[security-dev] Use ServiceProviderAuthenticator in Tomcat directly instead of in Jboss ?

Adam Dong adamdong at vidder.com
Fri Aug 29 18:01:16 EDT 2014


Pedro Igor,

Thank you so much. I will try it out and report the result back to this email group.

Adam Dong

-----Original Message-----
From: Pedro Igor Silva [mailto:psilva at redhat.com] 
Sent: Friday, August 29, 2014 5:37 AM
To: Adam Dong
Cc: security-dev at lists.jboss.org
Subject: Re: [security-dev] Use ServiceProviderAuthenticator in Tomcat directly instead of in Jboss ?

Hi Adam,

  This is the right GAV:

     <dependency>
      <groupId>org.picketlink.distribution</groupId>
      <artifactId>picketlink-tomcat7</artifactId>
      <version>${picketlink.version}</version>
     </dependency>

  The picketlink-tomact7-single can not be used alone. Try to download from here:

     https://repository.jboss.org/nexus/content/groups/public/org/picketlink/distribution/picketlink-tomcat7/2.6.0.Final/picketlink-tomcat7-2.6.0.Final.jar

Regards.
Pedro Igor

----- Original Message -----
From: "Adam Dong" <adamdong at vidder.com>
To: "Pedro Igor Silva" <psilva at redhat.com>
Cc: security-dev at lists.jboss.org
Sent: Wednesday, August 27, 2014 10:18:32 PM
Subject: RE: [security-dev] Use ServiceProviderAuthenticator in Tomcat directly instead of in Jboss ?


OK, I found picketlink-tomcat7-single-2.6.0.Final.jar on picketlink.org site, replaced picketlink-jbas7-2.6.0.Final.jar with it. Now I got 

java.lang.NoClassDefFoundError: org/picketlink/identity/federation/bindings/tomcat/sp/AbstractSPFormAuthenticator

And I checked, indeed AbstractSPFormAuthenticator is not in picketlink-tomcat7-single-2.6.0.Final.jar, but in picketlink-jbas7-2.6.0.Final.jar.

Is picketlink-tomcat7-single-2.6.0.Final.jar missing a few files ? 
Should I grab those missing file from jbas7 jar file and put them into tomcat7 jar file ? 
Would they be compatible ?



To check the compatibility, I found the following. ServiceProviderAuthenticator.class in picketlink-tomcat7-single-2.6.0.Final.jar:
  1667 Sun Jun 22 03:04:00 PDT 2014 org/picketlink/identity/federation/bindings/tomcat/sp/ServiceProviderAuthenticator.class

The same class in picketlink-jbas7-2.6.0.Final.jar:
   978 Sun Jun 22 03:03:56 PDT 2014 org/picketlink/identity/federation/bindings/tomcat/sp/ServiceProviderAuthenticator.class


They are different. Is that correct ? Can I trust the AbstractSPFormAuthenticator.class in jbas7 jar file to work with ServiceProviderAuthenticator.class in tomcat7 jar file ?

Thanks,
Adam Dong


-----Original Message-----
From: Adam Dong
Sent: Wednesday, August 27, 2014 2:29 PM
To: 'Pedro Igor Silva'
Cc: security-dev at lists.jboss.org
Subject: RE: [security-dev] Use ServiceProviderAuthenticator in Tomcat directly instead of in Jboss ?


Pedro,

The following are the jar files I put under <Tomcat_home>/lib (I first put them under my web app's WEB-INF/lib directory but tomcat couldn't find them):

bcprov-jdk15on-151.jar               
jboss-logging-3.1.0.GA.jar           
jboss-security-spi-4.0.18.final.jar  
log4j-1.2.16.jar                     
picketlink-common-2.6.0.Final.jar
picketlink-config-2.6.0.Final.jar
picketlink-federation-2.6.0.Final.jar
picketlink-jbas7-2.6.0.Final.jar

Where do I get that jar file you mentioned ? All the picketlink related jar files I got are from picketlink-installer-2.6.0.Final.zip, and in there the jar file you mentioned is not present.

Thanks,
Adam Dong

-----Original Message-----
From: Pedro Igor Silva [mailto:psilva at redhat.com] 
Sent: Wednesday, August 27, 2014 1:11 PM
To: Adam Dong
Cc: security-dev at lists.jboss.org
Subject: Re: [security-dev] Use ServiceProviderAuthenticator in Tomcat directly instead of in Jboss ?

Which jar are u using ? picketlink-tomcat7-X.jar ?



----- Original Message -----
From: "Adam Dong" <adamdong at vidder.com>
To: security-dev at lists.jboss.org
Sent: Wednesday, August 27, 2014 3:18:51 PM
Subject: [security-dev] Use ServiceProviderAuthenticator in Tomcat directly instead of in Jboss ?



Hi, 



Any previous successful usage of putting ServiceProviderAuthenticator as a Valve in Tomcat, by adding it in a web app’s META-INF/context.xml like below (as opposed to adding it in jboss-web.xml on Jboss) ? 



<Context> 

<Valve className="org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator"/> 

</Context> 





I tried with Tomcat 7 and get some complaints (see below) about ServiceProviderAuthenticator overriding final method start()but the valve seemed being pulled in. 



java.lang.VerifyError: class org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator overrides final method start.()V 

at java.lang.ClassLoader.defineClass1(Native Method) 

at java.lang.ClassLoader.defineClass(ClassLoader.java:800) 

at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) 

at java.net.URLClassLoader.defineClass(URLClassLoader.java:449) 

at java.net.URLClassLoader.access$100(URLClassLoader.java:71) 

at java.net.URLClassLoader$1.run(URLClassLoader.java:361) 

at java.net.URLClassLoader$1.run(URLClassLoader.java:355) 

at java.security.AccessController.doPrivileged(Native Method) 

at java.net.URLClassLoader.findClass(URLClassLoader.java:354) 

at java.lang.ClassLoader.loadClass(ClassLoader.java:425) 

at java.lang.ClassLoader.loadClass(ClassLoader.java:358) 

at org.apache.tomcat.util.digester.ObjectCreateRule.begin(ObjectCreateRule.java:144) 

at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1288) 

at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:509) 

at com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(AbstractXMLDocumentParser.java:182) 

at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:1342) 

at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2770) 

at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:606) 

at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510) 

at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:848) 

at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:777) 

at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141) 

at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213) 

at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:648) 

at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1561) 

at org.apache.catalina.startup.ContextConfig.processContextConfig(ContextConfig.java:637) 

at org.apache.catalina.startup.ContextConfig.contextConfig(ContextConfig.java:599) 

at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:837) 

at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:385) 

at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) 

at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) 

at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) 

at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:110) 

at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139) 

at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901) 

at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877) 

at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632) 

at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1247) 

at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1898) 

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) 

at java.util.concurrent.FutureTask.run(FutureTask.java:262) 

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) 

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 

at java.lang.Thread.run(Thread.java:745) 



I tried with Tomcat 6 and the valve didn’t get pulled in the request path, just as if it were not there. 



Any experience or idea ? 



Thanks, 

Adam Dong 

_______________________________________________
security-dev mailing list
security-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev



More information about the security-dev mailing list