Major Description
In some condition, it's possible for the authenticator to be triggered while it's being reloaded (when uninstalling another extension "from farm"), but the authenticator on which it's supposed to fallback on is not yet available in the classloader. This will produce an error like:
2024-11-15 00:50:57,539 [http-nio-8080-exec-8 - https://<redacted>/xwiki/bin/get/XWiki/Extensions] WARN o.x.c.o.p.OIDCBridgeAuth - Failed to initialize AuthService org.xwiki.contrib.oidc.auth.OIDCAuthServiceImpl using Reflection, trying default implementations using 'new'.
java.lang.ClassNotFoundException: org.xwiki.contrib.oidc.auth.OIDCAuthServiceImpl
at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:592)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:525)
at java.base/java.lang.Class.forName0(Native Method)
at java.base/java.lang.Class.forName(Class.java:467)
at org.xwiki.contrib.oidc.provider.OIDCBridgeAuth.createAuthService(OIDCBridgeAuth.java:80)
at org.xwiki.contrib.oidc.provider.OIDCBridgeAuth.<init>(OIDCBridgeAuth.java:61)
at org.xwiki.contrib.oidc.provider.internal.OIDCBridgeAuthService.<init>(OIDCBridgeAuthService.java:51)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)
at java.base/java.lang.reflect.ReflectAccess.newInstance(ReflectAccess.java:128)
at java.base/jdk.internal.reflect.ReflectionFactory.newInstance(ReflectionFactory.java:347)
at java.base/java.lang.Class.newInstance(Class.java:645)
at org.xwiki.component.embed.EmbeddableComponentManager.createInstance(EmbeddableComponentManager.java:532)
at org.xwiki.component.embed.EmbeddableComponentManager.getComponentInstance(EmbeddableComponentManager.java:636)
at org.xwiki.component.embed.EmbeddableComponentManager.getInstance(EmbeddableComponentManager.java:329)
at org.xwiki.component.embed.EmbeddableComponentManager.getInstance(EmbeddableComponentManager.java:320)
at org.xwiki.component.embed.EmbeddableComponentManager.getInstance(EmbeddableComponentManager.java:302)
at org.xwiki.component.internal.multi.DelegateComponentManager.getInstance(DelegateComponentManager.java:83)
at org.xwiki.component.internal.multi.DelegateComponentManager.getInstance(DelegateComponentManager.java:83)
at org.xwiki.component.internal.multi.DelegateComponentManager.getInstance(DelegateComponentManager.java:83)
at org.xwiki.component.internal.multi.DelegateComponentManager.getInstance(DelegateComponentManager.java:83)
at org.xwiki.component.internal.multi.DelegateComponentManager.getInstance(DelegateComponentManager.java:83)
at org.xwiki.security.authservice.internal.AuthServiceManager.getAuthService(AuthServiceManager.java:77)
at com.xpn.xwiki.XWiki.getAuthService(XWiki.java:6000)
at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:4365)
at org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:238)
at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:268)
at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:4388)
at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:5780)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:548)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:339)
at com.xpn.xwiki.web.LegacyActionServlet.service(LegacyActionServlet.java:108)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:122)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.wysiwyg.filter.ConversionFilter.doFilter(ConversionFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:132)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:764)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:354)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:888)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1684)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:840)
When this happens, the authenticator is broken for good.
There are two ways to get back to a stable situation:
- the simplest is to restart
- if the authentication is configured in the admin UI and you can still access the admin UI:
- change the authenticator in the admin UI
- uninstall an extension "on farm"
- put back the token authentificator