1 Reply Latest reply on Oct 8, 2012 1:33 PM by Jose Miguel Loor

    Problem with ldap authentication

    Jose Miguel Loor Apprentice

      I have an installation of brms-standalone-5.3.0 server, connected to my office ldap this way:

       

      In the login-config

       

      <!--

                BRMS Platform Security Domain

      -->

         <application-policy name="brms">

            <authentication>

      <!--

               <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">

                  <module-option name="usersProperties">props/brms-users.properties</module-option>

                  <module-option name="rolesProperties">props/brms-roles.properties</module-option>

               </login-module>

      -->

                <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >

                          <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>

                          <module-option name="java.naming.provider.url">ldap://192.168.0.5:389</module-option>

                          <module-option name="bindDN">cn=admin,dc=ndeveloper,dc=com</module-option>

                          <module-option name="bindCredential">ndeveloper</module-option>

                          <module-option name="baseCtxDN">ou=People,dc=ndeveloper,dc=com</module-option>

                          <module-option name="baseFilter">(cn={0})</module-option>

                          <module-option name="rolesCtxDN">ou=Group,dc=ndeveloper,dc=com</module-option>

                          <module-option name="roleFilter">(member={1})</module-option>

                          <module-option name="roleAttributeID">gidNumber</module-option>

                          <module-option name="roleAttributeIsDN">false</module-option>

                          <module-option name="roleNameAttributeID">cn</module-option>

                          <module-option name="roleRecursion">-1</module-option>

                          <module-option name="searchScope">ONELEVEL_SCOPE</module-option>

                </login-module>

            </authentication>

         </application-policy>

       

      and in the components.xml

       

      <security:identity authenticate-method="#{authenticator.authenticate}" jaas-config-name="brms"/>

       

      I can login to th jboss-brms console, register a Guvnor repository in jboss dev studio, and add a new package with a diagram But when i log in to the brms console, search for my package and open the process file, i get this error:

       

      2012-10-08 11:41:40,675 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-127.0.0.1-8080-7) initialize

      2012-10-08 11:41:40,675 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-127.0.0.1-8080-7) Security domain: brms

      2012-10-08 11:41:40,675 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-127.0.0.1-8080-7) login

      2012-10-08 11:41:40,675 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-127.0.0.1-8080-7) Logging into LDAP server, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, roleNameAttributeID=cn, searchScope=ONELEVEL_SCOPE, java.naming.security.principal=cn=admin,dc=ndeveloper,dc=com, roleRecursion=-1, baseCtxDN=ou=People,dc=ndeveloper,dc=com, roleAttributeID=gidNumber, roleFilter=(member={1}), rolesCtxDN=ou=Group,dc=ndeveloper,dc=com, baseFilter=(cn={0}), jboss.security.security_domain=brms, java.naming.provider.url=ldap://192.168.0.5:389, roleAttributeIsDN=false, bindDN=cn=admin,dc=ndeveloper,dc=com, bindCredential=*****, java.naming.security.authentication=simple, java.naming.security.credentials=***}

      2012-10-08 11:41:40,680 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] (http-127.0.0.1-8080-7) Bad password for username=admin

      2012-10-08 11:41:40,680 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-127.0.0.1-8080-7) abort

      2012-10-08 11:41:40,683 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/jboss-brms].[OryxEditorServlet]] (http-127.0.0.1-8080-7) Servlet.service() for servlet OryxEditorServlet threw exception

      java.lang.IllegalArgumentException: Unable to authenticate user.

                at org.drools.guvnor.server.files.OryxEditorServlet.service(OryxEditorServlet.java:53)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

                at org.jboss.seam.web.ContextFilter$1.process(ContextFilter.java:42)

                at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:65)

                at org.jboss.seam.web.ContextFilter.doFilter(ContextFilter.java:37)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

                at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

                at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183)

                at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)

                at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)

                at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

                at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

                at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74)

                at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)

                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)

                at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599)

                at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451)

                at java.lang.Thread.run(Thread.java:662)

        • 1. Re: Problem with ldap authentication
          Jose Miguel Loor Apprentice

          I  have tested it against a default brms installation, and the problem is almost the same:

           

          2012-10-08 12:28:47,272 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/jboss-brms].[OryxEditorServlet]] (http-127.0.0.1-8080-7) Servlet.service() for servlet OryxEditorServlet threw exception

          java.lang.IllegalArgumentException: Unable to authenticate user.

                    at org.drools.guvnor.server.files.OryxEditorServlet.service(OryxEditorServlet.java:53)

                    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

                    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

                    at org.jboss.seam.web.ContextFilter$1.process(ContextFilter.java:42)

                    at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:65)

                    at org.jboss.seam.web.ContextFilter.doFilter(ContextFilter.java:37)

                    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

                    at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)

                    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

                    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)

                    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

                    at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183)

                    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)

                    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)

                    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)

                    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

                    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

                    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)

                    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

                    at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74)

                    at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47)

                    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)

                    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)

                    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599)

                    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451)

                    at java.lang.Thread.run(Thread.java:662)

          2012-10-08 12:28:47,275 ERROR [org.jbpm.designer.web.repository.impl.UUIDBasedJbpmRepository] (http-127.0.0.1-8080-6) Unable to connect to Gunvor. Is it running? [Server returned HTTP response code: 500 for URL: http://localhost:8080/jboss-brms/org.drools.guvnor.Guvnor/oryxeditor?uuid=d09347ed-6998-458a-a2c6-440f08a6d934&usr=admin&pwd=admin]

          2012-10-08 12:28:49,566 ERROR [STDERR] (http-127.0.0.1-8080-7) javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

          2012-10-08 12:28:49,566 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:252)

          2012-10-08 12:28:49,566 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)

          2012-10-08 12:28:49,566 ERROR [STDERR] (http-127.0.0.1-8080-7)           at sun.reflect.GeneratedMethodAccessor306.invoke(Unknown Source)

          2012-10-08 12:28:49,566 ERROR [STDERR] (http-127.0.0.1-8080-7)           at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

          2012-10-08 12:28:49,566 ERROR [STDERR] (http-127.0.0.1-8080-7)           at java.lang.reflect.Method.invoke(Method.java:597)

          2012-10-08 12:28:49,566 ERROR [STDERR] (http-127.0.0.1-8080-7)           at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)

          2012-10-08 12:28:49,567 ERROR [STDERR] (http-127.0.0.1-8080-7)           at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)

          2012-10-08 12:28:49,567 ERROR [STDERR] (http-127.0.0.1-8080-7)           at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)

          2012-10-08 12:28:49,567 ERROR [STDERR] (http-127.0.0.1-8080-7)           at java.security.AccessController.doPrivileged(Native Method)

          2012-10-08 12:28:49,567 ERROR [STDERR] (http-127.0.0.1-8080-7)           at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

          2012-10-08 12:28:49,567 ERROR [STDERR] (http-127.0.0.1-8080-7)           at javax.security.auth.login.LoginContext.login(LoginContext.java:579)

          2012-10-08 12:28:49,567 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.jboss.seam.security.Identity.authenticate(Identity.java:344)

          2012-10-08 12:28:49,567 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.jboss.seam.security.Identity.authenticate(Identity.java:332)

          2012-10-08 12:28:49,567 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.drools.guvnor.server.jaxrs.CXFAuthenticationHandler.handleRequest(CXFAuthenticationHandler.java:56)

          2012-10-08 12:28:49,567 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:185)

          2012-10-08 12:28:49,567 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:88)

          2012-10-08 12:28:49,567 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)

          2012-10-08 12:28:49,567 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:118)

          2012-10-08 12:28:49,567 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:208)

          2012-10-08 12:28:49,568 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:223)

          2012-10-08 12:28:49,568 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:166)

          2012-10-08 12:28:49,568 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:113)

          2012-10-08 12:28:49,568 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:184)

          2012-10-08 12:28:49,568 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:112)

          2012-10-08 12:28:49,568 ERROR [STDERR] (http-127.0.0.1-8080-7)           at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)

          2012-10-08 12:28:49,568 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:163)

          2012-10-08 12:28:49,568 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

          2012-10-08 12:28:49,568 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

          2012-10-08 12:28:49,568 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.jboss.seam.web.ContextFilter$1.process(ContextFilter.java:42)

          2012-10-08 12:28:49,568 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:65)

          2012-10-08 12:28:49,568 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.jboss.seam.web.ContextFilter.doFilter(ContextFilter.java:37)

          2012-10-08 12:28:49,569 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

          2012-10-08 12:28:49,569 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

          2012-10-08 12:28:49,569 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)

          2012-10-08 12:28:49,569 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

          2012-10-08 12:28:49,569 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

          2012-10-08 12:28:49,569 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)

          2012-10-08 12:28:49,569 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

          2012-10-08 12:28:49,569 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183)

          2012-10-08 12:28:49,569 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)

          2012-10-08 12:28:49,569 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)

          2012-10-08 12:28:49,569 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)

          2012-10-08 12:28:49,569 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

          2012-10-08 12:28:49,569 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

          2012-10-08 12:28:49,569 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)

          2012-10-08 12:28:49,569 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

          2012-10-08 12:28:49,570 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74)

          2012-10-08 12:28:49,570 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47)

          2012-10-08 12:28:49,570 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)

          2012-10-08 12:28:49,570 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)

          2012-10-08 12:28:49,570 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599)

          2012-10-08 12:28:49,570 ERROR [STDERR] (http-127.0.0.1-8080-7)           at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451)

          2012-10-08 12:28:49,570 ERROR [STDERR] (http-127.0.0.1-8080-7)           at java.lang.Thread.run(Thread.java:662)

           

          I  you check this line:

           

          2012-10-08 12:28:47,275 ERROR [org.jbpm.designer.web.repository.impl.UUIDBasedJbpmRepository] (http-127.0.0.1-8080-6) Unable to connect to Gunvor. Is it running? [Server returned HTTP response code: 500 for URL: http://localhost:8080/jboss-brms/org.drools.guvnor.Guvnor/oryxeditor?uuid=d09347ed-6998-458a-a2c6-440f08a6d934&usr=admin&pwd=admin]

           

          it seems to me that the different components of the brms installation, are using different security settings; why ?? and how do i fix it ??