[seam-issues] [JBoss JIRA] Commented: (SEAMSECURITY-25) Cannot login into idmconsole application

Richard Barabe (JIRA) jira-events at lists.jboss.org
Wed Feb 2 16:41:39 EST 2011 

    [ https://issues.jboss.org/browse/SEAMSECURITY-25?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12579679#comment-12579679 ] 

Richard Barabe commented on SEAMSECURITY-25:
--------------------------------------------

In short there were 2 problems.
First, org.jboss.seam.security.IdentityImpl#lookupAuthenticator wasn't doing what was stated in the javadoc : 
{quote}
1. If the user has specified an authenticatorName property, use it to
locate and return the Authenticator with that name
2. If the authenticatorName hasn't been specified, and the user has provided
their own custom Authenticator, return that one
3. If the user hasn't provided a custom Authenticator, return IdmAuthenticator
and attempt to use the identity management API to authenticate
{quote}
Only statement #1 was represented in code.

Second, org.jboss.seam.security.management.IdmAuthenticator#authenticate was always setting status to AuthenticationStatus.FAILURE, even in case of success.  Also, that method didn't call BaseAuthenticator.setUser(User) when authentication succeeded.  That cause IdentityImpl#isLoggedIn() to always return false.

After these corrections, I could log into idmconsole with user "demo", password "demo".  Login/logout and password change worked as expected, but I was not able to delete or edit users.  Note that groups and role types creation/deletion seemed to work properly.

> Cannot login into idmconsole application
> ----------------------------------------
>
>                 Key: SEAMSECURITY-25
>                 URL: https://issues.jboss.org/browse/SEAMSECURITY-25
>             Project: Seam Security
>          Issue Type: Bug
>    Affects Versions: 3.0.0.Beta1
>            Reporter: Martin Gencur
>         Attachments: fix_SEAMSECURITY-25.patch
>
>
> The application gets successfully deployed. When I try to log in with demo/demo credentials, the JBossAS console throws the following exception:
> 16:14:46,907 INFO  [org.hibernate.validator.engine.resolver.DefaultTraversableResolver] Instantiated an instance of org.hibernate.validator.engine.resolver.JPATraversableResolver.
> 16:14:46,923 ERROR [org.jboss.seam.security.IdentityImpl] Login failed: org.jboss.seam.security.AuthenticationException: An Authenticator could be located
> 	at org.jboss.seam.security.IdentityImpl.authenticate(IdentityImpl.java:287) [:3.0.0.Beta1]
> 	at org.jboss.seam.security.IdentityImpl.login(IdentityImpl.java:217) [:3.0.0.Beta1]
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_21]
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_21]
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_21]
> 	at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_21]
> 	at org.apache.el.parser.AstValue.invoke(AstValue.java:196) [:6.0.0.Final]
> 	at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276) [:6.0.0.Final]
> 	at org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43) [:6.0.0.Final]
> 	at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:56) [:6.0.0.Final]
> 	at org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43) [:6.0.0.Final]
> 	at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:56) [:6.0.0.Final]
> 	at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:102) [:2.0.3-]
> 	at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:84) [:2.0.3-]
> 	at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:98) [:2.0.3-]
> 	at javax.faces.component.UICommand.broadcast(UICommand.java:311) [:2.0.3-]
> 	at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:781) [:2.0.3-]
> 	at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1246) [:2.0.3-]
> 	at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:77) [:2.0.3-]
> 	at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:97) [:2.0.3-]
> 	at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:114) [:2.0.3-]
> 	at javax.faces.webapp.FacesServlet.service(FacesServlet.java:308) [:2.0.3-]
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:324) [:6.0.0.Final]
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.0.0.Final]
> 	at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:67) [:6.0.0.Final]
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274) [:6.0.0.Final]
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:6.0.0.Final]
> 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [:6.0.0.Final]
> 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [:6.0.0.Final]
> 	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:181) [:6.0.0.Final]
> 	at org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.event(CatalinaContext.java:285) [:1.1.0.Final]
> 	at org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.invoke(CatalinaContext.java:261) [:1.1.0.Final]
> 	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.0.0.Final]
> 	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.0.0.Final]
> 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [:6.0.0.Final]
> 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [:6.0.0.Final]
> 	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [:6.0.0.Final]
> 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [:6.0.0.Final]
> 	at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53) [:6.0.0.Final]
> 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [:6.0.0.Final]
> 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [:6.0.0.Final]
> 	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [:6.0.0.Final]
> 	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [:6.0.0.Final]
> 	at java.lang.Thread.run(Thread.java:619) [:1.6.0_21]

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list