4 Replies Latest reply on Apr 30, 2009 5:27 AM by joe.marques

    Bug when logging in using LDAP

    lupson
    lupson Apr 29, 2009 1:04 AM

      Hi!

      I've successfully installed jopr (jopr-server-2.2.0.Beta1) and have it up and running nicely. Now I'm trying to hook up the user authentication to the company Active Directory server using LDAP. I followed the guidelines in the JBoss ON manual, chapter 1.3.2.

      It works, but if I don't add a user to jopr with the exact same username as the one I have in the AD, the login fails with the stacktraces supplied further down this post.

      The problem is that the SubjectManagerBean queries the RHQ_SUBJECT table. If the username isn't there, the login doesn't fail gracefully (is it supposed to fail?), instead redirecting me to the 500 Server Error page with the stack traces.

      If I add a user using jopr user administration (or manually hacking a new row into the table) it works fine.

      Maybe this belongs in some bug tracker, but it might also help others running into the same issue.

      javax.ejb.EJBException: java.lang.NullPointerException
 org.jboss.ejb3.tx.Ejb3TxPolicy.handleExceptionInOurTx(Ejb3TxPolicy.java:63)
 org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:83)
 org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191)
 org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
 org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62)
 org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77)
 org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:106)
 org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
 org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
 org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:214)
 org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:184)
 org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:81)
 $Proxy259.loadUserConfiguration(Unknown Source)
 org.rhq.enterprise.server.auth.prefs.SubjectPreferencesCache.load(SubjectPreferencesCache.java:40)
 org.rhq.enterprise.server.auth.prefs.SubjectPreferencesCache.getUserProperty(SubjectPreferencesCache.java:47)
 org.rhq.enterprise.server.auth.prefs.SubjectPreferencesBase.getPreference(SubjectPreferencesBase.java:120)
 org.rhq.enterprise.server.auth.prefs.SubjectPreferencesBase.getPreferenceAsList(SubjectPreferencesBase.java:194)
 org.rhq.enterprise.server.auth.prefs.SubjectPreferencesBase.getPreferenceAsList(SubjectPreferencesBase.java:180)
 org.rhq.enterprise.gui.legacy.WebUserPreferences.addLastVisitedURL(WebUserPreferences.java:103)
 org.rhq.enterprise.gui.legacy.WebUserTrackingFilter.doFilter(WebUserTrackingFilter.java:40)
 org.rhq.enterprise.gui.legacy.AuthenticationFilter.doFilter(AuthenticationFilter.java:129)
 org.rhq.helpers.rtfilter.filter.RtFilter.doFilter(RtFilter.java:123)
 org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)


Caused by: java.lang.NullPointerException
 at org.rhq.enterprise.server.auth.SubjectManagerBean.loadUserConfiguration(SubjectManagerBean.java:92)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112)
 at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166)
 at org.rhq.enterprise.server.common.TransactionInterruptInterceptor.addCheckedActionToTransactionManager(TransactionInterruptInterceptor.java:77)
 at sun.reflect.GeneratedMethodAccessor93.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
 at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.checkRequiredPermissions(RequiredPermissionsInterceptor.java:153)
 at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
 at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
 ... 48 more


      • 1664 Views
      • Tags:
        • 1. Re: Bug when logging in using LDAP
          pilhuhn
          pilhuhn Apr 29, 2009 2:05 AM (in response to lupson)

          It is certainly worth opening a jira at jira.rhq-project.org for this, as it should not NPE in any case.

          The idea behind the LDAP login is that a user can add himself when he is in LDAP and then gets added by the system to RHQ_Subject - we do currently not support users that are only in LDAP, as we have DB-Queries that directly involve the RHQ_Subject users for authorization purposes.

            • Actions
          • 2. Re: Bug when logging in using LDAP
            mazz
            mazz Apr 29, 2009 4:22 AM (in response to lupson)

            We need to check this - we might have broken LDAP integration (??).

            You should be able to login using the LDAP credentials and under the covers we will create a row in RHQ_SUBJECT that represents the user. You should not have to manually create a user aside from the self-service screen that appears when you log in with LDAP credentials the very first time.

              • Actions
            • 3. Re: Bug when logging in using LDAP
              mazz
              mazz Apr 29, 2009 4:53 AM (in response to lupson)

              BTW: 2.2 was released yesterday - you might want to try that. I think I saw this problem in earlier versions and I think it may have been fixed, but I can't say for sure.

                • Actions
              • 4. Re: Bug when logging in using LDAP
                joe.marques Apr 30, 2009 5:27 AM (in response to lupson)

                The problem is that all subject/user preferences are now cached in the latest version, but for *new* LDAP accounts the subject/user doesn't exist yet. In this special case, the user is created lazily AFTER the first login. I fixed this yesterday after seeing this post, but you'll have to use HEAD to get the fix.

                  • Actions