[SOLVED] Error 403 after upgrade using Debian package

Post your Server Bug Report
User avatar
troycarpenter
Posts: 138
Joined: 03 Dec 2013, 19:16
Has thanked: 28 times
Been thanked: 50 times

[SOLVED] Error 403 after upgrade using Debian package

Unread post by troycarpenter »

Got the following error after upgrading from 6.3.9840 to 7.0.10380 using the new Debian installer and trying to open the web interface:
----------------------------------------
HTTP ERROR 403
Problem accessing /index.view. Reason:

Forbidden
Powered by Jetty:// 9.4.z-SNAPSHOT
----------------------------------------

Remote clients (Android, iOS) are not working either.
by Madsonic » 10 May 2019, 18:03
The problem with the security authenticator is fixed with the new build 7.0.10390.

Best regards,
The Madsonic Team
Go to full post
Last edited by troycarpenter on 13 May 2019, 14:39, edited 1 time in total.
User avatar
troycarpenter
Posts: 138
Joined: 03 Dec 2013, 19:16
Has thanked: 28 times
Been thanked: 50 times

Re: Error 403 after upgrade using Debian package

Unread post by troycarpenter »

Adding startup logs:

Code: Select all

Apr 29, 2019 10:22:06 AM org.springframework.context.support.ClassPathXmlApplicationContext prepareRefresh
INFO: Refreshing org.springframework.context.support.ClassPathXmlApplicationContext@1e80bfe8: startup date [Mon Apr 29 10:22:06 EDT 2019]; root of context hierarchy
Apr 29, 2019 10:22:07 AM org.springframework.beans.factory.xml.XmlBeanDefinitionReader loadBeanDefinitions
INFO: Loading XML bean definitions from class path resource [applicationContext-deployer.xml]
Apr 29, 2019 10:22:07 AM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletons
INFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@7e0ea639: defining beans [service,org.springframework.remoting.rmi.RmiServiceExporter#0]; root of factory hierarchy
used forced Install_Dir = /var/madsonic
Using WAR file: /usr/share/madsonic/madsonic.war
No newer update found.
2019-04-29 10:22:08.144:INFO::main: Logging initialized @2397ms to org.eclipse.jetty.util.log.StdErrLog
Using WAR file: /usr/share/madsonic/madsonic.war
Extracting webapp to /var/madsonic/jetty/10380
Using WAR file: /usr/share/madsonic/madsonic.war
Using GZIP-compression.
2019-04-29 10:22:08.767:INFO:oejs.Server:main: jetty-9.4.z-SNAPSHOT; built: 2019-04-18T19:45:35.259Z; git: aa1c656c315c011c01e7b21aabb04066635b9f67; jvm 1.8.0_201-b09
2019-04-29 10:22:11.868:WARN:oeja.AnnotationParser:main: Unknown ASM version, assuming ASM7
2019-04-29 10:22:13.166:INFO:oeja.AnnotationConfiguration:main: Scanning elapsed time=1296ms
2019-04-29 10:22:13.215:INFO:oejshC.ROOT:main: No Spring WebApplicationInitializer types detected on classpath
2019-04-29 10:22:13.455:INFO:oejs.session:main: DefaultSessionIdManager workerName=node0
2019-04-29 10:22:13.455:INFO:oejs.session:main: No SessionScavenger set, using defaults
2019-04-29 10:22:13.460:INFO:oejs.session:main: node0 Scavenging every 660000ms
2019-04-29 10:22:13.475:INFO:oejshC.ROOT:main: No Spring WebApplicationInitializer types detected on classpath
Initializing MadsonicContextListener
2019-04-29 10:22:13.490:INFO:oejshC.ROOT:main: Initializing Spring root WebApplicationContext
[2019-04-29 10:22:14] [INFO ] [main] Version - HV000001: Hibernate Validator 6.0.16.Final
[2019-04-29 10:22:17] [INFO ] [main] EhcacheManager - Cache 'mediaFileMemoryCache' created in EhcacheManager.
[2019-04-29 10:22:17] [INFO ] [main] EhcacheManager - Cache 'userCache' created in EhcacheManager.
[2019-04-29 10:22:18] [INFO ] [main] FluentPropertyBeanIntrospector - Error when creating PropertyDescriptor for public final void org.apache.commons.configuration2.AbstractConfiguration.setProperty(java.lang.String,java.lang.Object)
! Ignoring this property.
[2019-04-29 10:22:20] [INFO ] [main] ReflectionServiceFactoryBean - Creating Service {http://service.madsonic.org/}SonosServiceService from class com.sonos.services._1_1.SonosSoap
[2019-04-29 10:22:21] [INFO ] [main] ServerImpl - Setting the server's publish address to be /Sonos
2019-04-29 10:22:22.125:INFO:oejshC.ROOT:main: Initializing Spring FrameworkServlet 'madsonic'
2019-04-29 10:22:23.691:INFO:oejsh.ContextHandler:main: Started o.e.j.w.WebAppContext@1b5af65b{Madsonic Music Streamer,/,file:///var/madsonic/jetty/10380/webapp/,AVAILABLE}{madsonic.war}
2019-04-29 10:22:23.710:INFO:oejs.AbstractConnector:main: Started ServerConnector@78c03f1f{HTTP/1.1,[http/1.1]}{0.0.0.0:4040}
2019-04-29 10:22:23.715:INFO:oejus.SslContextFactory:main: x509=X509@1dd76982(madsonic,h=[madsonic.org],w=[]) for SslContextFactory@7e76a66f[provider=null,keyStore=jar:file:/usr/share/madsonic/madsonic-booter.jar!/madsonic.keystore,t
rustStore=null]
2019-04-29 10:22:23.724:INFO:oejs.AbstractConnector:main: Started ServerConnector@43814d18{SSL,[ssl, http/1.1]}{0.0.0.0:8074}
2019-04-29 10:22:23.724:INFO:oejs.Server:main: Started @17977ms
Madsonic running on: http://localhost:4040/
                and: https://localhost:8074/
2019-04-29 10:22:26.131:WARN:oejs.SecurityHandler:qtp1204167249-14: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:22:35.474:WARN:oejs.SecurityHandler:qtp1204167249-42: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:22:45.523:WARN:oejs.SecurityHandler:qtp1204167249-14: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:22:55.553:WARN:oejs.SecurityHandler:qtp1204167249-42: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:23:05.585:WARN:oejs.SecurityHandler:qtp1204167249-14: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:23:15.622:WARN:oejs.SecurityHandler:qtp1204167249-42: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:23:25.672:WARN:oejs.SecurityHandler:qtp1204167249-14: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:23:35.769:WARN:oejs.SecurityHandler:qtp1204167249-13: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:23:45.814:WARN:oejs.SecurityHandler:qtp1204167249-14: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:23:50.152:WARN:oejs.SecurityHandler:qtp1204167249-43: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:23:50.371:WARN:oejs.SecurityHandler:qtp1204167249-13: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:23:55.845:WARN:oejs.SecurityHandler:qtp1204167249-42: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:24:05.883:WARN:oejs.SecurityHandler:qtp1204167249-13: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:24:15.922:WARN:oejs.SecurityHandler:qtp1204167249-42: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:24:25.941:WARN:oejs.SecurityHandler:qtp1204167249-13: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:24:36.063:WARN:oejs.SecurityHandler:qtp1204167249-42: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:24:46.222:WARN:oejs.SecurityHandler:qtp1204167249-13: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:24:56.259:WARN:oejs.SecurityHandler:qtp1204167249-42: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:25:06.272:WARN:oejs.SecurityHandler:qtp1204167249-14: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:25:16.304:WARN:oejs.SecurityHandler:qtp1204167249-42: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:25:26.334:WARN:oejs.SecurityHandler:qtp1204167249-14: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:25:36.403:WARN:oejs.SecurityHandler:qtp1204167249-42: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:25:46.435:WARN:oejs.SecurityHandler:qtp1204167249-14: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:25:56.485:WARN:oejs.SecurityHandler:qtp1204167249-42: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:26:06.535:WARN:oejs.SecurityHandler:qtp1204167249-44: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:26:16.593:WARN:oejs.SecurityHandler:qtp1204167249-42: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:26:26.623:WARN:oejs.SecurityHandler:qtp1204167249-44: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:26:36.674:WARN:oejs.SecurityHandler:qtp1204167249-42: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:26:46.698:WARN:oejs.SecurityHandler:qtp1204167249-44: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:26:56.754:WARN:oejs.SecurityHandler:qtp1204167249-42: No authenticator for: {RoleInfo,C[],None}
2019-04-29 10:27:06.824:WARN:oejs.SecurityHandler:qtp1204167249-15: No authenticator for: {RoleInfo,C[],None}
From what I've read online, it probably has something to do with the authenticator error at the end of the log.
User avatar
troycarpenter
Posts: 138
Joined: 03 Dec 2013, 19:16
Has thanked: 28 times
Been thanked: 50 times

Re: Error 403 after upgrade using Debian package

Unread post by troycarpenter »

Still working this, but it appears there something in my /etc/default/madsonic file. When I commented out all startup args in that file, the http interface came up. I'll update this when I've figured out what's doing it.

UPDATE: The problem seems to be happening when specifying an https port for startup. There must be something not right in the new WAR file for SSL authentication. Guess I've got to resort to a wrapper to regain SSL access until it's fixed.
User avatar
troycarpenter
Posts: 138
Joined: 03 Dec 2013, 19:16
Has thanked: 28 times
Been thanked: 50 times

Workaround

Unread post by troycarpenter »

One final note from me. To fix this quickly for my users, I've added a proxy redirect to send https traffic to the http port in the background (I've done this for many of my services that don't support https but need https encryption). This is probably the better solution since I no longer have to worry about packaging my certificates in a way that Madsonic understands.
KaeTuuN
Posts: 40
Joined: 09 Feb 2015, 23:30
Has thanked: 5 times
Been thanked: 18 times

Re: Error 403 after upgrade using Debian package

Unread post by KaeTuuN »

This is probably the better solution...
Well... I'm not sure. If you use modern HTTPS security features, which you should do, you can't forward non HTTPS Traffic through HTTPS. You should think of that!

Back to your Problem: Have you checked the Key File Permissions? If Madsonic 6.xxx runs with user Madsonic_Server and Madsonic 7.xxx runs with another user. The new user might have no permissions to read the file.

Greetings Kae
User avatar
troycarpenter
Posts: 138
Joined: 03 Dec 2013, 19:16
Has thanked: 28 times
Been thanked: 50 times

Re: Error 403 after upgrade using Debian package

Unread post by troycarpenter »

I've reproduced it on a clean install if all you do is enable https in the startup arguments, so I doubt that's the issue. My guess is there's something missing in the https handling or configuration in the new version using the new security framework.
a6595085
Posts: 2
Joined: 07 May 2019, 17:16
Has thanked: 0
Been thanked: 0

Re: Error 403 after upgrade using Debian package

Unread post by a6595085 »

Hello,
I have the same problem of this discussion.
I'm running madsonic 7.0 server on Windows 10.
It also comes out 403 forbidden on https site,
and server log showing WARN:oejs.SecurityHandler:qtp2083089641-111: No authenticator for: {RoleInfo,C[],None}
Hope it can be fix in next update,Thx.
a6595085
Posts: 2
Joined: 07 May 2019, 17:16
Has thanked: 0
Been thanked: 0

Re: Error 403 after upgrade using Debian package

Unread post by a6595085 »

Hello,
I have the same problem of this discussion.
I'm running madsonic 7.0 server upgraded from 6.3.9840 on Windows 10.
It also comes out 403 forbidden on https site,
and server log showing WARN:oejs.SecurityHandler:qtp2083089641-111: No authenticator for: {RoleInfo,C[],None}
Hope it can be fix in next update,Thx.
KaeTuuN
Posts: 40
Joined: 09 Feb 2015, 23:30
Has thanked: 5 times
Been thanked: 18 times

Re: Error 403 after upgrade using Debian package

Unread post by KaeTuuN »

Code: Select all

=========================================================================================
 VERSION:      MADSONIC 7.0 | BUILD: 10380
 SERVLET:      JETTY
 SERVER:       CPU: Core i3-6100 | ARCH: X64 | MEMORY: 16GB
 OS:           Ubuntu 18.04 LTS Server
 SYSTEM:       SERVER
 INSTALLER:    DEB
 JAVA:         OPEN JDK 1.11.0.2
 BROWSER:      ALL
 CLIENT:       ALL
 DESCRIPTION:  Not reachable if HTTPS is enabled
 REPRODUCIBLE: YES
=========================================================================================

I also tried to use HTTPS and can confirm the Error.

Code: Select all

2019-04-29 10:26:36.674:WARN:oejs.SecurityHandler:qtp1204167249-42: No authenticator for: {RoleInfo,C[],None}
This entry is created everytime someone tries to open the madsonic webpage or tries to connect via an android app.
I set the Loglevel to "DEBUG" but that seems to work only for "madsonic.log" and not for "madsonic_sh.log", so this is the only Information I have.

@Madsonic Team:
Is there anything we can do? Test some settings, post some logfiles or anything else?
I'm willing to help, so let me know, what I can do! I'm really interested in a (really) working SSL Version.

Greetings Kae

EDIT:
Did some more Research.
  • Using HTTP and HTTPS makes both unreachale -> same error
  • It makes no difference, if you edit the args at "/etc/default/madsonic" or directly at "/usr/share/madsonic/madsonic.sh"
  • Setting HTTPS Port to 0 and using only "Dmadsonic.ssl.keystore" and "Dmadsonic.ssl.password" Args let Madsonic work normal with HTTP
  • If the HTTPS Port is not 0 the Error occurs (Tested 4443, 8080, 8443, 12345, 50000)
  • In all Cases Madsonic says: "Madsonic running on: http://localhost:4040/" and "Madsonic running on: https://localhost:<HTTPS-PORT>/"
These users thanked the author KaeTuuN for the post:
Madsonic
Rating: 7.69%
ecac
Posts: 8
Joined: 07 Jul 2017, 15:56
Has thanked: 0
Been thanked: 0

Re: Error 403 after upgrade using Debian package

Unread post by ecac »

I am having the same exact issue and I am no where as technical as you guys are - just a basic premium home user! Anyone know how I can get this to work until Madsonic responds?

Thanks!
KaeTuuN
Posts: 40
Joined: 09 Feb 2015, 23:30
Has thanked: 5 times
Been thanked: 18 times

Re: Error 403 after upgrade using Debian package

Unread post by KaeTuuN »

@ecac:
At the Moment there is no Solution, just a Workaround, which doesn't work for everyone.
So the best Way would be to open a new Thread, using this Header: viewtopic.php?f=2&t=1520

Greetings Kae
User avatar
Madsonic
Administrator
Administrator
Posts: 984
Joined: 07 Dec 2012, 03:58
Answers: 7
Has thanked: 1201 times
Been thanked: 470 times

Re: Error 403 after upgrade using Debian package

Unread post by Madsonic »

The problem with the security authenticator is fixed with the new build 7.0.10390.

Best regards,
The Madsonic Team
These users thanked the author Madsonic for the post (total 2):
KaeTuuNtroycarpenter
Rating: 15.38%
KaeTuuN
Posts: 40
Joined: 09 Feb 2015, 23:30
Has thanked: 5 times
Been thanked: 18 times

Re: Error 403 after upgrade using Debian package

Unread post by KaeTuuN »

Works great, thanks!

Greetings Kae
These users thanked the author KaeTuuN for the post:
Madsonic
Rating: 7.69%
Post Reply