Re: authentificating with ldap javax.security.auth.login.LoginException on org.apache.catalina.realm.JAASRealm authenticate

Ate Douma Mon, 03 Oct 2011 09:34:42 -0700

On 10/03/2011 05:28 PM, [email protected] wrote:


Hi everybody.

I'm trying and trying to authentificate with my own ldap. (I've changed the
names of the relationship between users and roles).
The conection to the ldap is correct. (I've seen connection and retrieving
of the user entity when debugging.)

Synchronisation with db seems correct, as you can see in these logs:
03.10.2011 17:00:02 DEBUG
[org.apache.jetspeed.security.spi.impl.DefaultJetspeedSecuritySynchronizer.synchronizeUserPrincipal
():156] Synchronizing UserPrincipal(partenaire)
03.10.2011 17:00:02 DEBUG
[org.apache.jetspeed.security.spi.impl.DefaultJetspeedSecuritySynchronizer.synchronizeEntity
():189] Synchronizing entity user id: partenaire
03.10.2011 17:00:02 DEBUG
[org.apache.jetspeed.security.spi.impl.DefaultJetspeedSecuritySynchronizer.synchronizeEntity
():189] Synchronizing entity role id: partenaires_admin
03.10.2011 17:00:02 DEBUG
[org.apache.jetspeed.security.spi.impl.DefaultJetspeedSecuritySynchronizer.synchronizeEntity
():375] Synchronized entity role id: partenaires_admin mapped attributes
...
03.10.2011 17:00:03 DEBUG
[org.apache.jetspeed.security.spi.impl.DefaultJetspeedSecuritySynchronizer.synchronizeEntity
():189] Synchronizing entity role id:
partenaires_moissonnage_gallica_partenaire
03.10.2011 17:00:03 DEBUG
[org.apache.jetspeed.security.spi.impl.DefaultJetspeedSecuritySynchronizer.synchronizeEntity
():375] Synchronized entity role id:
partenaires_moissonnage_gallica_partenaire mapped attributes
03.10.2011 17:00:03 WARN
[org.apache.jetspeed.decoration.DecorationFactoryImpl.getConfiguration
():287] Could not locate the decorator.properties configuration file for
decoration "clear".  This decoration may not exist.


But after I have the following exception:


ATTENTION: Exception lors de l'authentification par login du nom
d'utilisateur partenaire
javax.security.auth.login.LoginException: A user member role association is
not
allowed.
         at org.apache.jetspeed.security.impl.DefaultLoginModule.login
(DefaultLog
inModule.java:258)

This is a o.a.j.security.SecurityException.PRINCIPAL_ASSOCIATION_UNSUPPORTEDthrown from BaseJetspeedPrincipalManager#addPrincipal or #addAssociation method.I suspect your changes in the user/role association mapping are not or no longeraligned with the (Jetspeed generic, not LDAP specific) association handlersconfiguration in security-managers.xml

It might help if you can provide a diff of your changes compared tot the defaultjetspeed configuration files for these.

Ate

         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.
java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAcces
sorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at javax.security.auth.login.LoginContext.invoke
(LoginContext.java:769)
         at javax.security.auth.login.LoginContext.access$000
(LoginContext.java:1
86)
         at javax.security.auth.login.LoginContext$4.run
(LoginContext.java:683)
         at java.security.AccessController.doPrivileged(Native Method)
         at javax.security.auth.login.LoginContext.invokePriv
(LoginContext.java:6
80)
         at javax.security.auth.login.LoginContext.login
(LoginContext.java:579)
         at org.apache.catalina.realm.JAASRealm.authenticate
(JAASRealm.java:363)
         at org.apache.catalina.authenticator.FormAuthenticator.authenticate
(Form
Authenticator.java:258)
         at org.apache.catalina.authenticator.AuthenticatorBase.invoke
(Authentica
torBase.java:417)
         at org.apache.catalina.core.StandardHostValve.invoke
(StandardHostValve.j
ava:128)
         at org.apache.catalina.valves.ErrorReportValve.invoke
(ErrorReportValve.j
ava:102)
         at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineVal
ve.java:109)
         at org.apache.catalina.connector.CoyoteAdapter.service
(CoyoteAdapter.jav
a:286)
         at org.apache.coyote.http11.Http11Processor.process
(Http11Processor.java
:845)
         at org.apache.coyote.http11.Http11Protocol
$Http11ConnectionHandler.proce
ss(Http11Protocol.java:583)
         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run
(JIoEndpoint.java:44
7)
         at java.lang.Thread.run(Thread.java:619)


I don't know what to do.
I've try to remove the jaas  form my context file: same behavior.




Regards,
J.


Exposition  Vogue : l'aventure d'une maison de disque  - jusqu'au13 novembre 
2011 - BnF - François-Mitterrand / Allée Julien Cain Avant d'imprimer, pensez à 
l'environnement.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]




---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: authentificating with ldap javax.security.auth.login.LoginException on org.apache.catalina.realm.JAASRealm authenticate

Reply via email to