6.30 itest新注册用户登录401
SuperMap iPortal 401 Error
The user does not have permission to access the page or the session has expired
GET
scheme
https
host
itest.supermapol.com
filename
/shiro-cas
popup
true
id
login_window446
callBackName
reCallBack
ticket
ST-6052-9T9VxwFjVV1SLCbhXowr-sso.supermap.com
Address
182.92.192.70:443
Status401
VersionHTTP/1.1
Transferred1.16 KB (571 B size)
Referrer Policystrict-origin-when-cross-origin
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Connection
keep-alive
Content-Length
571
Content-Type
text/html;charset=UTF-8
Date
Wed, 30 Jun 2021 08:52:41 GMT
Server
nginx
Set-Cookie
JSESSIONID=ADEC28E45A9B47ADF2E952E7AFE407DD-n1; Domain=itest.supermapol.com; Path=/; secure; SameSite=None; Secure; HttpOnly; SameSite=None
Set-Cookie
rememberMe=deleteMe; Path=/; secure; SameSite=None; Max-Age=0; Expires=Tue, 29-Jun-2021 08:52:40 GMT; SameSite=lax
Strict-Transport-Security
max-age=0
X-XSS-Protection
1; mode=block
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US,en;q=0.5
Connection
keep-alive
Cookie
Hm_lvt_0117cd7e7bf092f2162903096b3c2586=1622613549; language=en
Host
itest.supermapol.com
Referer
https://sso.supermap.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.01. 数据库
2. 镜像
3. 配置文件
4. nginx
0422版本没问题
select * from users where tel = 17783116571
select * from users where tel = 13883190518
select * from users where username = 944969
select * from user_roles where userid = 13问题
、最新latest镜像只在itest上有问题,本地没问题##iportal登录sso代码解析
###前端错误提示
该用户没有权限访问该页面或者会话已过期
iportalUnAuthorise_zh_CN.ftl
error_zh_CN.ftl####sql相关
cas users
iportal user_infos
security-itest userssecurityHandler
————doAuthenticateAndAuthorizate 登录和权限
MyShiroFilter###arthas操作
kubectl get pods -n online |grep iportal
kubectl -n online exec -it online-iportal-799d677469-wtm7q bash
watch com.supermap.server.host.webapp.handlers.SecurityHandler doAuthenticateAndAuthorizate '{params,returnObj,throwExp}' -v -n 5 -x 3 '1==1'
重点:
watch com.supermap.services.security.Manager a '{params,returnObj,throwExp}' -v -n 5 -x 3 '1==1'
//
watch com.supermap.services.security.Manager occupyIportalLicenseCount '{params,returnObj,throwExp}' -v -n 5 -x 3 '1==1'
watch com.supermap.services.security.Manager getIportalLicenseUserCount '{params,returnObj,throwExp}' -v -n 5 -x 3 '1==1'###日志错误
[arthas@100]$ watch com.supermap.server.host.webapp.handlers.SecurityHandler doAuthenticateAndAuthorizate '{params,returnObj,throwExp}' -v -n 15 -x 3 '1==1'
Press Q or Ctrl+C to abort.
Affect(class count: 1 , method count: 1) cost in 115 ms, listenerId: 4
Condition express: 1==1 , result: true
method=com.supermap.server.host.webapp.handlers.SecurityHandler.doAuthenticateAndAuthorizate location=AtExceptionExit
ts=2021-07-02 11:51:57; [cost=467.104104ms] result=@ArrayList[
@Object[][
@ModifyRequestURL[
b=@String[itest.supermapol.com],
c=@Integer[443],
d=@String[https://itest.supermapol.com/shiro-cas],
a=@BasicHandler[com.supermap.server.host.webapp.handlers.BasicHandler@e777c0c],
LSTRING_FILE=@String[javax.servlet.LocalStrings],
lStrings=@PropertyResourceBundle[java.util.PropertyResourceBundle@534dcf40],
request=@RequestFacade[org.apache.catalina.connector.RequestFacade@24097e54],
],
@UrlRewriteWrappedResponse[
urlRerwiter=@UrlRewriter[org.tuckey.web.filters.urlrewrite.UrlRewriter@1b4055fd],
httpServletResponse=@ErrorStatusServletResponse[com.supermap.icloud.security.ErrorStatusPageFilter$ErrorStatusServletResponse@6ca0c58e],
httpServletRequest=@RequestFacade[org.apache.catalina.connector.RequestFacade@24097e54],
overridenRequestParameters=null,
overridenMethod=null,
LSTRING_FILE=@String[javax.servlet.LocalStrings],
lStrings=@PropertyResourceBundle[java.util.PropertyResourceBundle@534dcf40],
response=@ErrorStatusServletResponse[com.supermap.icloud.security.ErrorStatusPageFilter$ErrorStatusServletResponse@6ca0c58e],
],
],
null,
javax.servlet.ServletException: com.supermap.services.providers.InvalidLicenseException: ??????????????????????????????????????????????????????
at org.apache.shiro.web.servlet.AdviceFilter.cleanup(AdviceFilter.java:196)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:148)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at com.supermap.services.security.MyShiroFilter.executeChain(SourceFile:208)
at com.supermap.services.security.MyShiroFilter$1.call(SourceFile:180)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
at com.supermap.services.security.MyShiroFilter.shiroFilterInternal(SourceFile:176)
at com.supermap.services.security.MyShiroFilter.doFilterInternal(SourceFile:160)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at com.supermap.server.host.webapp.handlers.SecurityHandler.doAuthenticateAndAuthorizate(SourceFile:618)
at com.supermap.server.host.webapp.handlers.SecurityHandler.handle(SourceFile:498)
at com.supermap.server.host.webapp.handlers.AbstractHandler.process(SourceFile:204)
at com.supermap.server.host.webapp.handlers.AbstractHandler.a(SourceFile:233)
at com.supermap.server.host.webapp.handlers.AbstractHandler.invokeLowerPriorityHandlers(SourceFile:220)
at com.supermap.server.host.webapp.handlers.AbstractHandler.process(SourceFile:206)
at com.supermap.server.host.webapp.handlers.BasicHandler.process(SourceFile:346)
at com.supermap.server.host.webapp.ApplicationFilter.doFilter(SourceFile:254)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:394)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.supermap.icloud.security.ErrorStatusPageFilter.doFilter(SourceFile:71)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.filters.CorsFilter.handleNonCORS(CorsFilter.java:364)
at org.apache.catalina.filters.CorsFilter.doFilter(CorsFilter.java:170)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at de.javakaffee.web.msm.RequestTrackingContextValve.invoke(RequestTrackingContextValve.java:99)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at de.javakaffee.web.msm.RequestTrackingHostValve.invoke(RequestTrackingHostValve.java:125)
at de.javakaffee.web.msm.RequestTrackingHostValve.invoke(RequestTrackingHostValve.java:125)
at de.javakaffee.web.msm.RequestTrackingHostValve.invoke(RequestTrackingHostValve.java:125)
at de.javakaffee.web.msm.RequestTrackingHostValve.invoke(RequestTrackingHostValve.java:157)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:616)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1634)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: com.supermap.services.providers.InvalidLicenseException: ??????????????????????????????????????????????????????
at com.supermap.services.security.Manager.a(SourceFile:588)
at com.supermap.services.security.Manager.addUser(SourceFile:572)
at com.supermap.services.security.Manager.addUser(SourceFile:539)
at com.supermap.iportal.web.components.impl.ICloudCasUserComponentImpl.insertOnlineUser(SourceFile:66)
at com.supermap.online.security.pac4j.core.PopupClosedCallbackLogic.saveUserProfile(SourceFile:67)
at com.supermap.online.security.pac4j.core.PopupClosedCallbackLogic.saveUserProfile(SourceFile:25)
at org.pac4j.core.engine.DefaultCallbackLogic.perform(DefaultCallbackLogic.java:84)
at io.buji.pac4j.filter.CallbackFilter.doFilter(CallbackFilter.java:84)
at com.supermap.online.security.pac4j.filter.BroadcastHandleCallbackFilter.doFilter(SourceFile:65)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
... 57 more###错误原因(新用户注册流程)
portal登录后user_infos新增用户
但是security-itest数据库,权限数据库新增用户时出现出现错误
Caused by: com.supermap.services.providers.InvalidLicenseException: ??????????????????????????????????????????????????????
at com.supermap.services.security.Manager.a(SourceFile:588)
at com.supermap.services.security.Manager.addUser(SourceFile:572)
at com.supermap.services.security.Manager.addUser(SourceFile:539)
at com.supermap.iportal.web.components.impl.ICloudCasUserComponentImpl.insertOnlineUser(SourceFile:66)
at com.supermap.online.security.pac4j.core.PopupClosedCallbackLogic.saveUserProfile(SourceFile:67)
at com.supermap.online.security.pac4j.core.PopupClosedCallbackLogic.saveUserProfile(SourceFile:25)
at org.pac4j.core.engine.DefaultCallbackLogic.perform(DefaultCallbackLogic.java:84)
at io.buji.pac4j.filter.CallbackFilter.doFilter(CallbackFilter.java:84)
at com.supermap.online.security.pac4j.filter.BroadcastHandleCallbackFilter.doFilter(SourceFile:65)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
... 57 more##最终原因
Manager doAddUser()
portal能注册的用户数不能大于许可用户数
估计是金霖那次换基础镜像,许可地方没弄对,没读到正式许可