How to obtain Shiro subject when using Catalog Camel Component

Mark

unread,

May 9, 2016, 7:21:49 AM5/9/16

to ddf-users

I am trying to ingest a stream of data into the DDF Catalog Framework. I am using a Camel route in DDF to process this data and I would like to use the DDF Catalog Camel Component. I have the data going into the component but when I set the Security Subject I get an exception. Here are the lines of code in my Camel Processor for the security and create:

exchange.getOut().setHeader("operation", "CREATE");

Subject subject = SecurityUtils.getSubject();

exchange.getOut().setHeader(SecurityConstants.SECURITY_SUBJECT, subject);

I have created REST endpoints in DDF that use the SecurityUtils.getSubject() method successfully to get the current user but I'm not sure how to get the Subject from within a Camel route inside of DDF. I get the following exception when I try and get the Shiro Subject from my route:

org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration.

at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)[207:org.apache.shiro.core:1.2.4]

at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627)[207:org.apache.shiro.core:1.2.4]

at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56)[207:org.apache.shiro.core:1.2.4]

at <MY Processor>.process(MY.java:64)[416:MINE:1.0.0.SNAPSHOT]

at org.apache.camel.processor.DelegateSyncProcessor.process(DelegateSyncProcessor.java:63)[172:org.apache.camel.camel-core:2.16.1]

at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)[172:org.apache.camel.camel-core:2.16.1]

at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:460)[172:org.apache.camel.camel-core:2.16.1]

at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:190)[172:org.apache.camel.camel-core:2.16.1]

at org.apache.camel.processor.Pipeline.process(Pipeline.java:121)[172:org.apache.camel.camel-core:2.16.1]

at org.apache.camel.processor.Pipeline.process(Pipeline.java:83)[172:org.apache.camel.camel-core:2.16.1]

at org.apache.camel.processor.FilterProcessor.process(FilterProcessor.java:57)[172:org.apache.camel.camel-core:2.16.1]

at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)[172:org.apache.camel.camel-core:2.16.1]

at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:460)[172:org.apache.camel.camel-core:2.16.1]

at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:190)[172:org.apache.camel.camel-core:2.16.1]

at org.apache.camel.component.seda.SedaConsumer.sendToConsumers(SedaConsumer.java:298)[172:org.apache.camel.camel-core:2.16.1]

at org.apache.camel.component.seda.SedaConsumer.doRun(SedaConsumer.java:207)[172:org.apache.camel.camel-core:2.16.1]

at org.apache.camel.component.seda.SedaConsumer.run(SedaConsumer.java:154)[172:org.apache.camel.camel-core:2.16.1]

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_60]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_60]

at java.lang.Thread.run(Thread.java:745)[:1.8.0_60]

Any help would be greatly appreciated.

Thanks,

Mark

Scott Tustison

unread,

May 9, 2016, 9:22:01 AM5/9/16

to ddf-users

The subject is only automatically attached to the thread when performing requests through Jetty. When setting up a camel route, you need to create a subject yourself for the transaction. If you have any login type information, you can use that, otherwise I would recommend creating a Guest subject if the Camel route has connectivity outside the machine or a system subject if it does not.

System subject example: https://github.com/codice/ddf/blob/2.9.x/catalog/core/catalog-core-directorymonitor/src/main/java/org/codice/ddf/catalog/content/monitor/ContentDirectoryMonitor.java#L327

Guest example: https://github.com/codice/ddf/blob/f4d0cde422b5f2b08a94df4565506bdf53edfa9f/platform/security/interceptor/security-interceptor-guest/src/main/java/org/codice/ddf/security/interceptor/GuestInterceptor.java#L214

The same question was asked over here, by the way: https://groups.google.com/forum/#!topic/ddf-users/F7EK3Dwobe0

Scott

Mark

unread,

May 9, 2016, 11:07:51 AM5/9/16

to ddf-users

Thanks for the help Scott. I did see the other ddf-users thread that you referenced didn't find all the links. I'm curious on how the Cataloger.java file works, I get a 404 when I try and hit the link. I will try and implement some of your suggestions and report back what I find.

Scott Tustison

unread,

May 9, 2016, 12:21:15 PM5/9/16

to ddf-users

DDF Content was removed and integrated with DDF Catalog. The Cataloger class no longer exists.

Scott

Mark

unread,

May 9, 2016, 11:10:41 PM5/9/16

to ddf-users

I am trying to trace through the code to understand why my Subject object is getting lost. In the Camel processor I've written I have the following code:

Subject subject = Security.getSystemSubject();

logger.info("Setting Shiro Subject -- " + subject);

exchange.getOut().setHeader("ddf.security.subject", subject);

I turned up the logging in DDF 2.9.0 to DEBUG and observe the following output:

I see in FrameworkProducer.create(Exchange) that the Camel Exchange is used to create a CreateRequestImpl object. The CreateRequestImpl constructor takes in a List of Metacard objects. The CreateRequestImpl constructor sets the properties to null and the destinations to an empty HashSet. The CreateRequestImpl object is then passed to the CatalogFramework.create(CreateRequest) method.

Based on the log shown above, the CatalogFramework implementation class is CatalogFrameworkImpl. Looking at line 1087, there's a loop that iterates over the access plugins that each have the CreateRequest object passed into it. Using the last line in the log snippet above, I looked at the SecurityPlugin class and note that the error that is thrown is due to the Subject not being found in the properties of the CreateRequest which I believe was not set.

I also noted that the exception that was caught at line 110 is never reported in a log which could help diagnose the problem.

If what I've found looks like a bug, I would like to submit a ticket in JIRA and work on a patch. Please advise on how to proceed.

Thank you,

Mark

Scott Tustison

unread,

May 10, 2016, 9:03:38 AM5/10/16

to ddf-users

It isn't a bug, you need to attach the subject to the thread context. See the Camel example that I posted above.

Scott

Mark

unread,

May 10, 2016, 9:35:48 AM5/10/16

to Scott Tustison, ddf-users

I did get things working with the call to ThreadContext.bind(Security.getSystemSubject()) at the top of the process(Exchange) method in my Camel processor. What I was trying to do is not use the system subject for the transactions and attach an actual user Subject from which the data originated to the message. It appears that the Subject added to the Exchange's incoming Message header is disregarded.

Thanks for the help,
Mark

--
You received this message because you are subscribed to a topic in the Google Groups "ddf-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ddf-users/Eo1H2zras3g/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ddf-users+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Scott Tustison

unread,

May 10, 2016, 10:09:35 AM5/10/16

to ddf-users, scott.t...@gmail.com

If you already have an actual user subject, you can attach that subject in the same way that the system subject is being attached. I would also not recommend using the system subject if this camel route is exposed externally. You should either use a Guest subject or an actual user.

Scott

Reply all

Reply to author

Forward