-
1. Integrating JBoss Negotiation with a seam application
anil.saldhana Apr 14, 2011 5:02 PM (in response to soverbosch)You need this to be completed: https://issues.jboss.org/browse/SEAMSECURITY-17
Seam needs to leverage the end results of the Web Container authentication mechanism.
-
2. Integrating JBoss Negotiation with a seam application
soverbosch Apr 15, 2011 2:07 AM (in response to anil.saldhana)Hi Anil,
True, but that will take some time before this will be solved by the community. I'm now trying to write my of filter using the negotiation project as an example and are at the moment trying to fetch the information which is collected by the login module and put it in the Identity so seam framework can use it. It takes some time to get it all to work because I'm not that knowledgeable about the security and filter stuff in the seam framework. But thanks for your reply.
Br,
Sarris
-
3. Integrating JBoss Negotiation with a seam application
soverbosch Apr 15, 2011 11:39 AM (in response to soverbosch)So after a some hours of hard work I got it working, at least basically . I am now able to automatically login a user which is logged on to the domain and as long as the user goes to the context of the webapp it is working as soon as the user goes to the webapp using a bookmark then it fails.
So http://jboss.server.com/appcontext will work but http://jboss.server.com/appcontext/pages/other/Main.seam will give the following stack trace and I am not sure what is causing this. Another issue it that when the user uses http://jboss.server.com/appcontext he/she will always end up at the login page and if you then use http://jboss.server.com/appcontext/pages/other/Main.seam you will end up on that requested page. So somewhere I am missing something/doing something wrong. Anybody who can help me on this issue????
2011-04-15 17:26:22,041 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/application].[Faces Servlet]] (http-0.0.0.0-8888-4) Servlet.service() for servlet Faces Servlet threw exception
java.lang.IllegalStateException
at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:435)
at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:272)
at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388)
at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515)
at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.jboss.seam.web.HotDeployFilter.doFilter(HotDeployFilter.java:53)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at com.company.web.framework.SpnegoFilter.doSPNEGOAuthorization(SpnegoFilter.java:137)
at com.company.web.framework.SpnegoFilter.doFilter(SpnegoFilter.java:51)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:662)
-
4. Integrating JBoss Negotiation with a seam application
soverbosch Apr 28, 2011 6:00 AM (in response to soverbosch)So to give a little status update on this, I've got it working at least on Windows XP it is working. Now the customer also uses Windows 7 with IE8 and this combination is failing to work. When debugging it seams like IE is not handling the WWW-Authenticate error response which is send to the browser and I am clueless at the moment as to what is causing this. So if anybody has a pointer in the right direction for me I would be extremely happy!
-
5. Integrating JBoss Negotiation with a seam application
soverbosch Apr 28, 2011 4:27 PM (in response to soverbosch)So one step closer, after a day of investigation I found that the "Network Security: Configure encryption types allowed for Kerberos" which is reachable through "Local Security Policy", which is part of the Administrative tools of Windows 7, didn't have any value. So I selected the RC4_HMAC_MD5 encryption type and now the negotiation goes further then the initial WWW-Authenticate: Negotiate step but now fails in the third step with on the server side the message:
java.io.IOException: Unexpected message type
at org.jboss.security.negotiation.spnego.encoding.NegTokenTargDecoder.decodeNegTokenTargSequence(NegTokenTargDecoder.java:111)
at org.jboss.security.negotiation.spnego.encoding.NegTokenTargDecoder.decode(NegTokenTargDecoder.java:126)
at org.jboss.security.negotiation.spnego.SPNEGOMessageFactory.createMessage(SPNEGOMessageFactory.java:73)
at org.jboss.security.negotiation.DelegatingMessageFactory.createMessage(DelegatingMessageFactory.java:61)
at com.raetsmarine.web.framework.SpnegoFilter.doSPNEGOAuthorization(SpnegoFilter.java:130)
at com.raetsmarine.web.framework.SpnegoFilter.doFilter(SpnegoFilter.java:61)
....
So is there anybody out there who had the same problem and knows the solution?