In the stack trace I see:
11:32:24,103 [ShiroAuthenticatorOrAuthorizor qtp1410986873-18 ERROR]
Unable to authenticate
org.apache.shiro.authc.DisabledAccountException
at org.isisaddons.module.security.shiro.IsisModuleSecurityRealm.
doGetAuthenticationInfo(IsisModuleSecurityRealm.java:82)
which means that the user account DOES exist, but is disabled.
One reason this can occur is if shiro.ini has been configured with a
delegate realm (eg JNDI/LDAP/Active Directory); in which case Isis will
automatically create a corresponding ApplicationUser, but mark it as
disabled by default if that user has never attempted to log onto the Isis
app before. The idea is that the security administrator can then come
along and grant appropriate roles, then enable.
So set a breakpoint in IsisModuleSecurityRealm#lookupPrincipal and see if
"autoCreate" param is set to true.
HTH
Dan
On 5 November 2015 at 17:44, Cesar Lugo <[email protected]> wrote:
> Dan,
>
> Does the SeedSecurityModuleService init method get called?
> I think so, I see how users and roles being seeded in the trace. I
> just don't see any reference to it in the trace though.
>
> If so, does the IsisModuleSecurityRealm get called?
> Yes, I see it being called in the trace.
>
> If so, are there any exceptions in the stack trace?
> Yes.
> 11:32:24,103 [ShiroAuthenticatorOrAuthorizor qtp1410986873-18 ERROR]
> Unable to authenticate
> org.apache.shiro.authc.DisabledAccountException
>
> Here it is the trace:
>
>
> seed-users-and-roles-fixture-script : EXEC
> org.isisaddons.module.security.seed.SeedUsersAndRolesFixtureScript
> seed-users-and-roles-fixture-script/global-tenancy : EXEC
> org.isisaddons.module.security.seed.scripts.GlobalTenancy
> seed-users-and-roles-fixture-script/global-tenancy/Global : Global
> seed-users-and-roles-fixture-script/isis-module-security-admin-role-and-permissions
> : EXEC
> org.isisaddons.module.security.seed.scripts.IsisModuleSecurityAdminRoleAndPermissions
> seed-users-and-roles-fixture-script/isis-module-security-fixture-role-and-permissions
> : EXEC
> org.isisaddons.module.security.seed.scripts.IsisModuleSecurityFixtureRoleAndPermissions
> seed-users-and-roles-fixture-script/isis-module-security-regular-user-role-and-permissions
> : EXEC
> org.isisaddons.module.security.seed.scripts.IsisModuleSecurityRegularUserRoleAndPermissions
> seed-users-and-roles-fixture-script/isis-module-security-admin-user
> : EXEC
> org.isisaddons.module.security.seed.scripts.IsisModuleSecurityAdminUser
> seed-users-and-roles-fixture-script/isis-applib-fixture-results-role-and-permissions
> : EXEC
> org.isisaddons.module.security.seed.scripts.IsisApplibFixtureResultsRoleAndPermissions
> 11:32:19,265 [WebApplication main INFO ] [WicketFilter]
> Started Wicket version 6.17.0 in DEVELOPMENT mode
> ********************************************************************
> *** WARNING: Wicket is running in DEVELOPMENT mode. ***
> *** ^^^^^^^^^^^ ***
> *** Do NOT deploy to your live server(s) without changing this. ***
> *** See Application#getConfigurationType() for more information. ***
> ********************************************************************
> 11:32:19,289 [ContextHandler main INFO ] Started
> o.e.j.w.WebAppContext@62cd562d
> {/,file:/home/cesar/Development/apps/ps/previserv/webapp/src/main/webapp/,AVAILABLE}{src/main/webapp}
> 11:32:19,304 [ServerConnector main INFO ] Started
> ServerConnector@d28c214{HTTP/1.1}{0.0.0.0:8080}
> 11:32:19,304 [Server main INFO ] Started @12622ms
> 11:32:19,304 [WebServerBootstrapper main INFO ] Started the
> application in 11980ms
> 11:32:23,866 [ClassCryptFactory qtp1410986873-18 INFO ] using
> encryption/decryption object
> org.apache.wicket.util.crypt.SunJceCrypt@294bd80b
> 11:32:24,103 [ShiroAuthenticatorOrAuthorizor qtp1410986873-18 ERROR]
> Unable to authenticate
> org.apache.shiro.authc.DisabledAccountException
> at
> org.isisaddons.module.security.shiro.IsisModuleSecurityRealm.doGetAuthenticationInfo(IsisModuleSecurityRealm.java:82)
> at
> org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
> at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
> at
> org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
> at
> org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
> at
> org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
> at
> org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
> at
> org.apache.isis.security.shiro.ShiroAuthenticatorOrAuthorizor.authenticate(ShiroAuthenticatorOrAuthorizor.java:142)
> at
> org.apache.isis.core.runtime.authentication.standard.AuthenticationManagerStandard.authenticate(AuthenticationManagerStandard.java:122)
> at
> org.apache.isis.viewer.wicket.viewer.integration.wicket.AuthenticatedWebSessionForIsis.authenticate(AuthenticatedWebSessionForIsis.java:78)
> at
> org.apache.wicket.authroles.authentication.AuthenticatedWebSession.signIn(AuthenticatedWebSession.java:65)
> at
> org.apache.wicket.authroles.authentication.panel.SignInPanel.signIn(SignInPanel.java:218)
> at
> org.apache.wicket.authroles.authentication.panel.SignInPanel.onConfigure(SignInPanel.java:129)
> at org.apache.wicket.Component.configure(Component.java:1041)
> at
> org.apache.wicket.Component.internalBeforeRender(Component.java:926)
> at org.apache.wicket.Component.beforeRender(Component.java:1003)
> at
> org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684)
> at org.apache.wicket.Component.onBeforeRender(Component.java:3811)
> at org.apache.wicket.Page.onBeforeRender(Page.java:809)
> at
> org.apache.wicket.Component.internalBeforeRender(Component.java:935)
> at org.apache.wicket.Component.beforeRender(Component.java:1003)
> at
> org.apache.wicket.Component.internalPrepareForRender(Component.java:2179)
> at org.apache.wicket.Page.internalPrepareForRender(Page.java:240)
> at org.apache.wicket.Component.render(Component.java:2268)
> at org.apache.wicket.Page.renderPage(Page.java:1024)
> at
> org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:129)
> at
> org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:228)
> at
> org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)
> at
> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:862)
> at
> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
> at
> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261)
> at
> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218)
> at
> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201)
> at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
> at
> org.apache.isis.core.webapp.diagnostics.IsisLogOnExceptionFilter.doFilter(IsisLogOnExceptionFilter.java:52)
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
> at
> org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
> at
> org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
> at
> org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
> at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
> at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
> at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
> at
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
> at
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
> at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
> at
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
> at
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
> at org.eclipse.jetty.server.Server.handle(Server.java:499)
> at
> org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
> at
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
> at
> org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
> at java.lang.Thread.run(Thread.java:745)
> 11:32:24,331 [PropertiesFactory qtp1410986873-18 INFO ] Loading
> properties files from
> jar:file:/home/cesar/.m2/repository/org/apache/wicket/wicket-core/6.17.0/wicket-core-6.17.0.jar!/org/apache/wicket/Application.properties
> with loader
> org.apache.wicket.resource.IsoPropertiesFilePropertiesLoader@2a3ffb40
> 11:32:24,345 [PropertiesFactory qtp1410986873-18 INFO ] Loading
> properties files from
> jar:file:/home/cesar/.m2/repository/org/apache/isis/viewer/isis-viewer-wicket-ui/1.9.0/isis-viewer-wicket-ui-1.9.0.jar!/org/apache/isis/viewer/wicket/ui/pages/login/WicketSignInPage.properties
> with loader
> org.apache.wicket.resource.IsoPropertiesFilePropertiesLoader@2a3ffb40
> 11:32:24,353 [PropertiesFactory qtp1410986873-18 INFO ] Loading
> properties files from
> jar:file:/home/cesar/.m2/repository/org/apache/isis/viewer/isis-viewer-wicket-ui/1.9.0/isis-viewer-wicket-ui-1.9.0.jar!/org/apache/isis/viewer/wicket/ui/pages/accmngt/AccountManagementPageAbstract.properties
> with loader
> org.apache.wicket.resource.IsoPropertiesFilePropertiesLoader@2a3ffb40
> 11:32:24,700 [PropertiesFactory qtp1410986873-18 INFO ] Loading
> properties files from
> jar:file:/home/cesar/.m2/repository/org/apache/wicket/wicket-extensions/6.17.0/wicket-extensions-6.17.0.jar!/org/apache/wicket/extensions/Initializer.properties
> with loader
> org.apache.wicket.resource.IsoPropertiesFilePropertiesLoader@2a3ffb40
>
> -----Original Message-----
> From: Dan Haywood [mailto:[email protected]]
> Sent: Thursday, November 5, 2015 10:31 AM
> To: users
> Subject: Re: Security module
>
> Does the SeedSecurityModuleService init method get called?
>
> If so, does the IsisModukeSecurityRealm get called?
>
> If so, are there any exceptions in the stack trace?
> On 5 Nov 2015 16:20, "Cesar Lugo" <[email protected]> wrote:
>
> > Hello, I am working with the security module add on (everything
> > 1.9.0), and I am using isisModuleSecurityRealm using in shiro.ini. I
> > tried to access with isis-module-security-admin using pass as the
> > password, but does not let me in. If I change back to ini.Realm then I
> > can access with Sven / pass .
> >
> >
> >
> > I have this in shiro.ini
> >
> >
> >
> > # to use .ini file
> >
> > # securityManager.realms = $iniRealm
> >
> >
> >
> >
> >
> > #to enable isis security module add-on instead
> >
> >
> > isisModuleSecurityRealm=org.isisaddons.module.security.shiro.IsisModul
> > eSecur
> > ityRealm
> >
> >
> >
> >
> > authenticationStrategy=org.isisaddons.module.security.shiro.Authentica
> > tionSt
> > rategyForIsisModuleSecurityRealm
> >
> > securityManager.authenticator.authenticationStrategy =
> > $authenticationStrategy
> >
> >
> >
> > securityManager.realms = $isisModuleSecurityRealm
> >
> >
> >
> >
> >
> > I tried to access with isis-module-security-admin using pass as the
> > password, but does not let me in. If I change back to ini.Realm then I
> > can access with Sven / pass .
> >
> >
> >
> > Cesar.
> >
> >
> >
> > ---
> > This email has been checked for viruses by Avast antivirus software.
> > https://www.avast.com/antivirus
> >
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>
>
