9 Replies Latest reply on Jan 7, 2013 4:26 PM by nheron

    Login failed  org.jboss.seam.security.AuthenticationException: Authenticator must provide a no  n-null User after successful authentication

    dmitry.erkin

      Hello!

       

      I catch java.lang.NullPointerException

      if I uncomment next line (highlighted) in beams.xml

       

      <security:IdentityImpl>

          <s:modifies/>

          <!-- JAAS based authentication -->

          <security:authenticatorName>jaasAuthenticator</security:authenticatorName>

       

        </security:IdentityImpl>

       

      <security:jaas.JaasAuthenticator>

          <s:modifies/>

          <jaasConfigName>drools-guvnor</jaasConfigName>

        </security:jaas.JaasAuthenticator>

       

      <guvnorSecurity:RoleBasedPermissionResolver>

          <s:modifies/>

          <guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>

        </guvnorSecurity:RoleBasedPermissionResolver>

       

       

      bin\setenv.bat:

      set BONITA_HOME="-DBONITA_HOME=%CATALINA_HOME%\bonita"

      set LOG_OPTS="-Djava.util.logging.config.file=%CATALINA_HOME%\external\logging\logging.properties"

      set SECURITY_OPTS="-Djava.security.auth.login.config=%CATALINA_HOME%\external\security\jaas-standard.cfg"

      set CMIS_CONFIG=-Dexo.data.dir="%CATALINA_HOME%\external\xcmis\ext-exo-data" -Dorg.exoplatform.container.standalone.config="%CATALINA_HOME%\external\xcmis\ext-exo-conf\exo-configuration-oracle.xml"

       

      set JAVA_OPTS=%JAVA_OPTS% %LOG_OPTS% %SECURITY_OPTS% %BONITA_OPTS% %BONITA_HOME% %CMIS_CONFIG% -Dfile.encoding=UTF-8 -Xshare:auto -Xms512m -Xmx1024m -XX:MaxPermSize=256m -XX:+HeapDumpOnOutOfMemoryError

       

      external\security\jaas-standard.cfg:

      drools-guvnor {

      com.test.droolsproto.loginModule.module.DroolsLoginModule required;

      };

       

      Environment:

      apache-tomcat-6.0.35

      guvnor-5.4.0.Final-tomcat-6.0.war

       

          <jaasConfigName>drools-guvnor</jaasConfigName> leads to the same result.

       

      I suppose I missed something in config/whats it?

       

      Thanks.

       

       

      Details:

      java.lang.NullPointerException

              at org.jboss.solder.config.xml.model.ModelBuilder.validateXmlItem(ModelB

      uilder.java:237)

              at org.jboss.solder.config.xml.model.ModelBuilder.addNodeToResult(ModelB

      uilder.java:102)

              at org.jboss.solder.config.xml.model.ModelBuilder.build(ModelBuilder.jav

      a:88)

              at org.jboss.solder.config.xml.bootstrap.XmlConfigExtension.beforeBeanDi

      scovery(XmlConfigExtension.java:93)

              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.

      java:39)

              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces

      sorImpl.java:25)

              at java.lang.reflect.Method.invoke(Method.java:597)

              at org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflec

      tions.java:267)

              at org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureRefle

      ctionAccess.java:52)

              at org.jboss.weld.util.reflection.SecureReflectionAccess.runAsInvocation

      (SecureReflectionAccess.java:137)

              at org.jboss.weld.util.reflection.SecureReflections.invoke(SecureReflect

      ions.java:263)

              at org.jboss.weld.introspector.jlr.WeldMethodImpl.invokeOnInstance(WeldM

      ethodImpl.java:170)

              at org.jboss.weld.introspector.ForwardingWeldMethod.invokeOnInstance(For

      wardingWeldMethod.java:51)

              at org.jboss.weld.injection.MethodInjectionPoint.invokeOnInstanceWithSpe

      cialValue(MethodInjectionPoint.java:154)

              at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.

      java:241)

              at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.

      java:229)

              at org.jboss.weld.event.ObserverMethodImpl.notify(ObserverMethodImpl.jav

      a:207)

              at org.jboss.weld.bootstrap.events.AbstractContainerEvent.fire(AbstractC

      ontainerEvent.java:75)

              at org.jboss.weld.bootstrap.events.AbstractDefinitionContainerEvent.fire

      (AbstractDefinitionContainerEvent.java:46)

              at org.jboss.weld.bootstrap.events.BeforeBeanDiscoveryImpl.fire(BeforeBe

      anDiscoveryImpl.java:46)

              at org.jboss.weld.bootstrap.WeldBootstrap.startInitialization(WeldBootst

      rap.java:335)

              at org.jboss.weld.environment.servlet.Listener.contextInitialized(Listen

      er.java:151)

              at org.drools.guvnor.server.repository.SafeWeldListener.contextInitializ

      ed(SafeWeldListener.java:54)

              at org.apache.catalina.core.StandardContext.listenerStart(StandardContex

      t.java:4206)

              at org.apache.catalina.core.StandardContext.start(StandardContext.java:4

      705)

              at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase

      .java:799)

              at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:77

      9)

              at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601)

       

              at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.ja

      va:675)

              at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.j

      ava:601)

              at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502

      )

              at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1317)

              at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java

      :324)

              at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(Lifecycl

      eSupport.java:142)

              at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1065)

       

              at org.apache.catalina.core.StandardHost.start(StandardHost.java:840)

              at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)

       

              at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463

      )

              at org.apache.catalina.core.StandardService.start(StandardService.java:5

      25)

              at org.apache.catalina.core.StandardServer.start(StandardServer.java:754

      )

              at org.apache.catalina.startup.Catalina.start(Catalina.java:595)

              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.

      java:39)

              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces

      sorImpl.java:25)

              at java.lang.reflect.Method.invoke(Method.java:597)

              at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)

              at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)

      Oct 13, 2012 11:58:53 PM org.apache.catalina.core.StandardContext start

      SEVERE: Error listenerStart

      Oct 13, 2012 11:58:53 PM org.apache.catalina.core.StandardContext start

      SEVERE: Context [/guvnor-5.4.0.Final-tomcat-6.0] startup failed due to previous

      errors

        • 1. Re: beams.xml: jaasConfigName->NullPointerException
          dmitry.erkin

          First mistake's found:

           

          <security:jaas.JaasAuthenticator>

              <s:modifies/>

              <!--

                The following one will use the jaas configuration called "other",

                which in jboss AS means you can use properties files for users.

              -->

              <security:jaasConfigName>drools-guvnor</security:jaasConfigName>

            </security:jaas.JaasAuthenticator>

           

          There wasnt a namespace in the original beans.xml.

           

          Now it says:

          ERROR 14-10 14:41:44,218 (Logger.java:error:1092)        JAAS authentication failed

          javax.security.auth.login.LoginException: No LoginModules configured for drools-guvnor

          • 2. Re: beams.xml: jaasConfigName->NullPointerException
            dmitry.erkin

            On a fresh copy i get the issue:

             

             

            initialize...

            initialized.

            login...

            username=admin

            password=guvnor

            conn.

            stmt.

            sqlname=select * from guvnorusers where username ='admin'and pwd ='guvnor'

            rs.

            succeeded.

            commit.

            ERROR 14-10 21:11:14,458 (Logger.java:error:1092)        Login failed

            org.jboss.seam.security.AuthenticationException: Authenticator must provide a no

            n-null User after successful authentication

                    at org.jboss.seam.security.IdentityImpl.postAuthenticate(IdentityImpl.ja

            va:282)

             

             

            Here is my implementation:

             

            public class DroolsLoginModule implements LoginModule {

            ...

             

            @Override

            public boolean commit() throws LoginException {

             

            // this is the important part to work with JBoss:

            subject.getPrincipals().add(userPrincipal);

             

            System.out.println("commit.");

             

            return true;

            }

             

            ...

             

            Whats the relation between javax.security.auth.spi.LoginModule and  org.jboss.seam.security.IdentityImpl?

             

            according to the sourse code i get the issue here:

            358         activeAuthenticator.postAuthenticate();

            359

            360         if (!activeAuthenticator.getStatus().equals(AuthenticationStatus.SUCCESS)) return;

            361

            362         user = activeAuthenticator.getUser();

            363

            364         if (user == null)

            365         {

            366            throw new AuthenticationException("Authenticator must provide a non-null User after successful authentication");

            367         }

             

            but my implementation sets subject.getPrincipals().add(userPrincipal)

            • 3. Re: beams.xml: jaasConfigName->NullPointerException
              dmitry.erkin

              https://community.jboss.org/thread/199887?tstart=0

               

              it says:

               

              The JaasAuthenticator doesn't call setUser, so jaas authentication can't work.

               

              Here's the github patch (not by me):

               

              https://github.com/lholmquist/security/commit/89b0ae814fa34dbc9301515f4b10c0ee86882c19

               

              but link does not work.

               

              So where is to get that patch?

              • 4. Re: beams.xml: jaasConfigName->NullPointerException
                mrychly

                Here is the code of JaasAuthenticator on git: https://github.com/seam/security/blob/develop/impl/src/main/java/org/jboss/seam/security/jaas/JaasAuthenticator.java

                You have to set user in JaasAuthenticator class. It was propably ommited by mistake.

                Just add this after setting Status to Success... (e.g. setUser( new SimpleUser( credentials.getUsername() ) ); ).

                • 5. Re: beams.xml: jaasConfigName->NullPointerException
                  dmitry.erkin

                  Hello Marcin!

                   

                  Thanks for your answer

                   

                  I can not make seam-security*.jar cause there are lot of dependencies so could you give me the new one?

                  • 6. Re: beams.xml: jaasConfigName->NullPointerException
                    mrychly

                    I attached modified version. It works for me.

                    1 of 1 people found this helpful
                    • 7. Re: beams.xml: jaasConfigName->NullPointerException
                      dmitry.erkin

                      Hello Marcin!

                       

                      The issue solved, thank you.

                      But I get into another issue/ Guvnor shows me next screen: "

                       

                      500 The call failed on the server; see server log for details

                       

                      "

                       

                      There are some details in the log:

                      INFO  03-11 14:20:04,057 (RulesRepositoryConfigurator.java:getInstance:46)

                      Creating an instance of the RulesRepositoryConfigurator.

                      ERROR 03-11 14:20:07,791 (LoggingHelper.java:error:74)   Service method 'public

                      abstract java.util.List org.drools.guvnor.client.rpc.SecurityService.getUserCapa

                      bilities()' threw an unexpected exception: java.lang.IllegalStateException: Atte

                      mpted to inject an HttpSession before it has been initialized.

                      java.lang.IllegalStateException: Attempted to inject an HttpSession before it ha

                      s been initialized.

                              at org.jboss.solder.servlet.http.ImplicitHttpServletObjectsProducer.getH

                      ttpSession(ImplicitHttpServletObjectsProducer.java:55)

                      • 8. Re: beams.xml: jaasConfigName->NullPointerException
                        dig1234

                        Have you every resolved the problem ? I'm following your steps to deploy guvnor 5.4F on tomcat 6.0.35, got all the same errors, and the last message means the login account has no permisssions assigned, switch to other account may work.

                         

                        There is a new question which may confused most of us, we must click logout twice before we can come to the login prompt interface, but even though , the guvnor does not clean the former sessions, if you use the right permission role loged in without close browser , it still prompt the same errors, you must closed browser and reopen it again, then you may get loged in and with a right permissions.

                         

                        Has guvnor teams considered about this ? the 5.5RC1 has the same issue.

                        • 9. Re: Login failed  org.jboss.seam.security.AuthenticationException: Authenticator must provide a no  n-null User after successful authentication
                          nheron

                          Hi to all,

                          the issue has be fixed in seam-security : https://issues.jboss.org/browse/SEAMSECURITY-98

                          Now we have to wait for version 3.1.1.Final of seam-security.

                          Cheers

                          Nicolas