hi again,

while I am currently diagnosing your error I found some things in your reply that made me think of a configuration problem.

2.Which version of sonar-cas-plugin did you use? sonar-cas-plugin-2.0.2.jar

Did you mean sonar-cas-plugin.2.0.1.jar? This repo does not contain a release for a version 2.0.2

  1. sonarqube cas related config $SONAR_HOME/conf/sonar.properties 

These two lines of your sonar.properties strike me as weird for two reasons:

...
sonar.cas.casServerUrlPrefix=https://cas.xx.com/&nbsp; &nbsp;&nbsp;
...
sonar.cas.sonarServerUrl=http://sonarqube:9000
...
  1. The property sonar.cas.casServerUrlPrefix seems to contain non-breaking spaces?: https://cas.xx.com/&nbsp; &nbsp;&nbsp;
    • Would you mind and double-check that the property does not contain any whitespaces?
  2. the property sonar.cas.sonarServerUrl seems to point to a local SonarQube installation while the CAS URL looks like an internet address (http://sonarqube vs https://cas.xx.com)
    • Both SonarQube installation and CAS server must be able to communicate with each other because of exchanging ticketing information.
    • Could you check if the CAS server has proper connectivity towards the SonarQube server?

Currently I don't have a SonarQube in version 7.9.5 LTS at hand but as a quick-test I checked the constellation

I will test with SonarQube 7.9.5 again and will come back to this issue later on.

In the meanwhile: Would you kindly check with my annotations regarding the configuration above?

ppxl commented 3 years ago

Hi again.

I was not able to reproduce your error within this installation:

I noticed something else from which I conclude that your problem is really just a faulty configuration. The error in the stacktrace tells me that an HTML response was tried to be parsed (instead of a CAS ticket in XML).

4.1like: Browser requests vs REST request ... 2021.01.14 17:17:11 ERROR web[AXcAATOqwIh5Ck86AAAM][o.j.c.c.u.XmlUtils] The element type "input" must be terminated by the matching end-tag "</input>".

The fact that the CAS plugin tries to parse a response with an input element is key to my assumption. Usually CAS granting tickets don't contain <input /> elements, but HTML forms do.

That being said, I suggest to validate the SonarQube configuration. If you want to gain more insights to the faulty HTTP response you could clone the repo and log the CAS response. org.sonar.plugins.cas.LoginHandler.handleLogin() would be a good starting point.

commanderback commented 3 years ago

Hi, After confirmation, we use Yale CAS server.  I notice the plugin support Apereo CAS.  so I want to know whether the plugin supports Yale CAS.

Thank you.

------------------ 原始邮件 ------------------ 发件人: "cloudogu/sonar-cas-plugin" <notifications@github.com>; 发送时间: 2021年1月14日(星期四) 晚上7:11 收件人: "cloudogu/sonar-cas-plugin"<sonar-cas-plugin@noreply.github.com>; 抄送: "神丸"<794608009@qq.com>;"Author"<author@noreply.github.com>; 主题: Re: [cloudogu/sonar-cas-plugin] html parser throw exception (#28)

Hi again.

I was not able to reproduce your error within this installation:

SonarQube 7.9.5 and

sonar-cas-plugin 2.0.1

I noticed something else from which I conclude that your problem is really just a faulty configuration. The error in the stacktrace tells me that an HTML response was tried to be parsed (instead of a CAS ticket in XML).

4.1like: Browser requests vs REST request ... 2021.01.14 17:17:11 ERROR web[AXcAATOqwIh5Ck86AAAM][o.j.c.c.u.XmlUtils] The element type "input" must be terminated by the matching end-tag "</input>".

The fact that the CAS plugin tries to parse a response with an input element is key to my assumption. Usually CAS granting tickets don't contain <input /> elements.

That being said, I suggest to validate the SonarQube configuration. If you want to gain more insights to the faulty HTTP response you could clone the repo and log the CAS response. org.sonar.plugins.cas.LoginHandler.handleLogin() would be a good starting point.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

ppxl commented 3 years ago

From what I understand is that University Yale designed the CAS specification and created an initial CAS implementation. After that Yale submitted it to Apereo for proper maintenance.

Speaking for myself, Apereo's CAS implementation is so old that I haven't ever held a Yale implementation in my hands. https://github.com/cloudogu/sonar-cas-plugin from supports only Apereo CAS. It was successfully tested with CAS 4.0.x

I saw you using the CAS 3 specification, but maybe that was just default values in sonar.properties?:

sonar.cas.protocol=cas3

Just so I can take the CAS implementation into consideration which you are using:

  1. Which CAS version/binary do you actually use?
  2. Can you point me to a download page?
ppxl commented 3 years ago

I am closing this issue because it is stale and also because it looks like a configuration fault. Please feel free to reply if there is additional information available.