Invalid Authorization header: Negotiate on first request, other requests work fine
1,454 views
Skip to first unread message
Uri Naor
Sep 20, 2016, 6:43:15 PM9/20/16
to waffle
I can't seem to figure this out
the first time im getting this error 500
after that it works flawlessly
this is a spring boot project with waffle
im attaching relevant system logs
2016-09-20 17:37:45.619 DEBUG 20848 --- [-nio-555-exec-1] waffle.spring.NegotiateSecurityFilter : GET /test, contentlength: -1
2016-09-20 17:37:45.652 DEBUG 20848 --- [-nio-555-exec-1] w.s.NegotiateSecurityFilterEntryPoint : [waffle.spring.NegotiateEntryPoint] commence
2016-09-20 17:37:45.668 DEBUG 20848 --- [-nio-555-exec-2] waffle.spring.NegotiateSecurityFilter : GET /test, contentlength: -1
2016-09-20 17:37:45.676 DEBUG 20848 --- [-nio-555-exec-2] w.s.spi.NegotiateSecurityFilterProvider : security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:57258
2016-09-20 17:37:45.717 DEBUG 20848 --- [-nio-555-exec-2] w.s.spi.NegotiateSecurityFilterProvider : token buffer: 121 byte(s)
2016-09-20 17:37:45.847 DEBUG 20848 --- [-nio-555-exec-2] w.s.spi.NegotiateSecurityFilterProvider : continue token: oYIBCzCCAQegAwoBAaEMBgorBgEEAYI3AgIKooHxBIHuTlRMTVNTUAACAAAACAAIADgAAAAVwoniSxh56EzFolMQvUSDmAEAI MODIFITED THIS TOKENQQBPAFIAMQAwAC0ATAAEACIAYwBvAHIAcAAuAFQARgBIAE4ARQBUAC4ATABPAEMAQQBMAAMANgB1AG4AYQBvAHIAMQAwAC0ATAAuAGMAbwByAHAALgBUAEYASABOAEUAVAAuAEwATwBDAEEATAAFABgAVABGAEgATgBFAFQALgBMAE8AQwBBAEwABwAIABSGkZuPE9IBAAAAAA==
2016-09-20 17:37:45.850 DEBUG 20848 --- [-nio-555-exec-2] w.s.spi.NegotiateSecurityFilterProvider : continue required: true
2016-09-20 17:37:45.855 DEBUG 20848 --- [-nio-555-exec-3] waffle.spring.NegotiateSecurityFilter : GET /test, contentlength: -1
2016-09-20 17:37:45.856 DEBUG 20848 --- [-nio-555-exec-3] w.s.spi.NegotiateSecurityFilterProvider : security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:57258
2016-09-20 17:37:45.856 DEBUG 20848 --- [-nio-555-exec-3] w.s.spi.NegotiateSecurityFilterProvider : token buffer: 121 byte(s)
2016-09-20 17:37:45.890 DEBUG 20848 --- [-nio-555-exec-3] w.s.spi.NegotiateSecurityFilterProvider : continue token: oRswGaAMODIFIEDTHISASWELLEAAADPeAB8TPDu7gAAAAA=
2016-09-20 17:37:45.890 DEBUG 20848 --- [-nio-555-exec-3] w.s.spi.NegotiateSecurityFilterProvider : continue required: false
2016-09-20 17:37:46.063 DEBUG 20848 --- [-nio-555-exec-3] waffle.spring.NegotiateSecurityFilter : logged in user: CORP\unaor (S-1-5-21-3561756756756756756775-598071231-8631)
2016-09-20 17:37:46.066 DEBUG 20848 --- [-nio-555-exec-3] waffle.spring.NegotiateSecurityFilter : roles: CORP\unaor, CORP\Domain Users, Everyone, BUILTIN\Administrators, BUILTIN\Users, NT AUTHORITY\INTERACTIVE, CONSOLE LOGON, NT AUTHORITY\Authenticated Users, NT AUTHORITY\This Organization, NT AUTHORITY\LogonSessionId_0_405294, LOCAL, CORP\developers, Mandatory Label\Medium Mandatory Level
2016-09-20 17:37:46.066 INFO 20848 --- [-nio-555-exec-3] waffle.spring.NegotiateSecurityFilter : successfully logged in user: CORP\unaor
2016-09-20 17:37:46.077 DEBUG 20848 --- [-nio-555-exec-3] waffle.spring.NegotiateSecurityFilter : GET /403, contentlength: -1
2016-09-20 17:37:46.077 DEBUG 20848 --- [-nio-555-exec-3] w.s.spi.NegotiateSecurityFilterProvider : security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:57258
2016-09-20 17:37:46.079 DEBUG 20848 --- [-nio-555-exec-3] w.s.spi.NegotiateSecurityFilterProvider : token buffer: 121 byte(s)
2016-09-20 17:37:46.085 WARN 20848 --- [-nio-555-exec-3] waffle.spring.NegotiateSecurityFilter : error logging in user: com.sun.jna.platform.win32.Win32Exception: The token supplied to the function is invalid
2016-09-20 17:37:46.092 TRACE 20848 --- [-nio-555-exec-3] waffle.spring.NegotiateSecurityFilter :
java.io.IOException: com.sun.jna.platform.win32.Win32Exception: The token supplied to the function is invalid
at waffle.servlet.spi.SecurityFilterProviderCollection.doFilter(SecurityFilterProviderCollection.java:150) ~[waffle-jna-1.8.1.jar:1.8.1]
the first time im getting this error 500
after that it works flawlessly
this is a spring boot project with waffle
im attaching relevant system logs
2016-09-20 17:37:45.619 DEBUG 20848 --- [-nio-555-exec-1] waffle.spring.NegotiateSecurityFilter : GET /test, contentlength: -1
2016-09-20 17:37:45.652 DEBUG 20848 --- [-nio-555-exec-1] w.s.NegotiateSecurityFilterEntryPoint : [waffle.spring.NegotiateEntryPoint] commence
2016-09-20 17:37:45.668 DEBUG 20848 --- [-nio-555-exec-2] waffle.spring.NegotiateSecurityFilter : GET /test, contentlength: -1
2016-09-20 17:37:45.676 DEBUG 20848 --- [-nio-555-exec-2] w.s.spi.NegotiateSecurityFilterProvider : security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:57258
2016-09-20 17:37:45.717 DEBUG 20848 --- [-nio-555-exec-2] w.s.spi.NegotiateSecurityFilterProvider : token buffer: 121 byte(s)
2016-09-20 17:37:45.847 DEBUG 20848 --- [-nio-555-exec-2] w.s.spi.NegotiateSecurityFilterProvider : continue token: oYIBCzCCAQegAwoBAaEMBgorBgEEAYI3AgIKooHxBIHuTlRMTVNTUAACAAAACAAIADgAAAAVwoniSxh56EzFolMQvUSDmAEAI MODIFITED THIS TOKENQQBPAFIAMQAwAC0ATAAEACIAYwBvAHIAcAAuAFQARgBIAE4ARQBUAC4ATABPAEMAQQBMAAMANgB1AG4AYQBvAHIAMQAwAC0ATAAuAGMAbwByAHAALgBUAEYASABOAEUAVAAuAEwATwBDAEEATAAFABgAVABGAEgATgBFAFQALgBMAE8AQwBBAEwABwAIABSGkZuPE9IBAAAAAA==
2016-09-20 17:37:45.850 DEBUG 20848 --- [-nio-555-exec-2] w.s.spi.NegotiateSecurityFilterProvider : continue required: true
2016-09-20 17:37:45.855 DEBUG 20848 --- [-nio-555-exec-3] waffle.spring.NegotiateSecurityFilter : GET /test, contentlength: -1
2016-09-20 17:37:45.856 DEBUG 20848 --- [-nio-555-exec-3] w.s.spi.NegotiateSecurityFilterProvider : security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:57258
2016-09-20 17:37:45.856 DEBUG 20848 --- [-nio-555-exec-3] w.s.spi.NegotiateSecurityFilterProvider : token buffer: 121 byte(s)
2016-09-20 17:37:45.890 DEBUG 20848 --- [-nio-555-exec-3] w.s.spi.NegotiateSecurityFilterProvider : continue token: oRswGaAMODIFIEDTHISASWELLEAAADPeAB8TPDu7gAAAAA=
2016-09-20 17:37:45.890 DEBUG 20848 --- [-nio-555-exec-3] w.s.spi.NegotiateSecurityFilterProvider : continue required: false
2016-09-20 17:37:46.063 DEBUG 20848 --- [-nio-555-exec-3] waffle.spring.NegotiateSecurityFilter : logged in user: CORP\unaor (S-1-5-21-3561756756756756756775-598071231-8631)
2016-09-20 17:37:46.066 DEBUG 20848 --- [-nio-555-exec-3] waffle.spring.NegotiateSecurityFilter : roles: CORP\unaor, CORP\Domain Users, Everyone, BUILTIN\Administrators, BUILTIN\Users, NT AUTHORITY\INTERACTIVE, CONSOLE LOGON, NT AUTHORITY\Authenticated Users, NT AUTHORITY\This Organization, NT AUTHORITY\LogonSessionId_0_405294, LOCAL, CORP\developers, Mandatory Label\Medium Mandatory Level
2016-09-20 17:37:46.066 INFO 20848 --- [-nio-555-exec-3] waffle.spring.NegotiateSecurityFilter : successfully logged in user: CORP\unaor
2016-09-20 17:37:46.077 DEBUG 20848 --- [-nio-555-exec-3] waffle.spring.NegotiateSecurityFilter : GET /403, contentlength: -1
2016-09-20 17:37:46.077 DEBUG 20848 --- [-nio-555-exec-3] w.s.spi.NegotiateSecurityFilterProvider : security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:57258
2016-09-20 17:37:46.079 DEBUG 20848 --- [-nio-555-exec-3] w.s.spi.NegotiateSecurityFilterProvider : token buffer: 121 byte(s)
2016-09-20 17:37:46.085 WARN 20848 --- [-nio-555-exec-3] waffle.spring.NegotiateSecurityFilter : error logging in user: com.sun.jna.platform.win32.Win32Exception: The token supplied to the function is invalid
2016-09-20 17:37:46.092 TRACE 20848 --- [-nio-555-exec-3] waffle.spring.NegotiateSecurityFilter :
java.io.IOException: com.sun.jna.platform.win32.Win32Exception: The token supplied to the function is invalid
at waffle.servlet.spi.SecurityFilterProviderCollection.doFilter(SecurityFilterProviderCollection.java:150) ~[waffle-jna-1.8.1.jar:1.8.1]
Daniel Doubrovkine
Sep 21, 2016, 7:42:53 AM9/21/16
to waffle...@googlegroups.com
See if there're two requests happening here in parallel or whether the second error logging in error comes from the same request where another token is sent after a successful auth?
--
You received this message because you are subscribed to the Google Groups "waffle" group.
To unsubscribe from this group and stop receiving emails from it, send an email to waffle-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Uri Naor
Sep 21, 2016, 12:51:56 PM9/21/16
to waffle
Thanks for pointing me where to look
there was an additional request to the favicon.ico that caused this
i removed it from the filter chain and its working flawlessly
there was an additional request to the favicon.ico that caused this
i removed it from the filter chain and its working flawlessly
Uri Naor
Sep 21, 2016, 5:00:58 PM9/21/16
to waffle
Its inconcistent, sometimes after server restart it completes the request without issues
other times the first request throws the error and after that its working fine
Im trying to debug the NegotiateSecurityFilter (waffle.spring) im noticing that its called many times but still not sure on the reason
other times the first request throws the error and after that its working fine
Im trying to debug the NegotiateSecurityFilter (waffle.spring) im noticing that its called many times but still not sure on the reason
Daniel Doubrovkine
Sep 22, 2016, 8:12:32 AM9/22/16
to waffle...@googlegroups.com
Neither of this sounds normal. First, "parallel" requests should work. I would downgrade to NTLM only and see if it works around your problem to start.
--
You received this message because you are subscribed to the Google Groups "waffle" group.
To unsubscribe from this group and stop receiving emails from it, send an email to waffle-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Uri Naor
Sep 22, 2016, 11:53:22 AM9/22/16
to waffle
Downgraded (setting the protocols list with NTLM only)
i see no change
o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
o.s.security.web.FilterChainProxy : /dashboard reached end of additional filter chain; proceeding with original chain
waffle.spring.NegotiateSecurityFilter : GET /dashboard, contentlength: -1
w.s.spi.NegotiateSecurityFilterProvider : security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:52672
i see no change
o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
o.s.security.web.FilterChainProxy : /dashboard reached end of additional filter chain; proceeding with original chain
waffle.spring.NegotiateSecurityFilter : GET /dashboard, contentlength: -1
w.s.spi.NegotiateSecurityFilterProvider : security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:52672
w.s.spi.NegotiateSecurityFilterProvider : token buffer: 121 byte(s)
waffle.spring.NegotiateSecurityFilter : error logging in user: com.sun.jna.platform.win32.Win32Exception: The token supplied to the function is invalid
waffle.spring.NegotiateSecurityFilter :
win32.Win32Exception: The token supplied to the function is invalid
If its already authenticated and authorized why is the filter trying to authenticate again....
On Thursday, September 22, 2016 at 7:12:32 AM UTC-5, Daniel Doubrovkine wrote:
Neither of this sounds normal. First, "parallel" requests should work. I would downgrade to NTLM only and see if it works around your problem to start.
On Wed, Sep 21, 2016 at 5:00 PM, Uri Naor <nao...@gmail.com> wrote:
Its inconcistent, sometimes after server restart it completes the request without issues
other times the first request throws the error and after that its working fine
Im trying to debug the NegotiateSecurityFilter (waffle.spring) im noticing that its called many times but still not sure on the reason
On Wednesday, September 21, 2016 at 11:51:56 AM UTC-5, Uri Naor wrote:Thanks for pointing me where to look
there was an additional request to the favicon.ico that caused this
i removed it from the filter chain and its working flawlessly
--
You received this message because you are subscribed to the Google Groups "waffle" group.
To unsubscribe from this group and stop receiving emails from it, send an email to waffle-users...@googlegroups.com.
Uri Naor
Sep 22, 2016, 12:07:56 PM9/22/16
to waffle
another user is having this issue here in the comments section
http://stackoverflow.com/questions/36909226/how-to-configure-waffle-in-spring-using-java-configuration
http://stackoverflow.com/questions/36909226/how-to-configure-waffle-in-spring-using-java-configuration
Daniel Doubrovkine
Sep 22, 2016, 12:22:26 PM9/22/16
to waffle...@googlegroups.com
I think the *browser* is supplying tokens, which the server takes as "I must do something again", which is according to spec. I am not sure what's going on though ...
To unsubscribe from this group and stop receiving emails from it, send an email to waffle-users+unsubscribe@googlegroups.com.
Uri Naor
Sep 22, 2016, 1:22:10 PM9/22/16
to waffle
Tested the same code on the following browsers:
firefox : works flawlessly
chrome: fails on first request (not %100 of times but mostly) subsequent requests works flawlessly
Explorer: This one is the worst, works flawlessly but if i restart the server, ALL requests fail, i need to restart the internet explorer and than requests works fine
I don't know if it helps and im also using the waffle.spring.NegotiateSecurityFilter
firefox : works flawlessly
chrome: fails on first request (not %100 of times but mostly) subsequent requests works flawlessly
Explorer: This one is the worst, works flawlessly but if i restart the server, ALL requests fail, i need to restart the internet explorer and than requests works fine
I don't know if it helps and im also using the waffle.spring.NegotiateSecurityFilter
Uri Naor
Sep 22, 2016, 4:22:14 PM9/22/16
to waffle
I've stumbled on an old question by a member called Richard in this group, and he suggested trying to deploy the application as a normal WAR (Spring boot provides an embedded tomcat)
Doing so chrome no longer gives me this problem and its working fine...
Is it something you have any idea why is happening?
Doing so chrome no longer gives me this problem and its working fine...
Is it something you have any idea why is happening?
Daniel Doubrovkine
Sep 22, 2016, 5:22:21 PM9/22/16
to waffle...@googlegroups.com
I personally have no idea ;)
To unsubscribe from this group and stop receiving emails from it, send an email to waffle-users+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages