0 Replies Latest reply on Feb 28, 2011 3:25 PM by Joe Padula

    How to fix this exception: java.lang.IllegalArgumentException: Cannot create portal MyUser that already exist?

    Joe Padula Novice

      Can anyone help me with an exception that I get the first time that I log in as an MSAD user (as a result everything is not getting loaded into the home page of our portal)? I have configured the picketlink-idm-msad-readonly-config.xml to authenticate against our AD. But when we have the CN for the role in an OU that is parallel to the OU for the Users, the first time the user logs in I get the IllegalArgumentException. This does not occur if the CN resides under the OU for the users.

       

      The roles in Group Management are getting populated correctly, and the users in User management are all listed. But they don't seem to be tied together.

       

      This structure causes a problem:

      OU=NewUsers  -- contains users

      OU=TestUsers  -- contains users

      OU=TestGroups -- contains groups

       

      CN=My-Admins,OU=TestGroups

       

      This structure works fine:

      OU=TestUsers

      CN=My-Admins,OU=TestUsers

       

      Here is the stacktrace:

      2011-02-25 19:53:02,931 ERROR [portal:PortalRequestHandler] Error while handling request

      java.lang.IllegalArgumentException: Cannot create portal MyUser that already exist

      at org.exoplatform.portal.pom.config.tasks.PortalConfigTask$Save.run(PortalConfigTask.java:140)

      at org.exoplatform.portal.pom.config.tasks.PortalConfigTask$Save.run(PortalConfigTask.java:99)

      at org.exoplatform.portal.pom.config.POMSession.execute(POMSession.java:390)

      at org.exoplatform.portal.pom.config.ExecutorDispatcher.execute(ExecutorDispatcher.java:41)

      at org.exoplatform.portal.pom.config.TaskExecutionDecorator.execute(TaskExecutionDecorator.java:38)

      at org.exoplatform.portal.pom.config.cache.DataCache.create(DataCache.java:108)

      at org.exoplatform.portal.pom.config.cache.DataCache.execute(DataCache.java:63)

      at org.exoplatform.portal.pom.config.POMSessionManager.execute(POMSessionManager.java:201)

      at org.exoplatform.portal.pom.config.POMDataStorage.create(POMDataStorage.java:87)

      at org.exoplatform.portal.config.DataStorageImpl.create(DataStorageImpl.java:79)

      at org.exoplatform.portal.config.NewPortalConfigListener.createPortalConfig(NewPortalConfigListener.java:349)

      at org.exoplatform.portal.config.UserPortalConfigService.createUserPortalConfig(UserPortalConfigService.java:302)

      at org.exoplatform.portal.config.UserPortalConfigService.createUserSite(UserPortalConfigService.java:230)

      at org.exoplatform.portal.application.UserSiteLifeCycle.onStartRequest(UserSiteLifeCycle.java:59)

      at org.exoplatform.portal.application.UserSiteLifeCycle.onStartRequest(UserSiteLifeCycle.java:36)

      at org.exoplatform.portal.application.PortalRequestHandler.execute(PortalRequestHandler.java:97)

      at org.exoplatform.web.WebAppController.service(WebAppController.java:143)

      at org.exoplatform.portal.application.PortalController.onService(PortalController.java:127)

      at org.exoplatform.container.web.AbstractHttpServlet.service(AbstractHttpServlet.java:116)

      at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

      at org.exoplatform.web.CacheUserProfileFilter.doFilter(CacheUserProfileFilter.java:72)

      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

      at org.exoplatform.frameworks.jcr.web.ThreadLocalSessionProviderInitializedFilter.doFilter(ThreadLocalSessionProviderInitializedFilter.java:116)

      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

      at org.exoplatform.services.security.web.SetCurrentIdentityFilter.doFilter(SetCurrentIdentityFilter.java:76)

      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

      at org.exoplatform.web.filter.ExtensibleFilter$ExtensibleFilterChain.doFilter(ExtensibleFilter.java:112)

      at org.exoplatform.sample.ext.web.SampleFilter.doFilter(SampleFilter.java:46)

      at org.exoplatform.web.filter.ExtensibleFilter$ExtensibleFilterChain.doFilter(ExtensibleFilter.java:108)

      at org.exoplatform.web.filter.ExtensibleFilter.doFilter(ExtensibleFilter.java:84)

      at org.exoplatform.web.filter.GenericFilter.doFilter(GenericFilter.java:66)

      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

      at org.exoplatform.web.login.ClusteredSSOFilter.doFilter(ClusteredSSOFilter.java:73)

      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)

      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)

      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)

      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)

      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)

      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)

      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)

      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)

      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)

      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)

      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)

      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)

      at java.lang.Thread.run(Thread.java:619)

      2011-02-25 19:53:02,931 ERROR [portal:PortalRequestHandler] Error while ending request on all ApplicationLifecycle

      java.lang.NullPointerException

      at org.exoplatform.webui.application.MonitorApplicationLifecycle.onEndRequest(MonitorApplicationLifecycle.java:74)

      at org.exoplatform.webui.application.MonitorApplicationLifecycle.onEndRequest(MonitorApplicationLifecycle.java:32)

      at org.exoplatform.portal.application.PortalRequestHandler.execute(PortalRequestHandler.java:143)

      at org.exoplatform.web.WebAppController.service(WebAppController.java:143)

      at org.exoplatform.portal.application.PortalController.onService(PortalController.java:127)

      at org.exoplatform.container.web.AbstractHttpServlet.service(AbstractHttpServlet.java:116)

      at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

      at org.exoplatform.web.CacheUserProfileFilter.doFilter(CacheUserProfileFilter.java:72)

      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

      at org.exoplatform.frameworks.jcr.web.ThreadLocalSessionProviderInitializedFilter.doFilter(ThreadLocalSessionProviderInitializedFilter.java:116)

      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

      at org.exoplatform.services.security.web.SetCurrentIdentityFilter.doFilter(SetCurrentIdentityFilter.java:76)

      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

      at org.exoplatform.web.filter.ExtensibleFilter$ExtensibleFilterChain.doFilter(ExtensibleFilter.java:112)

      at org.exoplatform.sample.ext.web.SampleFilter.doFilter(SampleFilter.java:46)

      at org.exoplatform.web.filter.ExtensibleFilter$ExtensibleFilterChain.doFilter(ExtensibleFilter.java:108)

      at org.exoplatform.web.filter.ExtensibleFilter.doFilter(ExtensibleFilter.java:84)

      at org.exoplatform.web.filter.GenericFilter.doFilter(GenericFilter.java:66)

      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

      at org.exoplatform.web.login.ClusteredSSOFilter.doFilter(ClusteredSSOFilter.java:73)

      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)

      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)

      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)

      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)

      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)

      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)

      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)

      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)

      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)

      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)

      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)

      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)

      at java.lang.Thread.run(Thread.java:619)

       

      Here is the config:
      <jboss-identity xmlns="urn:picketlink:idm:config:v1_0_0_ga"
                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                      xsi:schemaLocation="urn:picketlink:idm:config:v1_0_0_ga identity-config.xsd">
        <realms>
          <realm>
            <id>idm_realm_sample-portal</id>
            <repository-id-ref>DefaultPortalRepository</repository-id-ref>
            <identity-type-mappings>
              <user-mapping>USER</user-mapping>
            </identity-type-mappings>
            <options>
              <option>
                <name>cache.providerRegistryName</name>
                <value>apiCacheProvider</value>
              </option>
            </options>
          </realm>
          <realm>
            <id>idm_realm</id>
            <repository-id-ref>PortalRepository</repository-id-ref>
            <identity-type-mappings>
              <user-mapping>USER</user-mapping>
            </identity-type-mappings>
            <options>
              <option>
                <name>template</name>
                <value>true</value>
              </option>
              <option>
                <name>cache.providerRegistryName</name>
                <value>apiCacheProvider</value>
              </option>
            </options>
          </realm>
        </realms>
        <repositories>
          <repository>
            <id>PortalRepository</id>
            <class>org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository</class>
            <external-config/>
            <default-identity-store-id>HibernateStore</default-identity-store-id>
            <default-attribute-store-id>HibernateStore</default-attribute-store-id>
            <identity-store-mappings>
              <identity-store-mapping>
                <identity-store-id>PortalLDAPStore</identity-store-id>
                <identity-object-types>
                  <identity-object-type>USER</identity-object-type>
                  <identity-object-type>msad_roles_type</identity-object-type>
                </identity-object-types>
                <options>
                  <option>
                    <name>readOnly</name>
                    <value>true</value>
                  </option>
                </options>
              </identity-store-mapping>
            </identity-store-mappings>
            <options>
              <option>
                <name>allowNotDefinedAttributes</name>
                <value>true</value>
              </option>
            </options>
          </repository>
          <repository>
            <id>DefaultPortalRepository</id>
            <class>org.picketlink.idm.impl.repository.WrapperIdentityStoreRepository</class>
            <external-config/>
            <default-identity-store-id>HibernateStore</default-identity-store-id>
            <default-attribute-store-id>HibernateStore</default-attribute-store-id>
          </repository>
        </repositories>
        <stores>
          <attribute-stores/>
          <identity-stores>
            <identity-store>
              <id>HibernateStore</id>
              <class>org.picketlink.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class>
              <external-config/>
              <supported-relationship-types>
                <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
                <relationship-type>JBOSS_IDENTITY_ROLE</relationship-type>
              </supported-relationship-types>
              <supported-identity-object-types>
                <identity-object-type>
                  <name>USER</name>
                  <relationships/>
                  <credentials>
                    <credential-type>PASSWORD</credential-type>
                  </credentials>
                  <attributes/>
                  <options/>
                </identity-object-type>
              </supported-identity-object-types>
              <options>
                <option>
                  <name>hibernateSessionFactoryRegistryName</name>
                  <value>hibernateSessionFactory</value>
                </option>
                <option>
                  <name>populateRelationshipTypes</name>
                  <value>true</value>
                </option>
                <option>
                  <name>populateIdentityObjectTypes</name>
                  <value>true</value>
                </option>
                <option>
                  <name>allowNotDefinedIdentityObjectTypes</name>
                  <value>true</value>
                </option>
                <option>
                  <name>allowNotDefinedAttributes</name>
                  <value>true</value>
                </option>
                <option>
                  <name>isRealmAware</name>
                  <value>true</value>
                </option>
              </options>
            </identity-store>
            <identity-store>
              <id>PortalLDAPStore</id>
              <class>org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl</class>
              <external-config/>
              <supported-relationship-types>
                <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
              </supported-relationship-types>
              <supported-identity-object-types>
                <identity-object-type>
                  <name>USER</name>
                  <relationships/>
                  <credentials>
                    <credential-type>PASSWORD</credential-type>
                  </credentials>
                  <attributes>
                    <attribute>
                      <name>firstName</name>
                      <mapping>givenName</mapping>
                      <type>text</type>
                      <isRequired>false</isRequired>
                      <isMultivalued>false</isMultivalued>
                      <isReadOnly>false</isReadOnly>
                    </attribute>
                    <attribute>
                      <name>lastName</name>
                      <mapping>sn</mapping>
                      <type>text</type>
                      <isRequired>false</isRequired>
                      <isMultivalued>false</isMultivalued>
                      <isReadOnly>false</isReadOnly>
                    </attribute>
                    <attribute>
                      <name>email</name>
                      <mapping>mail</mapping>
                      <type>text</type>
                      <isRequired>false</isRequired>
                      <isMultivalued>false</isMultivalued>
                      <isReadOnly>false</isReadOnly>
                      <isUnique>true</isUnique>
                    </attribute>
                  </attributes>
                  <options>
                    <option>
                      <name>idAttributeName</name>
                      <value>sAMAccountName</value>
                    </option>
                    <option>
                      <name>entrySearchFilter</name>
                      <value><![CDATA[(&(sAMAccountName={0})(objectClass=User))]]></value>
                    </option>
                    <option>
                      <name>passwordAttributeName</name>
                      <value>unicodePwd</value>
                    </option>
                    <option>
                      <name>enclosePasswordWith</name>
                      <value>"</value>
                    </option>
                    <option>
                      <name>passwordEncoding</name>
                      <value>UTF-16LE</value>
                    </option>
                    <option>
                      <name>ctxDNs</name>
                        <value><![CDATA[OU=TestUsers,DC=test,DC=local]]></value>
                        <value><![CDATA[OU=NewUsers,DC=test,DC=local]]></value>
                    </option>
                    <option>
            <name>entrySearchScope</name>
            <value>subtree</value>
           </option>
                   
                    <option>
                      <name>allowCreateEntry</name>
                      <value>true</value>
                    </option>
                    <option>
                      <name>createEntryAttributeValues</name>
                      <value>objectClass=top</value>
                      <value>objectClass=inetOrgPerson</value>
                      <value>sn= </value>
                      <value>userAccountControl=514</value>
                      <!--<value>cn= </value>-->
                    </option>
                    <option>
                      <name>passwordUpdateAttributeValues</name>
                      <value>userAccountControl=512</value>
                    </option>
                  </options>
                </identity-object-type>
                <identity-object-type>
                  <name>msad_roles_type</name>
                  <relationships>
                    <relationship>
                      <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
                      <identity-object-type-ref>USER</identity-object-type-ref>
                    </relationship>
                    <relationship>
                      <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
                      <identity-object-type-ref>msad_roles_type</identity-object-type-ref>
                    </relationship>
                  </relationships>
                  <credentials/>
                  <attributes>
                    <attribute>
                      <name>label</name>
                      <mapping>cn</mapping>
                      <type>text</type>
                      <isRequired>false</isRequired>
                      <isMultivalued>false</isMultivalued>
                      <isReadOnly>true</isReadOnly>
                    </attribute>
                    <attribute>
                      <name>description</name>
                      <mapping>description</mapping>
                      <type>text</type>
                      <isRequired>false</isRequired>
                      <isMultivalued>false</isMultivalued>
                      <isReadOnly>false</isReadOnly>
                    </attribute>
                  </attributes>
                  <options>
                    <option>
                      <name>idAttributeName</name>
                      <value>cn</value>
                    </option>
                    <option>
                      <name>ctxDNs</name>
                        <value><![CDATA[CN=My-Admins,OU=TestGroups,DC=test,DC=local]]></value>
                        <value><![CDATA[CN=My-Powerusers,OU=TestGroups,DC=test,DC=local]]></value>
                        <value><![CDATA[CN=My-Users,OU=TestGroups,DC=test,DC=local]]></value>
                    </option>
                    <option>
            <name>entrySearchScope</name>
            <value>subtree</value>
           </option>
                    <option>
                      <name>entrySearchFilter</name>
                      <value><![CDATA[(&(sAMAccountName={0})(objectClass=group))]]></value>
                    </option>
                    <option>
                      <name>allowCreateEntry</name>
                      <value>true</value>
                    </option>
                    <option>
                      <name>parentMembershipAttributeName</name>
                      <value>member</value>
                    </option>
                    <option>
                      <name>isParentMembershipAttributeDN</name>
                      <value>true</value>
                    </option>
                    <option>
                      <name>allowEmptyMemberships</name>
                      <value>true</value>
                    </option>
                    <option>
                      <name>createEntryAttributeValues</name>
                      <value>objectClass=top</value>
                      <value>objectClass=group</value>
                      <value>groupType=8</value>
                    </option>
                  </options>
                </identity-object-type>
              </supported-identity-object-types>
              <options>
                <option>
                  <name>providerURL</name>
                  <value>ldap://10.11.12.13:543</value>
                </option>
                <!--<option>-->
                  <!--<name>providerURL</name>-->
                  <!--<value>ldaps://msad-host:636</value>-->
                <!--</option>-->
                <option>
                  <name>adminDN</name>
                  <value>test\gatein_admin</value>
                </option>
                <option>
                  <name>adminPassword</name>
                  <value>password</value>
                </option>
                <option>
                  <name>authenticationMethod</name>
                  <value>simple</value>
                </option>
                <!--<option>-->
                <!--<name>customSystemProperties</name>-->
                <!--<value>javax.net.ssl.trustStore=/home/root/msad.truststore</value>-->
                <!--<value>javax.net.ssl.trustStorePassword=password</value>-->
                <!--</option>-->
                <option>
                  <name>searchTimeLimit</name>
                  <value>10000</value>
                </option>
                <option>
                  <name>createMissingContexts</name>
                  <value>false</value>
                </option>
                <option>
                  <name>customJNDIConnectionParameters</name>
                  <value>com.sun.jndi.ldap.connect.pool=true</value>
                </option>
                <option>
                  <name>customSystemProperties</name>
                  <value>com.sun.jndi.ldap.connect.pool.maxsize=300000</value>
                  <value>com.sun.jndi.ldap.connect.pool.protocol=plain ssl</value>
                </option>
                <option>
                  <name>cache.providerRegistryName</name>
                  <value>storeCacheProvider</value>
                </option>
              </options>
            </identity-store>
          </identity-stores>
        </stores>
        <options>
            <option>
               <name>defaultTemplate</name>
               <value>idm_realm</value>
            </option>
        </options>
      </jboss-identity>

       

      Any hints or help would be appreciated.

       

      -- Joseph Padula

       

      Message was edited by: Joseph Padula