Hello Isura,
As I said, I modified my custom user store to prefix the names of the users
with the domain name. So I modified, the method doListUsers to have the
following:
@Override
> public String[] doListUsers(String filter, int maxItemLimit) throws
> UserStoreException {
> LOGGER.info("doListUsers()");
> return new String[]{"CUSTOM/Lala", "CUSTOM/Toto", "CUSTOM/Titi",
> "CUSTOM/Jeje"};
> }
Of course, "CUSTOM" is the defined domain name I used to configure my user
store on the IS.
So I can see list my names [1] but when I want to retrieve the roles via
the "View roles" button in the list, I have the following stack trace and
so, the popup in [2] which appears:
[2017-08-21 08:57:16,158] INFO
> {fr.icl.picsel20.user.store.CustomUserStoreManager} - getRoleListOfUser()
> [2017-08-21 08:57:16,158] DEBUG
> {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Retrieving
> internal roles for user name : Jeje and search filter *
> [2017-08-21 08:57:16,158] ERROR
> {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Error
> occurred while accessing Java Security Manager Privilege Block
> [2017-08-21 08:57:16,158] ERROR {org.wso2.carbon.user.mgt.UserRealmProxy}
> - org.wso2.carbon.user.core.UserStoreException: Error occurred while
> accessing Java Security Manager Privilege Block
> [2017-08-21 08:57:16,174] ERROR
> {org.wso2.carbon.user.mgt.ui.UserAdminClient} - Error occurred while
> accessing Java Security Manager Privilege Block
> org.wso2.carbon.user.mgt.stub.UserAdminUserAdminException:
> UserAdminUserAdminException
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
> at java.lang.Class.newInstance(Class.java:442)
> at
> org.wso2.carbon.user.mgt.stub.UserAdminStub.getRolesOfUser(UserAdminStub.java:3054)
> at
> org.wso2.carbon.user.mgt.ui.UserAdminClient.getRolesOfUser(UserAdminClient.java:154)
> at
> org.apache.jsp.user.view_002droles_jsp._jspService(view_002droles_jsp.java:263)
> at
> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
> at
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
> at
> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
> at
> org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at
> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
> at
> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
> at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
> at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at
> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747)
> at
> org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:603)
> at
> org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:542)
> at
> org.eclipse.equinox.http.servlet.internal.RequestDispatcherAdaptor.include(RequestDispatcherAdaptor.java:37)
> at
> org.eclipse.equinox.http.helper.ContextPathServletAdaptor$RequestDispatcherAdaptor.include(ContextPathServletAdaptor.java:369)
> at
> org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:897)
> at
> org.apache.jasper.runtime.PageContextImpl.doInclude(PageContextImpl.java:688)
> at
> org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:682)
> at sun.reflect.GeneratedMethodAccessor90.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.tiles.jsp.context.JspUtil.doInclude(JspUtil.java:87)
> at
> org.apache.tiles.jsp.context.JspTilesRequestContext.include(JspTilesRequestContext.java:88)
> at
> org.apache.tiles.jsp.context.JspTilesRequestContext.dispatch(JspTilesRequestContext.java:82)
> at
> org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:465)
> at
> org.apache.tiles.jsp.taglib.InsertAttributeTag.render(InsertAttributeTag.java:140)
> at
> org.apache.tiles.jsp.taglib.InsertAttributeTag.render(InsertAttributeTag.java:117)
> at
> org.apache.tiles.jsp.taglib.RenderTagSupport.execute(RenderTagSupport.java:171)
> at
> org.apache.tiles.jsp.taglib.RoleSecurityTagSupport.doEndTag(RoleSecurityTagSupport.java:75)
> at
> org.apache.tiles.jsp.taglib.ContainerTagSupport.doEndTag(ContainerTagSupport.java:80)
> at
> org.apache.jsp.admin.layout.template_jsp._jspx_meth_tiles_005finsertAttribute_005f7(template_jsp.java:690)
> at
> org.apache.jsp.admin.layout.template_jsp._jspService(template_jsp.java:380)
> at
> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
> at
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
> at
> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
> at
> org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at
> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
> at
> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
> at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
> at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at
> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747)
> at
> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
> at
> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:410)
> at
> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
> at
> org.eclipse.equinox.http.servlet.internal.RequestDispatcherAdaptor.forward(RequestDispatcherAdaptor.java:30)
> at
> org.eclipse.equinox.http.helper.ContextPathServletAdaptor$RequestDispatcherAdaptor.forward(ContextPathServletAdaptor.java:362)
> at
> org.apache.tiles.servlet.context.ServletTilesRequestContext.forward(ServletTilesRequestContext.java:198)
> at
> org.apache.tiles.servlet.context.ServletTilesRequestContext.dispatch(ServletTilesRequestContext.java:185)
> at
> org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:419)
> at
> org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:370)
> at
> org.wso2.carbon.ui.action.ActionHelper.render(ActionHelper.java:52)
> at
> org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:101)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at
> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
> at
> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
> at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
> at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at
> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
> at
> org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:72)
> at
> org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:91)
> at
> org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:60)
> at
> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
> at
> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
> at
> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
> at
> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
> at
> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
> at
> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958)
> at
> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756)
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
> [2017-08-21 08:57:18,386] INFO
> {fr.icl.picsel20.user.store.CustomUserStoreManager} - doListUsers()
Regards,
Thomas
[1][image: Images intégrées 4]
[2] [image: Images intégrées 2]
2017-08-21 6:19 GMT+02:00 Isura Karunaratne <[email protected]>:
> Hi Thomas,
>
> It is wrong to set tenantId as follows for carbon.super tenant. Super
> tenant's tenantID is -1234. Can you attach full exception stacktrace.
>
> carbonContext.setTenantId(64302);
>
>
> Thanks
> Isura.
>
> On Fri, Aug 18, 2017 at 6:50 PM, Thomas LEGRAND <
> [email protected]> wrote:
>
>> Hello there,
>>
>> I found the problem concerning the roles. The Identity Server calls the
>> primary user store because the usernames in the list aren't prefixed with
>> the domain of the secondary store (which is my custom user store).
>> So I modified it and I enter into the method.
>>
>> Now, I have this weird exception I never encountered before:
>>
>> [2017-08-18 15:16:04,866] ERROR
>> {org.wso2.carbon.user.core.common.AbstractUserStoreManager}
>> - Error occurred while accessing Java Security Manager Privilege Block
>> [2017-08-18 15:16:04,867] ERROR {org.wso2.carbon.user.mgt.UserRealmProxy}
>> - org.wso2.carbon.user.core.UserStoreException: Error occurred while
>> accessing Java Security Manager Privilege Block
>> [2017-08-18 15:16:04,881] ERROR {org.wso2.carbon.user.mgt.ui.UserAdminClient}
>> - Error occurred while accessing Java Security Manager Privilege Block
>>
>> Regards,
>>
>> Thomas
>>
>> 2017-08-18 14:35 GMT+02:00 Thomas LEGRAND <[email protected]>:
>>
>>> Hello Isura!
>>>
>>> I did override the methods except the doGetInternalRoleListOfUser
>>> because the AbstractUserStoreManager already implements it.
>>>
>>> Here is my custom store manager in [1] and my "internal" class in [2].
>>> In [3], you will have the user store properties managed by my user store.
>>>
>>> The goal of the test is to retrieve the roles of a user from the
>>> secondary user store implemented by this code by using the interface of the
>>> identity server. So you will have a "getRoleListOfUser()" which appears in
>>> the logs.
>>>
>>> [1] CustomUserStoreManager.java
>>> [2] CustomUserStoreManagerDSComponent.java
>>> [3] CustomUserStoreProperties.java
>>>
>>> 2017-08-18 12:10 GMT+02:00 Isura Karunaratne <[email protected]>:
>>>
>>>> Hi Thomas,
>>>>
>>>> Did you override doCheckExistingUser method in your custom user store
>>>> manager? In order to view the roles list of the user, following methods
>>>> should be overridden.
>>>>
>>>>
>>>> -
>>>>
>>>> doCheckExistingUser
>>>>
>>>> -
>>>>
>>>> doGetExternalRoleListOfUser
>>>>
>>>> -
>>>>
>>>> doGetInternalRoleListOfUser
>>>>
>>>>
>>>>
>>>> If the issue still occurs after overriding the doCheckExistingUser
>>>> method, please attach your sample code. So we can help you faster.
>>>>
>>>> Thanks
>>>> Isura.
>>>>
>>>> On Fri, Aug 18, 2017 at 3:09 PM, Thomas LEGRAND <
>>>> [email protected]> wrote:
>>>>
>>>>> Hello again!
>>>>>
>>>>> During my tests, I "reinstalled" a new Identity Server v5.3.0 where I
>>>>> let the default configuration for the primary user store.
>>>>> I configured my custom secondary user store which retrieves data from
>>>>> a database. This custom user store is implemented by extending te
>>>>> AbstractUserStoreManager class and I generated a OSGi bundle which I
>>>>> dropped in the repository/components/dropins directory.
>>>>>
>>>>> So I can see my list of users coming from this user store when I
>>>>> display it from the identity server. But, when I want to display the roles
>>>>> of a suer, I noticed that the primary user store is called (in my case,
>>>>> that was the default
>>>>> org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager
>>>>> configured in the user-mgt.xml configuration file) to check if the user
>>>>> existed and to retrieve its roles.
>>>>>
>>>>> Did I miss something in my implementation of the user store to have
>>>>> the effect of the primary user store taking the lead to retrieve the roles
>>>>> physically located on the secondary user store?
>>>>>
>>>>> Regards,
>>>>>
>>>>> Thomas
>>>>>
>>>>> 2017-08-17 11:22 GMT+02:00 Thomas LEGRAND <
>>>>> [email protected]>:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I really don't understand why my "external" roles don't appear in the
>>>>>> list and why no role methods are called in my connector because, when I
>>>>>> configure a LDAP one, I can see the roles retrieved from the LDAP are
>>>>>> listed with the internal ones.
>>>>>>
>>>>>> I set the log level to DEBUG to see that the LDAP user store is
>>>>>> calling the internal role retrieval method before checking if the user
>>>>>> exists:
>>>>>>
>>>>>> [2017-08-17 11:18:00,647] DEBUG
>>>>>> {org.wso2.carbon.user.core.common.AbstractUserStoreManager}
>>>>>> - Retrieving internal roles for user name : a.bresson and search
>>>>>> filter *
>>>>>> [2017-08-17 11:18:00,648] DEBUG {org.wso2.carbon.user.core.lda
>>>>>> p.ReadOnlyLDAPUserStoreManager} - Searching for user a.bresson
>>>>>>
>>>>>> But in my case, the user check method isn't even called!
>>>>>>
>>>>>> If I continue with the logs, I can see that:
>>>>>>
>>>>>> [2017-08-17 11:18:00,653] DEBUG {org.wso2.carbon.user.core.lda
>>>>>> p.ReadOnlyLDAPUserStoreManager} - Reading roles with the
>>>>>> memberOfProperty Property: memberOf
>>>>>>
>>>>>> Following this source code [1], it seems that it executes the method
>>>>>> to retrieve the external roles. On my side, in my own connector, that
>>>>>> does
>>>>>> not even go there because it doesn't even check if the user exists.
>>>>>>
>>>>>> What am I missing?
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Thomas
>>>>>>
>>>>>> [1] https://github.com/biliroy/carbon4-kernel/blob/master/co
>>>>>> re/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/u
>>>>>> ser/core/ldap/ReadOnlyLDAPUserStoreManager.java#L1724
>>>>>>
>>>>>> 2017-08-16 9:56 GMT+02:00 Thomas LEGRAND <
>>>>>> [email protected]>:
>>>>>>
>>>>>>> Hello everybody,
>>>>>>>
>>>>>>> I am writing a custom user store for the Identity Server and I
>>>>>>> successfully retrieved my list of users from my database. But when I
>>>>>>> try to
>>>>>>> display the roles of a user by clicking on the "View Roles" button [1],
>>>>>>> only the internal roles are displayed.
>>>>>>> I implemented the methods doGetExternalRoleListOfUser(),
>>>>>>> doGetDisplayNamesForInternalRole(), doGetSharedRoleListOfUser() to
>>>>>>> log something on the INFO level but nothing happens.
>>>>>>>
>>>>>>> Can someone tell me which method to implement?
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> Thomas
>>>>>>>
>>>>>>> [1] [image: Images intégrées 1]
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Dev mailing list
>>>>> [email protected]
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Isura Dilhara Karunaratne*
>>>> Associate Technical Lead | WSO2
>>>> Email: [email protected]
>>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>>> Blog : http://isurad.blogspot.com/
>>>>
>>>>
>>>>
>>>>
>>>
>>
>
>
> --
>
> *Isura Dilhara Karunaratne*
> Associate Technical Lead | WSO2
> Email: [email protected]
> Mob : +94 772 254 810 <+94%2077%20225%204810>
> Blog : http://isurad.blogspot.com/
>
>
>
>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
