[jboss-jira] [JBoss JIRA] Resolved: (JBPORTAL-2075) CMS failure in jboss-portal-ha when LDAP is used for authentication

Sohil Shah (JIRA) jira-events at lists.jboss.org
Thu Jul 17 19:52:52 EDT 2008 

     [ https://jira.jboss.org/jira/browse/JBPORTAL-2075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sohil Shah resolved JBPORTAL-2075.
----------------------------------

    Fix Version/s: 2.6.6 Final
       Resolution: Done


Two issue here:

1/ The slave node shows an inaccurate "404 Not Found" message instead of the expected "Access Denied" message being shown just like the master node. This issue is the one that is fixed

2/ The issue with the authenticated session not propagating to the new node during a fail over only in LDAP mode is not reproducible. On my setup the authenticated session properly fails over both in LDAP and DB mode. However, for the security context to propagate to the new node, you need to have the ClusteredSingleSignOn valve activated in the jbossweb-deployer/server.xml

> CMS failure in jboss-portal-ha when LDAP is used for authentication
> -------------------------------------------------------------------
>
>                 Key: JBPORTAL-2075
>                 URL: https://jira.jboss.org/jira/browse/JBPORTAL-2075
>             Project: JBoss Portal
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Portal CMS
>    Affects Versions: 2.6.5 SP1
>         Environment: OpenDS as LDAP server
>            Reporter: Martin Putz
>            Assignee: Sohil Shah
>             Fix For: 2.6.6 Final
>
>
> 1. Used JBoss AS EAP 4.3 with all configuration (profile) and deployed JBoss Portal 2.6.5 HA Bundle on top of it.
> 2. Configured portal to use OpenDS (LDAP) for user, role and membership information.
> 3. Started up both the cluster nodes and logged in to Portal 
> 4. Created a new instance of default CMSWindow and added a security protected CMS resource to it. ( e.g. /default/content/private/license.html) Added this new instance of CMSWindow to the default portal page.
> 5. When I visit the default portal page (on node1) ( home page ), if user is logged in, the protected resource aka the license.html is shown and if the user is not logged in Access denied message is shown instead of the CMSWindow2 content. So far everything is fine and as expected.
> 6. When the default portal page (on node2) is accessed without a user being logged in, a '404 Page Not found' is shown instead of the 'Access denied message' 
> 7. With user being logged in, now shut down the active node that was being accessed over a load balancer. Hit refresh or visit the portal again.
> Result:
>  User is not asked to login again as the session is correctly replicated. However, for the protected CMS resource a "404 Page Not found" is shown.
>  Everything works fine if the User,Role information is coming from database store.
>  It looks like in case of LDAP store the security (aka Role information ) is not available on the replicated cluster node. 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list