Why isn't it possible to use DSE Authentication with Gremlin Server using the GraphSON serializer?

Question

I'm trying to use the GraphSON serializer with gremlin server on a DSE instance that uses DSE Authentication. Based on the TinkerPop provider docs, upon receiving a 407 result, authentication would be achieved by sending the following request (preceded by the application/json mime header):

{
  "requestId":"2c8ecdca-07bf-48f2-b0df-2ed26c2ce778",
  "op":"authentication",
  "processor":"",
  "args":{
    "sasl":"AHVzZXJuYW1lAHBhc3N3b3Jk",
    "saslMechanism":"PLAIN"
  }
}

Where the value of "sasl" is the base64-encoded string of <ASCII_NUL><USERNAME><ASCII_NUL><PASSWORD>. The example above uses the credentials username, password.

I can confirm that this authentication request succeeds using the upstream gremlin-server package from tinkerpop.apache.org, with the gremlin-server-secure.yaml configuration. However the same request fails when trying to authenticate to a DSE Graph instance with DSE Authentication enabled. When this occurs, the server logs the following exception:

WARN  [gremlin-server-worker-1] 2016-11-01 12:37:40,284  Slf4JLogger.java:151 - An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
java.lang.ClassCastException: java.lang.String cannot be cast to [B
        at com.datastax.bdp.graph.plugin.GremlinServerAuthenticationHandler.handleRequestMessage(GremlinServerAuthenticationHandler.java:67) ~[dse-graph-5.0.3.jar:5.0.3]
        at com.datastax.bdp.graph.plugin.AbstractRequestMessageHandler.channelRead(AbstractRequestMessageHandler.java:62) [dse-graph-5.0.3.jar:5.0.3]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:307) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:293) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at com.datastax.bdp.cassandra.audit.GremlinServerAuditLogRequestHandler.handleRequestMessage(GremlinServerAuditLogRequestHandler.java:32) [dse-graph-5.0.3.jar:5.0.3]
        at com.datastax.bdp.graph.plugin.AbstractRequestMessageHandler.channelRead(AbstractRequestMessageHandler.java:62) [dse-graph-5.0.3.jar:5.0.3]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:307) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:293) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:307) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:293) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:307) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:293) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:307) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:293) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:307) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:293) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.handler.codec.http.websocketx.WebSocketServerProtocolHandler$1.channelRead(WebSocketServerProtocolHandler.java:147) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:307) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:293) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:276) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:263) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:307) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:293) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:840) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112) [netty-all-4.0.34.Final.jar:4.0.34.Final]
        at java.lang.Thread.run(Thread.java:745) [na:1.8.0_102]

I came across the problem while working on DSE support for Goblin, but the issue can be reproduced with gremlin-console by using the following remote.yaml:

hosts: [127.0.0.1]
port: 8182
username: username
password: password
serializer: { className: org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV1d0,
              config: { ioRegistries: [org.apache.tinkerpop.gremlin.tinkergraph.structure.TinkerIoRegistry] }}
connectionPool: {
  maxContentLength: 65536000
}

Yep, gremlin-console authenticates successfully with `GryoMessageSerializerV1d0`. — Leif Halldor Asgeirsson, Nov 02 '16 at 13:40

stephen mallette · Accepted Answer · 2016-11-04T14:39:34.723

1

This looks like a bug that has always been around (5.0.4 and earlier versions), though it's more like authentication logic in DSE Graph has diverged a bit from TinkerPop logic. TinkerPop supports passing the sasl field as an array of bytes or as a string, but DSE Graph seems to only support the array of bytes. I think a fix will be ready for 5.0.5.

edited Nov 04 '16 at 14:39

answered Nov 04 '16 at 11:14

stephen mallette

45,298
5
67
135

Why isn't it possible to use DSE Authentication with Gremlin Server using the GraphSON serializer?

1 Answers1