Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stack overflow error when add RequestHeaderAuthenticationFilter #13230

Closed
bwgjoseph opened this issue May 25, 2023 · 1 comment
Closed

Stack overflow error when add RequestHeaderAuthenticationFilter #13230

bwgjoseph opened this issue May 25, 2023 · 1 comment
Assignees
@marcusdacoregio
Labels
for: stackoverflow A question that's better suited to stackoverflow.com

Comments

@bwgjoseph
Copy link

I'm using

Spring Boot 2.7.12
Spring Security 5.8.3

(I did test with Spring Boot 3.1.0, and I am facing the same issue)

Describe the bug
I encounter a StackOverflowError exception when trying to access /filter endpoint.

> curl localhost:8080/me -H "X-User: A"
<!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> Filter execution threw an exception</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b></p><pre>javax.servlet.ServletException: Filter execution threw an exception
        org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
        org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
        org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
</pre><p><b>Root Cause</b></p><pre>java.lang.StackOverflowError
        java.base&#47;java.lang.Exception.&lt;init&gt;(Exception.java:103)
        java.base&#47;java.lang.ReflectiveOperationException.&lt;init&gt;(ReflectiveOperationException.java:90)
        java.base&#47;java.lang.reflect.InvocationTargetException.&lt;init&gt;(InvocationTargetException.java:67)
        jdk.internal.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
        java.base&#47;jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        java.base&#47;java.lang.reflect.Method.invoke(Method.java:568)
        org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
        org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
        jdk.proxy5&#47;jdk.proxy5.$Proxy70.authenticate(Unknown Source)
        jdk.internal.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
        java.base&#47;jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        java.base&#47;java.lang.reflect.Method.invoke(Method.java:568)
        org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
        org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
        jdk.proxy5&#47;jdk.proxy5.$Proxy70.authenticate(Unknown Source)
        jdk.internal.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
        java.base&#47;jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        java.base&#47;java.lang.reflect.Method.invoke(Method.java:568)
        org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
        org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
        jdk.proxy5&#47;jdk.proxy5.$Proxy70.authenticate(Unknown Source)
        jdk.internal.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
        java.base&#47;jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        java.base&#47;java.lang.reflect.Method.invoke(Method.java:568)
       // omitted

To Reproduce
I have the following configuration

@EnableWebSecurity(debug = true)
@Configuration
public class WebSecurityConfig {
    /**
     * This allows us to get an instance of the {@code AuthenticationManager} so to inject into {@code RequestHeaderAuthenticationFilter}
     */
    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

    public RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter(AuthenticationManager authenticationManager) {
        RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter = new RequestHeaderAuthenticationFilter();
        requestHeaderAuthenticationFilter.setPrincipalRequestHeader("X-User");
        requestHeaderAuthenticationFilter.setExceptionIfHeaderMissing(true);
        requestHeaderAuthenticationFilter.setAuthenticationManager(authenticationManager);

        return requestHeaderAuthenticationFilter;
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http, AuthenticationManager authenticationManager) throws Exception {
        return http
            .authorizeHttpRequests(authz -> authz.anyRequest().authenticated())
            .addFilter(requestHeaderAuthenticationFilter(authenticationManager))
            .build();
    }

}

And a simple controller endpoint

@RestController
public class FilterController {

    @GetMapping("/filter")
    public String filter() {
        return "filter";
    }
}

Expected behavior
The request should be processed, and thus, returning filter as the response.

Sample

You can find the reproduce over at spring-security-stackoverflow-error
@bwgjoseph bwgjoseph added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels May 25, 2023
@marcusdacoregio
Copy link
Contributor

Hi @bwgjoseph, this issue is probably related to the way you are exposing the AuthenticationManager, see this answer for more details.

If you believe this is a different problem, we can reopen this issue.

See:

@marcusdacoregio marcusdacoregio self-assigned this May 31, 2023
@marcusdacoregio marcusdacoregio added for: stackoverflow A question that's better suited to stackoverflow.com and removed status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels May 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusdacoregio marcusdacoregio

Labels
for: stackoverflow A question that's better suited to stackoverflow.com
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marcusdacoregio @bwgjoseph