7 Replies Latest reply on Nov 28, 2007 11:29 AM by swisst

LDAP / JNDI Class Cast Exception

swisst Oct 17, 2007 12:31 PM

I am using the bundled version of JBoss Portal 2.6.2.

I have successfully configured Portal to use AD for LDAP. My next step was to pull out the LDAP datasource information and put it into the jboss-service.xml file and reference it in my ldap_identity-config.xml file using JNDI.

I have it all set-up, and when I try to log in I receive a class cast exception. This all works when the connection information is defined in my config file without JNDI. Here are the details:

ldap_identity-config.xml

 <datasources>
 <datasource>
 <name>LDAP</name>
 <config>
 <option>
 <name>externalContextJndiName</name>
 <value>external/ldap/jboss</value>
 </option>
 </config>
 </datasource>
 </datasources>

jboss-service.xml

 <!-- Bind a remote LDAP server -->
 <mbean code="org.jboss.naming.ExternalContext" name="jboss.jndi:service=ExternalContext,jndiName=external/ldap/jboss">
 <attribute name="JndiName">external/ldap/jboss</attribute>
 <attribute name="Properties">
 java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
 java.naming.provider.url=ldap://my.company.com:389/DC=my,DC=company,DC=com
 java.naming.security.principal=CN=Portal ID,OU=ServiceAccounts,DC=my,DC=company,DC=com
 java.naming.security.authentication=simple
 java.naming.security.credentials=mypassword
 </attribute>
 <attribute name="InitialContext"> javax.naming.ldap.InitialLdapContext </attribute>
 <attribute name="RemoteAccess">true</attribute>
 </mbean>

Error Message

09:04:40,130 ERROR [IdentityLoginModule] Error when validating password
org.jboss.portal.common.transaction.NestedException: javax.security.auth.login.LoginException: java.lang.ClassCastExcept
ion: $Proxy174
 at org.jboss.portal.common.transaction.Transactions.apply(Transactions.java:253)
 at org.jboss.portal.common.transaction.Transactions.required(Transactions.java:289)
 at org.jboss.portal.identity.auth.IdentityLoginModule.getUserStatus(IdentityLoginModule.java:223)
 at org.jboss.portal.identity.auth.IdentityLoginModule.validatePassword(IdentityLoginModule.java:177)
 at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
 at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
 at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
 at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
 at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
 at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
 at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
 at java.lang.Thread.run(Thread.java:595)
Caused by: javax.security.auth.login.LoginException: java.lang.ClassCastException: $Proxy174
 at org.jboss.portal.identity.auth.IdentityLoginModule$1.run(IdentityLoginModule.java:279)
 at org.jboss.portal.common.transaction.Transactions.apply(Transactions.java:219)
 ... 30 more

Any ideas?

1. Re: LDAP / JNDI Class Cast Exception

swisst Oct 17, 2007 12:56 PM (in response to swisst)

Follow-up. I forgot to mention that I followed the documentation as outlined here:

http://docs.jboss.com/jbportal/v2.6.2/referenceGuide/html/ldap.html

and here:

http://docs.jboss.com/jbossas/guides/j2eeguide/r2/en/html_single/#d0e6877
Actions
2. Re: LDAP / JNDI Class Cast Exception

bdaw Nov 2, 2007 5:20 AM (in response to swisst)

Hi,

Sorry for not replying earlier. Could you fill in a bug report in JIRA, assign it to me and put a fix version for 2.6.3?
Actions
3. Re: LDAP / JNDI Class Cast Exception

bdaw Nov 21, 2007 11:25 AM (in response to swisst)

http://jira.jboss.com/jira/browse/JBPORTAL-1812

This will be fixed in 2.6.3. You can try it from svn before the release
Actions
4. Re: LDAP / JNDI Class Cast Exception

roth Nov 23, 2007 5:06 AM (in response to swisst)

Hi

I allow myself to hijack this thread, since a solution to the original issue has been found.

Swisst, did you manage to get ldap/ad running with an admin group coming from your ldap (as opposed to the standard admin 'admin', role 'admin')?

I had to find out that what I proposed here (http://wiki.jboss.org/wiki/Wiki.jsp?page=GiveAdminPrivileges) isn't quite working. When defining a page layout, the list of available portlet instances is always empty. Using the wizard works, but that's not a usable workaround for me, since the wizard creates a new instance every time.

I tried to debug this, as I already found two problems with a hardcoded use of 'admin' so far, but couldn't find the cause this time. I got as far as stepping through the code with a debugger, but I have to admit that I don't understand all the stuff that is happening when displaying the 'page layout' page.

Thanks,
Tobias
Actions
5. Re: LDAP / JNDI Class Cast Exception

swisst Nov 27, 2007 12:46 AM (in response to swisst)

Sorry for the slow response, I have been on vacation...

I am up and running with ldap/ad. However, we do not use the admin portal piece. Our layout is static and configured through the deployment xml files.

Is there a test you'd like me to run?
Actions
6. Re: LDAP / JNDI Class Cast Exception

roth Nov 28, 2007 3:12 AM (in response to swisst)

Hi swisst

This concerns only the admin portlet.

It was a "misconfiguration" on my part, see this bug report for more details: http://jira.jboss.com/jira/browse/JBPORTAL-1814

I'll update the wiki page shortly to reflect this.

Thanks,
Tobias
Actions
7. Re: LDAP / JNDI Class Cast Exception

swisst Nov 28, 2007 11:29 AM (in response to swisst)

It sounds like your "misconfiguration" is more a shortcoming of the design of having the magic word "Admin" everywhere. Thanks for your perseverance on this topic, and I'll be looking for your wiki update!
Actions

Go to original post