DependencyTrack
DependencyTrack API server failed to serve the FrontEnd with ERROR [GlobalExceptionHandler] Uncaught internal server error
Current Behavior
Using Kubernetes 1.29, the API server container starts, properly connects with the DB, downloads external NVD files, and updates current project vulnerabilities without any issue, however, since yesterday, as soon as the front-end tries to connect with api-server, the api-server fails with the following error:
2024-02-02 13:02:35,455 ERROR [GlobalExceptionHandler] Uncaught internal server error javax.ws.rs.NotFoundException: HTTP 404 Not Found at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:253) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) at org.glassfish.jersey.internal.Errors.process(Errors.java:292) at org.glassfish.jersey.internal.Errors.process(Errors.java:274) at org.glassfish.jersey.internal.Errors.process(Errors.java:244) at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265) at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:235) at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:684) at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394) at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:358) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:311) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205) at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1419) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764) at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665) at alpine.server.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:225) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) at alpine.server.filters.ClickjackingFilter.doFilter(ClickjackingFilter.java:93) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) at alpine.server.filters.WhitelistUrlFilter.doFilter(WhitelistUrlFilter.java:166) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:210) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:598) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) at org.eclipse.jetty.server.Server.handle(Server.java:563) at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598) at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:287) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:199) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149) at java.base/java.lang.Thread.run(Unknown Source) 2024-02-02 13:43:50,415 INFO [PortfolioMetricsUpdateTask] Executing portfolio metrics update 2024-02-02 13:43:50,427 INFO [VulnerabilityMetricsUpdateTask] Executing metrics update on vulnerability database 2024-02-02 13:43:50,448 INFO [ProjectMetricsUpdateTask] Executing metrics update for project ff34ece6-2411-48ed-9284-3a4963476d11 2024-02-02 13:43:50,448 INFO [ProjectMetricsUpdateTask] Executing metrics update for project b86842e1-86a4-4515-bc99-305216b8c724 2024-02-02 13:43:50,448 INFO [ProjectMetricsUpdateTask] Executing metrics update for project 2a1c0e5e-eb69-4f32-8474-801241a86360 2024-02-02 13:43:52,731 INFO [VulnerabilityMetricsUpdateTask] Completed metrics update on vulnerability database in 00:02:302 2024-02-02 13:46:46,472 INFO [ProjectMetricsUpdateTask] Executing metrics update for project a5ae5510-8117-4468-9f53-f5cb4c4febc1 2024-02-02 13:46:46,472 INFO [ProjectMetricsUpdateTask] Executing metrics update for project 649310a6-0a6f-4740-87ff-578cf43b1ca6 2024-02-02 13:50:58,075 INFO [PortfolioMetricsUpdateTask] Completed portfolio metrics update in 07:07:646 2024-02-02 14:43:50,416 INFO [PortfolioMetricsUpdateTask] Executing portfolio metrics update 2024-02-02 14:43:50,426 INFO [VulnerabilityMetricsUpdateTask] Executing metrics update on vulnerability database 2024-02-02 14:43:50,450 INFO [ProjectMetricsUpdateTask] Executing metrics update for project ff34ece6-2411-48ed-9284-3a4963476d11 2024-02-02 14:43:50,450 INFO [ProjectMetricsUpdateTask] Executing metrics update for project b86842e1-86a4-4515-bc99-305216b8c724 2024-02-02 14:43:50,450 INFO [ProjectMetricsUpdateTask] Executing metrics update for project 2a1c0e5e-eb69-4f32-8474-801241a86360 2024-02-02 14:43:53,415 INFO [VulnerabilityMetricsUpdateTask] Completed metrics update on vulnerability database in 00:02:986 2024-02-02 14:46:47,371 INFO [ProjectMetricsUpdateTask] Executing metrics update for project 649310a6-0a6f-4740-87ff-578cf43b1ca6 2024-02-02 14:46:47,371 INFO [ProjectMetricsUpdateTask] Executing metrics update for project a5ae5510-8117-4468-9f53-f5cb4c4febc1 2024-02-02 14:50:04,284 INFO [PortfolioMetricsUpdateTask] Completed portfolio metrics update in 06:13:855 2024-02-02 15:43:50,416 INFO [PortfolioMetricsUpdateTask] Executing portfolio metrics update 2024-02-02 15:43:50,426 INFO [VulnerabilityMetricsUpdateTask] Executing metrics update on vulnerability database 2024-02-02 15:43:50,456 INFO [ProjectMetricsUpdateTask] Executing metrics update for project ff34ece6-2411-48ed-9284-3a4963476d11 2024-02-02 15:43:50,456 INFO [ProjectMetricsUpdateTask] Executing metrics update for project b86842e1-86a4-4515-bc99-305216b8c724 2024-02-02 15:43:50,457 INFO [ProjectMetricsUpdateTask] Executing metrics update for project 2a1c0e5e-eb69-4f32-8474-801241a86360 2024-02-02 15:43:50,466 INFO [OsvDownloadTask] Google OSV mirroring is disabled. No ecosystem selected. 2024-02-02 15:43:50,522 INFO [ClearComponentAnalysisCacheTask] Clearing ComponentAnalysisCache 2024-02-02 15:43:53,404 INFO [VulnerabilityMetricsUpdateTask] Completed metrics update on vulnerability database in 00:02:974 2024-02-02 15:44:40,458 INFO [VulnDbSyncTask] Starting VulnDB mirror synchronization task 2024-02-02 15:44:40,482 INFO [VulnDbSyncTask] VulnDB mirror directory does not exist. Skipping. 2024-02-02 15:44:40,483 WARN [NistMirrorTask] The NVD is planning to retire the legacy data feeds used by Dependency-Track (https://nvd.nist.gov/General/News/change-timeline); Consider enabling mirroring via NVD REST API in the settings: https://docs.dependencytrack.org/datasources/nvd/#mirroring-via-nvd-rest-api 2024-02-02 15:44:40,483 INFO [NistMirrorTask] Starting NIST mirroring task 2024-02-02 15:44:40,494 INFO [NistMirrorTask] Downloading files at Fri Feb 02 15:44:40 UTC 2024 2024-02-02 15:44:40,596 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2024.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:40,615 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2024.meta 2024-02-02 15:44:40,690 INFO [ClearComponentAnalysisCacheTask] Complete 2024-02-02 15:44:41,247 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:41,387 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2023.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:41,403 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2023.meta 2024-02-02 15:44:41,490 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:41,601 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2022.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:41,615 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2022.meta 2024-02-02 15:44:41,702 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:41,795 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2021.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:41,810 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2021.meta 2024-02-02 15:44:41,897 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:41,983 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2020.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:42,006 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2020.meta 2024-02-02 15:44:42,095 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:42,183 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2019.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:42,196 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2019.meta 2024-02-02 15:44:42,284 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:42,361 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2018.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:42,375 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2018.meta 2024-02-02 15:44:42,463 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:42,563 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2017.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:42,579 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2017.meta 2024-02-02 15:44:42,666 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:42,755 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2016.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:42,819 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta 2024-02-02 15:44:42,906 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:43,025 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2015.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:43,040 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2015.meta 2024-02-02 15:44:43,127 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:43,250 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2014.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:43,265 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2014.meta 2024-02-02 15:44:43,352 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:43,463 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2013.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:43,479 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2013.meta 2024-02-02 15:44:43,566 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:43,683 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2012.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:43,698 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2012.meta 2024-02-02 15:44:43,784 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:43,878 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2011.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:43,892 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2011.meta 2024-02-02 15:44:43,998 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:44,114 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2010.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:44,127 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2010.meta 2024-02-02 15:44:44,214 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:44,289 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2009.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:44,304 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2009.meta 2024-02-02 15:44:44,393 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:44,470 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2008.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:44,497 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2008.meta 2024-02-02 15:44:44,584 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:44,690 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2007.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:44,706 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2007.meta 2024-02-02 15:44:44,793 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:44,888 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2006.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:44,901 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2006.meta 2024-02-02 15:44:44,990 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:45,064 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2005.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:45,087 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2005.meta 2024-02-02 15:44:45,173 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:45,284 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2004.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:45,309 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2004.meta 2024-02-02 15:44:45,396 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:45,519 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2003.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:45,550 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2003.meta 2024-02-02 15:44:45,636 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:45,715 INFO [NistMirrorTask] Retrieval of nvdcve-1.1-2002.json.gz not necessary. Will use modified feed for updates. 2024-02-02 15:44:45,731 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2002.meta 2024-02-02 15:44:45,822 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:46,057 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.json.gz 2024-02-02 15:44:46,242 INFO [NistMirrorTask] Downloading... 2024-02-02 15:44:46,819 INFO [NistMirrorTask] Uncompressing nvdcve-1.1-modified.json.gz 2024-02-02 15:44:46,941 INFO [NvdParser] Parsing nvdcve-1.1-modified.json 2024-02-02 15:47:34,223 INFO [ProjectMetricsUpdateTask] Executing metrics update for project a5ae5510-8117-4468-9f53-f5cb4c4febc1 2024-02-02 15:47:34,223 INFO [ProjectMetricsUpdateTask] Executing metrics update for project 649310a6-0a6f-4740-87ff-578cf43b1ca6 2024-02-02 15:50:38,714 INFO [PortfolioMetricsUpdateTask] Completed portfolio metrics update in 06:48:284 2024-02-02 16:22:01,324 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta 2024-02-02 16:22:02,112 INFO [NistMirrorTask] Downloading... 2024-02-02 16:22:02,169 INFO [NistMirrorTask] NIST mirroring complete 2024-02-02 16:22:02,169 INFO [NistMirrorTask] Time spent (d/l): 3548ms 2024-02-02 16:22:02,169 INFO [NistMirrorTask] Time spent (parse): 2234356ms 2024-02-02 16:22:02,169 INFO [NistMirrorTask] Time spent (total): 2241686ms 2024-02-02 16:22:02,256 INFO [EpssMirrorTask] Starting EPSS mirroring task 2024-02-02 16:22:02,280 INFO [EpssMirrorTask] Retrieval of epss_scores-current.csv.gz not necessary. 2024-02-02 16:22:02,280 INFO [EpssMirrorTask] EPSS mirroring complete 2024-02-02 16:22:02,280 INFO [EpssMirrorTask] Time spent (d/l): 0ms 2024-02-02 16:22:02,280 INFO [EpssMirrorTask] Time spent (parse): 0ms 2024-02-02 16:22:02,280 INFO [EpssMirrorTask] Time spent (total): 24ms 2024-02-02 16:43:40,450 INFO [RepositoryMetaAnalyzerTask] Analyzing portfolio component repository metadata 2024-02-02 16:43:40,463 INFO [InternalComponentIdentificationTask] Starting internal component identification 2024-02-02 16:43:50,416 INFO [PortfolioMetricsUpdateTask] Executing portfolio metrics update 2024-02-02 16:43:50,426 INFO [VulnerabilityMetricsUpdateTask] Executing metrics update on vulnerability database 2024-02-02 16:43:50,450 INFO [ProjectMetricsUpdateTask] Executing metrics update for project ff34ece6-2411-48ed-9284-3a4963476d11 2024-02-02 16:43:50,450 INFO [ProjectMetricsUpdateTask] Executing metrics update for project b86842e1-86a4-4515-bc99-305216b8c724 2024-02-02 16:43:50,451 INFO [ProjectMetricsUpdateTask] Executing metrics update for project 2a1c0e5e-eb69-4f32-8474-801241a86360 2024-02-02 16:43:53,383 INFO [VulnerabilityMetricsUpdateTask] Completed metrics update on vulnerability database in 00:02:957
There is no additional information and the front-end shows no additional clue: "GET /static/config.json HTTP/1.1" 304 0 "https://sbom.test.straim.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0" "10.192.88.17"
Steps to Reproduce
Deploy the dependency track api-server and the front-end in K8s with the attached files dtrack-k8s.zip
Expected Behavior
DT should show additional information even without debugging on as it is clearly a fatal error from the user's standpoint
Dependency-Track Version
4.10.1
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
16
Browser
Microsoft Edge
Checklist
- [X] I have read and understand the contributing guidelines
- [X] I have checked the existing issues for whether this defect was already reported
This usually happens when requests are being made to endpoints that are not covered by any handlers (for lack of better words). So you're hitting the HTTP server, but there's nothing to process the request.
Please verify that the request made by the frontend reaches the API server pod correctly. It should hit the /api/* route.
It seems that the 404 I'm getting and redirecting to the api-server is related to the Microsoft Entra ID OIDC, previosuly, the following URL worked: https://login.microsoftonline.com/<TENANT_ID>/v2.0/ But starting Feb 1 2024, the endpoint's response is 404 (NOT FOUND)
Per MS Entra ID MS information, the OIDC configuration can be GET from the: https://login.microsoftonline.com/<TENANT_ID>/v2.0/.well-known/openid-configuration
Per Dependency-Track documentation, the URL example is as follows: alpine.oidc.issuer=https://login.microsoftonline.com/3919df77-d4cd-4772-8b50-cfdb195bcdd6/v2.0
Which shows the same behavior (404 NOT_FOUND), again, the ".well-known/opened-configuration" context at the end of the URL will show the proper OIDC configuration. So, I'm not sure if this is expected and DT will add the context mentioned above to get the openid configuration, or if from now on the DT documentation should be also updated as MS no longer redirects the "/v2.0" path to the opened-configuration context.
UPDATE:
As a quick update, passing the https://login.microsoftonline.com/<TENANT_ID>/v2.0/.well-known/openid-configuration also throws the 404 (NOT FOUND) error, the frontend shows the image attached, and the api-server backend with same error as the initial report
Greetings @nscuro, I tried disabling OIDC, redeploy all the resources (except the pvc), and the front-end keeps hitting a 500 Internal server error with the backend keeps throwing a 404 not found error: 2024-02-06 15:04:02,752 ERROR [GlobalExceptionHandler] Uncaught internal server error javax.ws.rs.NotFoundException: HTTP 404 Not Found How can I tell what URL/resource the api-server is trying to reach that is getting a 404? If I previously got OIDC up and running with synced users, and then disabled it, does it affect local user login?
Something that I also noticed is that access through API keys (that were created when the solutions were up and running) is still working and I can pull project data through the API, so the issue is related to the login screen or login process...
Please let me know if you want me to test some specific options or a different build, I'm really struggling in here
I face the same issue with 4.10.1 API version But there is no OIDC configured like above
Just new docker compose up and login for the second time after config something but not OIDC
2024-02-23 04:17:49,639 ERROR [GlobalExceptionHandler] Uncaught internal server error
javax.ws.rs.NotFoundException: HTTP 404 Not Found
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:253)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:235)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:684)
at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:358)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:311)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1419)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
at alpine.server.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:225)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at alpine.server.filters.ClickjackingFilter.doFilter(ClickjackingFilter.java:93)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at alpine.server.filters.WhitelistUrlFilter.doFilter(WhitelistUrlFilter.java:166)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:210)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:598)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.Server.handle(Server.java:563)
at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:287)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.produce(AdaptiveExecutionStrategy.java:193)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
at java.base/java.lang.Thread.run(Unknown Source)
2024-02-23 04:17:58,079 ERROR [GlobalExceptionHandler] Uncaught internal server error
javax.ws.rs.NotFoundException: HTTP 404 Not Found
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:253)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:235)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:684)
at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:358)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:311)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1419)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
at alpine.server.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:225)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at alpine.server.filters.ClickjackingFilter.doFilter(ClickjackingFilter.java:93)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at alpine.server.filters.WhitelistUrlFilter.doFilter(WhitelistUrlFilter.java:166)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:210)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:598)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.Server.handle(Server.java:563)
at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:287)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.produce(AdaptiveExecutionStrategy.java:193)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
at java.base/java.lang.Thread.run(Unknown Source)
My compose:
version: '3.7'
#####################################################
# This Docker Compose file contains two services
# Dependency-Track API Server
# Dependency-Track FrontEnd
#####################################################
volumes:
dependency-track:
services:
dtrack-apiserver:
image: dependencytrack/apiserver:4.10.1
deploy:
resources:
limits:
memory: 12288m
reservations:
memory: 8192m
restart_policy:
condition: on-failure
ports:
- '8112:8080'
volumes:
- 'dependency-track:/data'
restart: unless-stopped
dtrack-frontend:
image: dependencytrack/frontend:4.10.0
depends_on:
- dtrack-apiserver
environment:
# The base URL of the API server.
# NOTE:
# * This URL must be reachable by the browsers of your users.
# * The frontend container itself does NOT communicate with the API server directly, it just serves static files.
# * When deploying to dedicated servers, please use the external IP or domain of the API server.
- API_BASE_URL=http://ip:443/api
# - "OIDC_ISSUER="
# - "OIDC_CLIENT_ID="
# - "OIDC_SCOPE="
# - "OIDC_FLOW="
# - "OIDC_LOGIN_BUTTON_TEXT="
ports:
- '8111:8080'
restart: unless-stopped
And I put this behind a reverse proxy to use with 443
@tientmse62290 Hello, I failed into the same mistake, it is the API_BASE_URL variable value, in your case should be something like "http://ip:443" (remove the /api). I found it by checking into the frontend API calls and saw something like http://ip:443**/api/api/**stuff
I'm going to mark this as closed
@straimtheone hi , because I use the reverse proxy, they will handle the route /api and proxy pass to http://ip:8111 internally. This config worked from 4.9.1