Security

Why does SplunkWeb controller intermittently throw exception "AuthenticationFailed"?

LukeMurphey
Champion

I have a SplunkWeb controller that intermittently throws the following exception:

AuthenticationFailed: [HTTP 401] Client is not authenticated

Its odd because the controller works about 80% of the time.

0 Karma
1 Solution

LukeMurphey
Champion

If the controller caches the session then it is possible that it will keep the key around longer than its lifetime. This is because controllers stay running in SplunkWeb and thus a key can easily be kept around longer than its lifetime.

You should always get a new key by calling cherrypy.session.get('sessionKey'). Don't store the key or keep it around.

For example, I have seen this happen when someone cached the key in the constructor:

class SomeController(controllers.BaseController):

    def __init__(self):
        self.sessionKey = cherrypy.session.get('sessionKey')
        super(SomeController, self).__init__()

    @expose_page(must_login=True, methods=['POST']) 
    def update(self, **kwargs):
        doUpdate(self.sessionKey) # Using cached key. Oh no!

Instead, the session should be obtained just before use:

class SomeController(controllers.BaseController):

    def __init__(self):
        super(SomeController, self).__init__()

    @expose_page(must_login=True, methods=['POST']) 
    def update(self, **kwargs):
        doUpdate(cherrypy.session.get('sessionKey')) # Using a fresh key!

View solution in original post

0 Karma

LukeMurphey
Champion

If the controller caches the session then it is possible that it will keep the key around longer than its lifetime. This is because controllers stay running in SplunkWeb and thus a key can easily be kept around longer than its lifetime.

You should always get a new key by calling cherrypy.session.get('sessionKey'). Don't store the key or keep it around.

For example, I have seen this happen when someone cached the key in the constructor:

class SomeController(controllers.BaseController):

    def __init__(self):
        self.sessionKey = cherrypy.session.get('sessionKey')
        super(SomeController, self).__init__()

    @expose_page(must_login=True, methods=['POST']) 
    def update(self, **kwargs):
        doUpdate(self.sessionKey) # Using cached key. Oh no!

Instead, the session should be obtained just before use:

class SomeController(controllers.BaseController):

    def __init__(self):
        super(SomeController, self).__init__()

    @expose_page(must_login=True, methods=['POST']) 
    def update(self, **kwargs):
        doUpdate(cherrypy.session.get('sessionKey')) # Using a fresh key!
0 Karma
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.

Can’t make it to .conf25? Join us online!

Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...