[jira] [Updated] (KNOX-437) KnoxLdapContextFactory should be configured by default in all topology files and docs

Kevin Minder (JIRA) Thu, 02 Oct 2014 14:21:35 -0700

     [ 
https://issues.apache.org/jira/browse/KNOX-437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Kevin Minder updated KNOX-437:
------------------------------
    Description: 
In some cases the KnoxLdapRealm will not work unless the KnoxLdapContextFactory 
is also configured.  In particular the use of an ${ALIAS=...} in the 
>main.ldapRealm.contextFactory.systemPassword param.  As this is such a common 
and important use cases the KnoxLdapContextFactory should be included in all 
default topology files, all sample topology files and all documented topology 
files.

The snippet below shows what needs to be added to the topology files.
{code:xml}
<topology>
    <gateway>
        <provider>
            <role>authentication</role>
            <name>ShiroProvider</name>
            <enabled>true</enabled>
            ...
            <param>
                <name>main.ldapRealm</name>
                
<value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
            </param>
            <param>
                <name>main.ldapContextFactory</name>
                
<value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
            </param>
            <param>
                <name>main.ldapRealm.contextFactory</name>
                <value>$ldapContextFactory</value>
            </param>
            ...
    </gateway>
    ...
</topology>
{code}

Without this in particular there were exceptions in the gateway.log file at 
startup when password indirection was used in the ShiroProvider section like 
this.
{code:xml}
            <param>
                <name>main.ldapRealm.contextFactory.systemPassword</name>
                <value>${ALIAS=adSysPwd}</value>
            </param>
{code}

Those exceptions look like this.  Indicating that the wrong LdapContextFactory 
was being used.  Specifically the default one that does not have a 
setClusterName method.
{code}
2014-10-02 13:25:09,888 ERROR env.EnvironmentLoader 
(EnvironmentLoader.java:initEnvironment(146)) - Shiro environment in
itialization failed
org.apache.shiro.config.ConfigurationException: Property 
'contextFactory.clusterName' does not exist for object of type
org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.
       at 
org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:255)
       at 
org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:544)
       at 
org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:206)
       at 
org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:167)
       at 
org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:124)
{code}

  was:
In some cases the KnoxLdapRealm will not work unless the KnoxLdapContextFactory 
is also configured.  In particular the use of an ${ALIAS=...} in the 
>main.ldapRealm.contextFactory.systemPassword param.  As this is such a common 
and important use cases the KnoxLdapContextFactory should be included in all 
default topology files, all sample topology files and all documented topology 
files.

The snippet below shows what needs to be added to the topology files.
{code:xml}
<topology>
    <gateway>
        <provider>
            <role>authentication</role>
            <name>ShiroProvider</name>
            <enabled>true</enabled>
            ...
            <param>
                <name>main.ldapRealm</name>
                
<value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
            </param>
            <param>
                <name>main.ldapContextFactory</name>
                
<value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
            </param>
            <param>
                <name>main.ldapRealm.contextFactory</name>
                <value>$ldapContextFactory</value>
            </param>
            ...
    </gateway>
    ...
</topology>
{code}

Without this in particular there were exceptions in the gateway.log file at 
startup when password indirection was used in the ShiroProvider section like 
this.
{code:xml}
            <param>
                <name>main.ldapRealm.contextFactory.systemPassword</name>
                <value>${ALIAS=adSysPwd}</value>
            </param>
{code}


> KnoxLdapContextFactory should be configured by default in all topology files 
> and docs
> -------------------------------------------------------------------------------------
>
>                 Key: KNOX-437
>                 URL: https://issues.apache.org/jira/browse/KNOX-437
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server, Site
>    Affects Versions: 0.4.0
>            Reporter: Kevin Minder
>            Priority: Blocker
>             Fix For: 0.5.0
>
>
> In some cases the KnoxLdapRealm will not work unless the 
> KnoxLdapContextFactory is also configured.  In particular the use of an 
> ${ALIAS=...} in the >main.ldapRealm.contextFactory.systemPassword param.  As 
> this is such a common and important use cases the KnoxLdapContextFactory 
> should be included in all default topology files, all sample topology files 
> and all documented topology files.
> The snippet below shows what needs to be added to the topology files.
> {code:xml}
> <topology>
>     <gateway>
>         <provider>
>             <role>authentication</role>
>             <name>ShiroProvider</name>
>             <enabled>true</enabled>
>             ...
>             <param>
>                 <name>main.ldapRealm</name>
>                 
> <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
>             </param>
>             <param>
>                 <name>main.ldapContextFactory</name>
>                 
> <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
>             </param>
>             <param>
>                 <name>main.ldapRealm.contextFactory</name>
>                 <value>$ldapContextFactory</value>
>             </param>
>             ...
>     </gateway>
>     ...
> </topology>
> {code}
> Without this in particular there were exceptions in the gateway.log file at 
> startup when password indirection was used in the ShiroProvider section like 
> this.
> {code:xml}
>             <param>
>                 <name>main.ldapRealm.contextFactory.systemPassword</name>
>                 <value>${ALIAS=adSysPwd}</value>
>             </param>
> {code}
> Those exceptions look like this.  Indicating that the wrong 
> LdapContextFactory was being used.  Specifically the default one that does 
> not have a setClusterName method.
> {code}
> 2014-10-02 13:25:09,888 ERROR env.EnvironmentLoader 
> (EnvironmentLoader.java:initEnvironment(146)) - Shiro environment in
> itialization failed
> org.apache.shiro.config.ConfigurationException: Property 
> 'contextFactory.clusterName' does not exist for object of type
> org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.
>        at 
> org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:255)
>        at 
> org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:544)
>        at 
> org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:206)
>        at 
> org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:167)
>        at 
> org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:124)
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (KNOX-437) KnoxLdapContextFactory should be configured by default in all topology files and docs

Reply via email to