How to fix this exception: java.lang.IllegalArgumentException: Cannot create portal MyUser that already exist?
jpadula35 Feb 28, 2011 3:25 PMCan anyone help me with an exception that I get the first time that I log in as an MSAD user (as a result everything is not getting loaded into the home page of our portal)? I have configured the picketlink-idm-msad-readonly-config.xml to authenticate against our AD. But when we have the CN for the role in an OU that is parallel to the OU for the Users, the first time the user logs in I get the IllegalArgumentException. This does not occur if the CN resides under the OU for the users.
The roles in Group Management are getting populated correctly, and the users in User management are all listed. But they don't seem to be tied together.
This structure causes a problem:
OU=NewUsers -- contains users
OU=TestUsers -- contains users
OU=TestGroups -- contains groups
CN=My-Admins,OU=TestGroups
This structure works fine:
OU=TestUsers
CN=My-Admins,OU=TestUsers
Here is the stacktrace:
2011-02-25 19:53:02,931 ERROR [portal:PortalRequestHandler] Error while handling request
java.lang.IllegalArgumentException: Cannot create portal MyUser that already exist
at org.exoplatform.portal.pom.config.tasks.PortalConfigTask$Save.run(PortalConfigTask.java:140)
at org.exoplatform.portal.pom.config.tasks.PortalConfigTask$Save.run(PortalConfigTask.java:99)
at org.exoplatform.portal.pom.config.POMSession.execute(POMSession.java:390)
at org.exoplatform.portal.pom.config.ExecutorDispatcher.execute(ExecutorDispatcher.java:41)
at org.exoplatform.portal.pom.config.TaskExecutionDecorator.execute(TaskExecutionDecorator.java:38)
at org.exoplatform.portal.pom.config.cache.DataCache.create(DataCache.java:108)
at org.exoplatform.portal.pom.config.cache.DataCache.execute(DataCache.java:63)
at org.exoplatform.portal.pom.config.POMSessionManager.execute(POMSessionManager.java:201)
at org.exoplatform.portal.pom.config.POMDataStorage.create(POMDataStorage.java:87)
at org.exoplatform.portal.config.DataStorageImpl.create(DataStorageImpl.java:79)
at org.exoplatform.portal.config.NewPortalConfigListener.createPortalConfig(NewPortalConfigListener.java:349)
at org.exoplatform.portal.config.UserPortalConfigService.createUserPortalConfig(UserPortalConfigService.java:302)
at org.exoplatform.portal.config.UserPortalConfigService.createUserSite(UserPortalConfigService.java:230)
at org.exoplatform.portal.application.UserSiteLifeCycle.onStartRequest(UserSiteLifeCycle.java:59)
at org.exoplatform.portal.application.UserSiteLifeCycle.onStartRequest(UserSiteLifeCycle.java:36)
at org.exoplatform.portal.application.PortalRequestHandler.execute(PortalRequestHandler.java:97)
at org.exoplatform.web.WebAppController.service(WebAppController.java:143)
at org.exoplatform.portal.application.PortalController.onService(PortalController.java:127)
at org.exoplatform.container.web.AbstractHttpServlet.service(AbstractHttpServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.exoplatform.web.CacheUserProfileFilter.doFilter(CacheUserProfileFilter.java:72)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.exoplatform.frameworks.jcr.web.ThreadLocalSessionProviderInitializedFilter.doFilter(ThreadLocalSessionProviderInitializedFilter.java:116)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.exoplatform.services.security.web.SetCurrentIdentityFilter.doFilter(SetCurrentIdentityFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.exoplatform.web.filter.ExtensibleFilter$ExtensibleFilterChain.doFilter(ExtensibleFilter.java:112)
at org.exoplatform.sample.ext.web.SampleFilter.doFilter(SampleFilter.java:46)
at org.exoplatform.web.filter.ExtensibleFilter$ExtensibleFilterChain.doFilter(ExtensibleFilter.java:108)
at org.exoplatform.web.filter.ExtensibleFilter.doFilter(ExtensibleFilter.java:84)
at org.exoplatform.web.filter.GenericFilter.doFilter(GenericFilter.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.exoplatform.web.login.ClusteredSSOFilter.doFilter(ClusteredSSOFilter.java:73)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
2011-02-25 19:53:02,931 ERROR [portal:PortalRequestHandler] Error while ending request on all ApplicationLifecycle
java.lang.NullPointerException
at org.exoplatform.webui.application.MonitorApplicationLifecycle.onEndRequest(MonitorApplicationLifecycle.java:74)
at org.exoplatform.webui.application.MonitorApplicationLifecycle.onEndRequest(MonitorApplicationLifecycle.java:32)
at org.exoplatform.portal.application.PortalRequestHandler.execute(PortalRequestHandler.java:143)
at org.exoplatform.web.WebAppController.service(WebAppController.java:143)
at org.exoplatform.portal.application.PortalController.onService(PortalController.java:127)
at org.exoplatform.container.web.AbstractHttpServlet.service(AbstractHttpServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.exoplatform.web.CacheUserProfileFilter.doFilter(CacheUserProfileFilter.java:72)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.exoplatform.frameworks.jcr.web.ThreadLocalSessionProviderInitializedFilter.doFilter(ThreadLocalSessionProviderInitializedFilter.java:116)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.exoplatform.services.security.web.SetCurrentIdentityFilter.doFilter(SetCurrentIdentityFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.exoplatform.web.filter.ExtensibleFilter$ExtensibleFilterChain.doFilter(ExtensibleFilter.java:112)
at org.exoplatform.sample.ext.web.SampleFilter.doFilter(SampleFilter.java:46)
at org.exoplatform.web.filter.ExtensibleFilter$ExtensibleFilterChain.doFilter(ExtensibleFilter.java:108)
at org.exoplatform.web.filter.ExtensibleFilter.doFilter(ExtensibleFilter.java:84)
at org.exoplatform.web.filter.GenericFilter.doFilter(GenericFilter.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.exoplatform.web.login.ClusteredSSOFilter.doFilter(ClusteredSSOFilter.java:73)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Here is the config:
<jboss-identity xmlns="urn:picketlink:idm:config:v1_0_0_ga"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:picketlink:idm:config:v1_0_0_ga identity-config.xsd">
<realms>
<realm>
<id>idm_realm_sample-portal</id>
<repository-id-ref>DefaultPortalRepository</repository-id-ref>
<identity-type-mappings>
<user-mapping>USER</user-mapping>
</identity-type-mappings>
<options>
<option>
<name>cache.providerRegistryName</name>
<value>apiCacheProvider</value>
</option>
</options>
</realm>
<realm>
<id>idm_realm</id>
<repository-id-ref>PortalRepository</repository-id-ref>
<identity-type-mappings>
<user-mapping>USER</user-mapping>
</identity-type-mappings>
<options>
<option>
<name>template</name>
<value>true</value>
</option>
<option>
<name>cache.providerRegistryName</name>
<value>apiCacheProvider</value>
</option>
</options>
</realm>
</realms>
<repositories>
<repository>
<id>PortalRepository</id>
<class>org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository</class>
<external-config/>
<default-identity-store-id>HibernateStore</default-identity-store-id>
<default-attribute-store-id>HibernateStore</default-attribute-store-id>
<identity-store-mappings>
<identity-store-mapping>
<identity-store-id>PortalLDAPStore</identity-store-id>
<identity-object-types>
<identity-object-type>USER</identity-object-type>
<identity-object-type>msad_roles_type</identity-object-type>
</identity-object-types>
<options>
<option>
<name>readOnly</name>
<value>true</value>
</option>
</options>
</identity-store-mapping>
</identity-store-mappings>
<options>
<option>
<name>allowNotDefinedAttributes</name>
<value>true</value>
</option>
</options>
</repository>
<repository>
<id>DefaultPortalRepository</id>
<class>org.picketlink.idm.impl.repository.WrapperIdentityStoreRepository</class>
<external-config/>
<default-identity-store-id>HibernateStore</default-identity-store-id>
<default-attribute-store-id>HibernateStore</default-attribute-store-id>
</repository>
</repositories>
<stores>
<attribute-stores/>
<identity-stores>
<identity-store>
<id>HibernateStore</id>
<class>org.picketlink.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class>
<external-config/>
<supported-relationship-types>
<relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
<relationship-type>JBOSS_IDENTITY_ROLE</relationship-type>
</supported-relationship-types>
<supported-identity-object-types>
<identity-object-type>
<name>USER</name>
<relationships/>
<credentials>
<credential-type>PASSWORD</credential-type>
</credentials>
<attributes/>
<options/>
</identity-object-type>
</supported-identity-object-types>
<options>
<option>
<name>hibernateSessionFactoryRegistryName</name>
<value>hibernateSessionFactory</value>
</option>
<option>
<name>populateRelationshipTypes</name>
<value>true</value>
</option>
<option>
<name>populateIdentityObjectTypes</name>
<value>true</value>
</option>
<option>
<name>allowNotDefinedIdentityObjectTypes</name>
<value>true</value>
</option>
<option>
<name>allowNotDefinedAttributes</name>
<value>true</value>
</option>
<option>
<name>isRealmAware</name>
<value>true</value>
</option>
</options>
</identity-store>
<identity-store>
<id>PortalLDAPStore</id>
<class>org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl</class>
<external-config/>
<supported-relationship-types>
<relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
</supported-relationship-types>
<supported-identity-object-types>
<identity-object-type>
<name>USER</name>
<relationships/>
<credentials>
<credential-type>PASSWORD</credential-type>
</credentials>
<attributes>
<attribute>
<name>firstName</name>
<mapping>givenName</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
</attribute>
<attribute>
<name>lastName</name>
<mapping>sn</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
</attribute>
<attribute>
<name>email</name>
<mapping>mail</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
<isUnique>true</isUnique>
</attribute>
</attributes>
<options>
<option>
<name>idAttributeName</name>
<value>sAMAccountName</value>
</option>
<option>
<name>entrySearchFilter</name>
<value><![CDATA[(&(sAMAccountName={0})(objectClass=User))]]></value>
</option>
<option>
<name>passwordAttributeName</name>
<value>unicodePwd</value>
</option>
<option>
<name>enclosePasswordWith</name>
<value>"</value>
</option>
<option>
<name>passwordEncoding</name>
<value>UTF-16LE</value>
</option>
<option>
<name>ctxDNs</name>
<value><![CDATA[OU=TestUsers,DC=test,DC=local]]></value>
<value><![CDATA[OU=NewUsers,DC=test,DC=local]]></value>
</option>
<option>
<name>entrySearchScope</name>
<value>subtree</value>
</option>
<option>
<name>allowCreateEntry</name>
<value>true</value>
</option>
<option>
<name>createEntryAttributeValues</name>
<value>objectClass=top</value>
<value>objectClass=inetOrgPerson</value>
<value>sn= </value>
<value>userAccountControl=514</value>
<!--<value>cn= </value>-->
</option>
<option>
<name>passwordUpdateAttributeValues</name>
<value>userAccountControl=512</value>
</option>
</options>
</identity-object-type>
<identity-object-type>
<name>msad_roles_type</name>
<relationships>
<relationship>
<relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
<identity-object-type-ref>USER</identity-object-type-ref>
</relationship>
<relationship>
<relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
<identity-object-type-ref>msad_roles_type</identity-object-type-ref>
</relationship>
</relationships>
<credentials/>
<attributes>
<attribute>
<name>label</name>
<mapping>cn</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>true</isReadOnly>
</attribute>
<attribute>
<name>description</name>
<mapping>description</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
</attribute>
</attributes>
<options>
<option>
<name>idAttributeName</name>
<value>cn</value>
</option>
<option>
<name>ctxDNs</name>
<value><![CDATA[CN=My-Admins,OU=TestGroups,DC=test,DC=local]]></value>
<value><![CDATA[CN=My-Powerusers,OU=TestGroups,DC=test,DC=local]]></value>
<value><![CDATA[CN=My-Users,OU=TestGroups,DC=test,DC=local]]></value>
</option>
<option>
<name>entrySearchScope</name>
<value>subtree</value>
</option>
<option>
<name>entrySearchFilter</name>
<value><![CDATA[(&(sAMAccountName={0})(objectClass=group))]]></value>
</option>
<option>
<name>allowCreateEntry</name>
<value>true</value>
</option>
<option>
<name>parentMembershipAttributeName</name>
<value>member</value>
</option>
<option>
<name>isParentMembershipAttributeDN</name>
<value>true</value>
</option>
<option>
<name>allowEmptyMemberships</name>
<value>true</value>
</option>
<option>
<name>createEntryAttributeValues</name>
<value>objectClass=top</value>
<value>objectClass=group</value>
<value>groupType=8</value>
</option>
</options>
</identity-object-type>
</supported-identity-object-types>
<options>
<option>
<name>providerURL</name>
<value>ldap://10.11.12.13:543</value>
</option>
<!--<option>-->
<!--<name>providerURL</name>-->
<!--<value>ldaps://msad-host:636</value>-->
<!--</option>-->
<option>
<name>adminDN</name>
<value>test\gatein_admin</value>
</option>
<option>
<name>adminPassword</name>
<value>password</value>
</option>
<option>
<name>authenticationMethod</name>
<value>simple</value>
</option>
<!--<option>-->
<!--<name>customSystemProperties</name>-->
<!--<value>javax.net.ssl.trustStore=/home/root/msad.truststore</value>-->
<!--<value>javax.net.ssl.trustStorePassword=password</value>-->
<!--</option>-->
<option>
<name>searchTimeLimit</name>
<value>10000</value>
</option>
<option>
<name>createMissingContexts</name>
<value>false</value>
</option>
<option>
<name>customJNDIConnectionParameters</name>
<value>com.sun.jndi.ldap.connect.pool=true</value>
</option>
<option>
<name>customSystemProperties</name>
<value>com.sun.jndi.ldap.connect.pool.maxsize=300000</value>
<value>com.sun.jndi.ldap.connect.pool.protocol=plain ssl</value>
</option>
<option>
<name>cache.providerRegistryName</name>
<value>storeCacheProvider</value>
</option>
</options>
</identity-store>
</identity-stores>
</stores>
<options>
<option>
<name>defaultTemplate</name>
<value>idm_realm</value>
</option>
</options>
</jboss-identity>
Any hints or help would be appreciated.
-- Joseph Padula
Message was edited by: Joseph Padula