[
https://issues.jboss.org/browse/SEAMSECURITY-25?page=com.atlassian.jira.p...
]
Richard Barabe commented on SEAMSECURITY-25:
--------------------------------------------
In short there were 2 problems.
First, org.jboss.seam.security.IdentityImpl#lookupAuthenticator wasn't doing what was
stated in the javadoc :
{quote}
1. If the user has specified an authenticatorName property, use it to
locate and return the Authenticator with that name
2. If the authenticatorName hasn't been specified, and the user has provided
their own custom Authenticator, return that one
3. If the user hasn't provided a custom Authenticator, return IdmAuthenticator
and attempt to use the identity management API to authenticate
{quote}
Only statement #1 was represented in code.
Second, org.jboss.seam.security.management.IdmAuthenticator#authenticate was always
setting status to AuthenticationStatus.FAILURE, even in case of success. Also, that
method didn't call BaseAuthenticator.setUser(User) when authentication succeeded.
That cause IdentityImpl#isLoggedIn() to always return false.
After these corrections, I could log into idmconsole with user "demo", password
"demo". Login/logout and password change worked as expected, but I was not able
to delete or edit users. Note that groups and role types creation/deletion seemed to work
properly.
Cannot login into idmconsole application
----------------------------------------
Key: SEAMSECURITY-25
URL:
https://issues.jboss.org/browse/SEAMSECURITY-25
Project: Seam Security
Issue Type: Bug
Affects Versions: 3.0.0.Beta1
Reporter: Martin Gencur
Attachments: fix_SEAMSECURITY-25.patch
The application gets successfully deployed. When I try to log in with demo/demo
credentials, the JBossAS console throws the following exception:
16:14:46,907 INFO [org.hibernate.validator.engine.resolver.DefaultTraversableResolver]
Instantiated an instance of
org.hibernate.validator.engine.resolver.JPATraversableResolver.
16:14:46,923 ERROR [org.jboss.seam.security.IdentityImpl] Login failed:
org.jboss.seam.security.AuthenticationException: An Authenticator could be located
at org.jboss.seam.security.IdentityImpl.authenticate(IdentityImpl.java:287)
[:3.0.0.Beta1]
at org.jboss.seam.security.IdentityImpl.login(IdentityImpl.java:217) [:3.0.0.Beta1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_21]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[:1.6.0_21]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[:1.6.0_21]
at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_21]
at org.apache.el.parser.AstValue.invoke(AstValue.java:196) [:6.0.0.Final]
at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
[:6.0.0.Final]
at
org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43)
[:6.0.0.Final]
at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:56)
[:6.0.0.Final]
at
org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43)
[:6.0.0.Final]
at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:56)
[:6.0.0.Final]
at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:102)
[:2.0.3-]
at
javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:84)
[:2.0.3-]
at
com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:98)
[:2.0.3-]
at javax.faces.component.UICommand.broadcast(UICommand.java:311) [:2.0.3-]
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:781) [:2.0.3-]
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1246) [:2.0.3-]
at
com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:77)
[:2.0.3-]
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:97) [:2.0.3-]
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:114) [:2.0.3-]
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:308) [:2.0.3-]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:324)
[:6.0.0.Final]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242)
[:6.0.0.Final]
at
org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:67)
[:6.0.0.Final]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274)
[:6.0.0.Final]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242)
[:6.0.0.Final]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
[:6.0.0.Final]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
[:6.0.0.Final]
at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:181)
[:6.0.0.Final]
at
org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.event(CatalinaContext.java:285)
[:1.1.0.Final]
at
org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.invoke(CatalinaContext.java:261)
[:1.1.0.Final]
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88)
[:6.0.0.Final]
at
org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100)
[:6.0.0.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
[:6.0.0.Final]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
[:6.0.0.Final]
at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
[:6.0.0.Final]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
[:6.0.0.Final]
at
org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53)
[:6.0.0.Final]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362)
[:6.0.0.Final]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
[:6.0.0.Final]
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654)
[:6.0.0.Final]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951)
[:6.0.0.Final]
at java.lang.Thread.run(Thread.java:619) [:1.6.0_21]
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira