Uploaded image for project: 'Alfresco'
  1. Alfresco
  2. ALF-21825

FeedNotifier - A valid SecureContext was not provided in the RequestContext

    Details

    • Type: Bug
    • Status: New (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 5.2
    • Fix Version/s: None
    • Security Level: external (External user)
    • Labels:
      None
    • Triage:
      ACE

      Description

      Using Alfresco 5.2.d with Kerberos SSO set up I'm getting FeedNotifier exceptions. Installed on Ubuntu 14.04 with mysql. User synced via LDAP (MS AD).
      This is reported on from two different installs.
      Emails do seem to get sent, but unsure if all of them are.
      This looks like the same issue as ACE-4028.

      2017-01-12 07:00:17,816  INFO  [solr.component.AsyncBuildSuggestComponent] [Suggestor-alfresco-1] Built suggester shingleBasedSuggestions, took 2366 ms
       Exception in thread "FeedNotifier1" net.sf.acegisecurity.AuthenticationCredentialsNotFoundException: A valid SecureContext was not provided in the RequestContext
              at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:481)
              at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:359)
              at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
              at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
              at org.alfresco.repo.audit.AuditMethodInterceptor.proceed(AuditMethodInterceptor.java:201)
              at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:171)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
              at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
              at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
              at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
              at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
              at com.sun.proxy.$Proxy110.countPeople(Unknown Source)
              at org.alfresco.repo.activities.feed.FeedNotifierImpl$3.getTotalEstimatedWorkSize(FeedNotifierImpl.java:427)
              at org.alfresco.repo.batch.BatchProcessor.reportProgress(BatchProcessor.java:470)
              at org.alfresco.repo.batch.BatchProcessor.access$10(BatchProcessor.java:463)
              at org.alfresco.repo.batch.BatchProcessor$TxnCallback.commitProgress(BatchProcessor.java:859)
              at org.alfresco.repo.batch.BatchProcessor$TxnCallback.run(BatchProcessor.java:808)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
              at java.lang.Thread.run(Thread.java:745)
      Exception in thread "FeedNotifier4" net.sf.acegisecurity.AuthenticationCredentialsNotFoundException: A valid SecureContext was not provided in the RequestContext
              at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:481)
              at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:359)
              at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
              at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
              at org.alfresco.repo.audit.AuditMethodInterceptor.proceed(AuditMethodInterceptor.java:201)
              at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:171)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
              at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
              at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
              at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
              at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
              at com.sun.proxy.$Proxy110.countPeople(Unknown Source)
              at org.alfresco.repo.activities.feed.FeedNotifierImpl$3.getTotalEstimatedWorkSize(FeedNotifierImpl.java:427)
              at org.alfresco.repo.batch.BatchProcessor.reportProgress(BatchProcessor.java:470)
              at org.alfresco.repo.batch.BatchProcessor.access$10(BatchProcessor.java:463)
              at org.alfresco.repo.batch.BatchProcessor$TxnCallback.commitProgress(BatchProcessor.java:859)
              at org.alfresco.repo.batch.BatchProcessor$TxnCallback.run(BatchProcessor.java:808)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
              at java.lang.Thread.run(Thread.java:745)
      

        Attachments

          Issue Links

            Activity

            Hide
            isandhu Indy Sandhu added a comment -

            Thanks for the report Peter. Could you please include your configuration files to help us reproduce the issue? Thanks.

            Show
            isandhu Indy Sandhu added a comment - Thanks for the report Peter. Could you please include your configuration files to help us reproduce the issue? Thanks.
            Hide
            loftux Peter Löfgren added a comment -

            Hi,

            Here are the settings from alfresco-global.properties

            #Traschcan-cleaner
            trashcan-cleaner.cron=0 0 2 * * ?
            # the period for which trashcan items are kept (in java.time.Duration format).
            # Default is 28 days
            trashcan-cleaner.keepPeriod=P90D
            # how many trashcan items to delete per job run
            trashcan-cleaner.deleteBatchCount=1000
            
            # Enable smart folders
            smart.folders.enabled=true
            
            #Group used for public sites, changed for privacy
            site.public.group=GROUP_CustomGroupName 
            
            #Enable activities feed
            activities.feed.notifier.enabled=true
            # Feed notification period (every 24 hours at 08:30)
            activities.feed.notifier.cronExpression=0 30 8 * * ?
            
            system.usages.enabled=true
            
            db.name=alfresco
            db.username=alfresco
            db.password=************
            db.host=***********
            db.port=3306
            
            db.pool.initial=10
            db.pool.min=10
            db.pool.idle=100
            db.pool.max=320
            
            db.pool.validate.return=true
            db.pool.validate.borrow=true
            db.pool.validate.query=SELECT 1
            db.pool.evict.validate=true
            
            db.pool.abandoned.detect=true
            db.pool.abandoned.time=300
            db.pool.abandoned.log=false
            
            db.driver=com.mysql.jdbc.Driver
            db.url=jdbc:mysql://${db.host}:${db.port}/${db.name}?useUnicode=yes&characterEncoding=UTF-8
            
            #
            # Index
            #-------------
            index.subsystem.name=solr4
            solr.host=solr4.*****.se
            solr.port=8080
            solr.port.ssl=8443
            #Effectively turn off solr backup
            solr.backup.alfresco.cronExpression=0 0 2 * * ? 2099
            solr.backup.archive.cronExpression=0 0 4 * * ? 2099
            
            cifs.tcpipSMB.port=1445
            cifs.netBIOSSMB.sessionPort=1139
            cifs.netBIOSSMB.namePort=1137
            cifs.netBIOSSMB.datagramPort=1138
            ftp.port=2021
            cifs.serverName=alfresco
            cifs.domain=*******
            cifs.broadcast=255.255.255.0
            
            # Maximum virtual circuits per session
            # Should only be changed when using Terminal Server clients. Default 16
            cifs.maximumVirtualCircuitsPerSession=480
            
            authentication.chain=kerberos1:kerberos,alfrescoNtlm1:alfrescoNtlm,customer:ldap
            
            # Configure NTLM passthru to SAMBA Server
            ntlm.authentication.sso.enabled=false
            ntlm.authentication.authenticateCIFS=false
            ntlm.authentication.browser.ticketLogons=true
            passthru.authentication.sso.enabled=false
            passthru.authentication.allowGuestLogin=false
            
            alfresco.authentication.allowGuestLogin=true
            
            ##KERBEROS
            kerberos.authentication.http.configEntryName=AlfrescoHTTP
            kerberos.authentication.http.password=********
            kerberos.authentication.sso.enabled=true
            kerberos.authentication.browser.ticketLogons=true
            kerberos.authentication.realm=AD.*********.SE
            kerberos.authentication.user.configEntryName=Alfresco
            kerberos.authentication.defaultAdministratorUserNames=
            kerberos.authentication.cifs.configEntryName=AlfrescoCIFS
            kerberos.authentication.cifs.password=********
            kerberos.authentication.authenticateCIFS=true
            
            ##### Ldap Synchronisation
            # MOVED config to subsystems folders, only scheduling here
            synchronization.synchronizeChangesOnly=false
            synchronization.import.cron=0 0 10,13,16 * * ?
            #synchronization.import.cron=0 0/5 * * * ?
            synchronization.syncWhenMissingPeopleLogIn=true
            synchronization.syncOnStartup=true
            synchronization.autoCreatePeopleOnLogin=false
            synchronization.loggingInterval=100
            synchronization.workerThreads=2
            #### LDAP Sync End
            #### 
            
            Show
            loftux Peter Löfgren added a comment - Hi, Here are the settings from alfresco-global.properties #Traschcan-cleaner trashcan-cleaner.cron=0 0 2 * * ? # the period for which trashcan items are kept (in java.time.Duration format). # Default is 28 days trashcan-cleaner.keepPeriod=P90D # how many trashcan items to delete per job run trashcan-cleaner.deleteBatchCount=1000 # Enable smart folders smart.folders.enabled= true #Group used for public sites, changed for privacy site. public .group=GROUP_CustomGroupName #Enable activities feed activities.feed.notifier.enabled= true # Feed notification period (every 24 hours at 08:30) activities.feed.notifier.cronExpression=0 30 8 * * ? system.usages.enabled= true db.name=alfresco db.username=alfresco db.password=************ db.host=*********** db.port=3306 db.pool.initial=10 db.pool.min=10 db.pool.idle=100 db.pool.max=320 db.pool.validate. return = true db.pool.validate.borrow= true db.pool.validate.query=SELECT 1 db.pool.evict.validate= true db.pool.abandoned.detect= true db.pool.abandoned.time=300 db.pool.abandoned.log= false db.driver=com.mysql.jdbc.Driver db.url=jdbc:mysql: //${db.host}:${db.port}/${db.name}?useUnicode=yes&characterEncoding=UTF-8 # # Index #------------- index.subsystem.name=solr4 solr.host=solr4.*****.se solr.port=8080 solr.port.ssl=8443 #Effectively turn off solr backup solr.backup.alfresco.cronExpression=0 0 2 * * ? 2099 solr.backup.archive.cronExpression=0 0 4 * * ? 2099 cifs.tcpipSMB.port=1445 cifs.netBIOSSMB.sessionPort=1139 cifs.netBIOSSMB.namePort=1137 cifs.netBIOSSMB.datagramPort=1138 ftp.port=2021 cifs.serverName=alfresco cifs.domain=******* cifs.broadcast=255.255.255.0 # Maximum virtual circuits per session # Should only be changed when using Terminal Server clients. Default 16 cifs.maximumVirtualCircuitsPerSession=480 authentication.chain=kerberos1:kerberos,alfrescoNtlm1:alfrescoNtlm,customer:ldap # Configure NTLM passthru to SAMBA Server ntlm.authentication.sso.enabled= false ntlm.authentication.authenticateCIFS= false ntlm.authentication.browser.ticketLogons= true passthru.authentication.sso.enabled= false passthru.authentication.allowGuestLogin= false alfresco.authentication.allowGuestLogin= true ##KERBEROS kerberos.authentication.http.configEntryName=AlfrescoHTTP kerberos.authentication.http.password=******** kerberos.authentication.sso.enabled= true kerberos.authentication.browser.ticketLogons= true kerberos.authentication.realm=AD.*********.SE kerberos.authentication.user.configEntryName=Alfresco kerberos.authentication.defaultAdministratorUserNames= kerberos.authentication.cifs.configEntryName=AlfrescoCIFS kerberos.authentication.cifs.password=******** kerberos.authentication.authenticateCIFS= true ##### Ldap Synchronisation # MOVED config to subsystems folders, only scheduling here synchronization.synchronizeChangesOnly= false synchronization. import .cron=0 0 10,13,16 * * ? #synchronization. import .cron=0 0/5 * * * ? synchronization.syncWhenMissingPeopleLogIn= true synchronization.syncOnStartup= true synchronization.autoCreatePeopleOnLogin= false synchronization.loggingInterval=100 synchronization.workerThreads=2 #### LDAP Sync End ####
            Hide
            dhulley Derek Hulley added a comment - - edited

            Thank you, Peter Löfgren
            I believe that the bug will be causing the batch processing reporting to fail but will not actually prevent the batch processing from taking place.
            Nevertheless, it will need fixing.

            Show
            dhulley Derek Hulley added a comment - - edited Thank you, Peter Löfgren I believe that the bug will be causing the batch processing reporting to fail but will not actually prevent the batch processing from taking place. Nevertheless, it will need fixing.
            Hide
            folcina Francisco Olcina Grande added a comment -

            Hi Derek,

            yes, this is exactly it.

            Using two or more threads, when it comes to show the percentage of completion in any of the threads after finishing a batch of entries, the method "getTotalEstimatedWorkSize()" doesn't have the right secure context and causes the thread to die. A new thread is created to continue with the next batch and eventually dies for the same reason. This causes the batch processing to continuously create new threads to progress with the feed emails.

            Show
            folcina Francisco Olcina Grande added a comment - Hi Derek, yes, this is exactly it. Using two or more threads, when it comes to show the percentage of completion in any of the threads after finishing a batch of entries, the method "getTotalEstimatedWorkSize()" doesn't have the right secure context and causes the thread to die. A new thread is created to continue with the next batch and eventually dies for the same reason. This causes the batch processing to continuously create new threads to progress with the feed emails.

              People

              • Assignee:
                repositoryteam Repository Team
                Reporter:
                loftux Peter Löfgren
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Date of First Response:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 25 minutes
                  25m