4 Replies Latest reply on Apr 30, 2009 5:27 AM by joe.marques

    Bug when logging in using LDAP

    lupson Newbie

      Hi!

      I've successfully installed jopr (jopr-server-2.2.0.Beta1) and have it up and running nicely. Now I'm trying to hook up the user authentication to the company Active Directory server using LDAP. I followed the guidelines in the JBoss ON manual, chapter 1.3.2.

      It works, but if I don't add a user to jopr with the exact same username as the one I have in the AD, the login fails with the stacktraces supplied further down this post.

      The problem is that the SubjectManagerBean queries the RHQ_SUBJECT table. If the username isn't there, the login doesn't fail gracefully (is it supposed to fail?), instead redirecting me to the 500 Server Error page with the stack traces.

      If I add a user using jopr user administration (or manually hacking a new row into the table) it works fine.

      Maybe this belongs in some bug tracker, but it might also help others running into the same issue.

      javax.ejb.EJBException: java.lang.NullPointerException
       org.jboss.ejb3.tx.Ejb3TxPolicy.handleExceptionInOurTx(Ejb3TxPolicy.java:63)
       org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:83)
       org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191)
       org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
       org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62)
       org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77)
       org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:106)
       org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
       org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
       org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:214)
       org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:184)
       org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:81)
       $Proxy259.loadUserConfiguration(Unknown Source)
       org.rhq.enterprise.server.auth.prefs.SubjectPreferencesCache.load(SubjectPreferencesCache.java:40)
       org.rhq.enterprise.server.auth.prefs.SubjectPreferencesCache.getUserProperty(SubjectPreferencesCache.java:47)
       org.rhq.enterprise.server.auth.prefs.SubjectPreferencesBase.getPreference(SubjectPreferencesBase.java:120)
       org.rhq.enterprise.server.auth.prefs.SubjectPreferencesBase.getPreferenceAsList(SubjectPreferencesBase.java:194)
       org.rhq.enterprise.server.auth.prefs.SubjectPreferencesBase.getPreferenceAsList(SubjectPreferencesBase.java:180)
       org.rhq.enterprise.gui.legacy.WebUserPreferences.addLastVisitedURL(WebUserPreferences.java:103)
       org.rhq.enterprise.gui.legacy.WebUserTrackingFilter.doFilter(WebUserTrackingFilter.java:40)
       org.rhq.enterprise.gui.legacy.AuthenticationFilter.doFilter(AuthenticationFilter.java:129)
       org.rhq.helpers.rtfilter.filter.RtFilter.doFilter(RtFilter.java:123)
       org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
      
      
      Caused by: java.lang.NullPointerException
       at org.rhq.enterprise.server.auth.SubjectManagerBean.loadUserConfiguration(SubjectManagerBean.java:92)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112)
       at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166)
       at org.rhq.enterprise.server.common.TransactionInterruptInterceptor.addCheckedActionToTransactionManager(TransactionInterruptInterceptor.java:77)
       at sun.reflect.GeneratedMethodAccessor93.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
       at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.checkRequiredPermissions(RequiredPermissionsInterceptor.java:153)
       at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
       at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
       ... 48 more
      


        • 1. Re: Bug when logging in using LDAP
          Heiko Rupp Master

          It is certainly worth opening a jira at jira.rhq-project.org for this, as it should not NPE in any case.

          The idea behind the LDAP login is that a user can add himself when he is in LDAP and then gets added by the system to RHQ_Subject - we do currently not support users that are only in LDAP, as we have DB-Queries that directly involve the RHQ_Subject users for authorization purposes.

          • 2. Re: Bug when logging in using LDAP
            mazz Master

            We need to check this - we might have broken LDAP integration (??).

            You should be able to login using the LDAP credentials and under the covers we will create a row in RHQ_SUBJECT that represents the user. You should not have to manually create a user aside from the self-service screen that appears when you log in with LDAP credentials the very first time.

            • 3. Re: Bug when logging in using LDAP
              mazz Master

              BTW: 2.2 was released yesterday - you might want to try that. I think I saw this problem in earlier versions and I think it may have been fixed, but I can't say for sure.

              • 4. Re: Bug when logging in using LDAP
                Newbie

                The problem is that all subject/user preferences are now cached in the latest version, but for *new* LDAP accounts the subject/user doesn't exist yet. In this special case, the user is created lazily AFTER the first login. I fixed this yesterday after seeing this post, but you'll have to use HEAD to get the fix.