isis-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Haywood <...@haywood-associates.co.uk>
Subject Re: Security module
Date Fri, 06 Nov 2015 08:15:54 GMT
In the stack trace I see:

11:32:24,103  [ShiroAuthenticatorOrAuthorizor qtp1410986873-18 ERROR]
Unable to authenticate
org.apache.shiro.authc.DisabledAccountException
        at org.isisaddons.module.security.shiro.IsisModuleSecurityRealm.
doGetAuthenticationInfo(IsisModuleSecurityRealm.java:82)


which means that the user account DOES exist, but is disabled.

One reason this can occur is if shiro.ini has been configured with a
delegate realm (eg JNDI/LDAP/Active Directory); in which case Isis will
automatically create a corresponding ApplicationUser, but mark it as
disabled by default if that user has never attempted to log onto the Isis
app before.  The idea is that the security administrator can then come
along and grant appropriate roles, then enable.

So set a breakpoint in IsisModuleSecurityRealm#lookupPrincipal and see if
"autoCreate" param is set to true.

HTH
Dan





On 5 November 2015 at 17:44, Cesar Lugo <cesar.lugo@sisorg.com.mx> wrote:

> Dan,
>
> Does the SeedSecurityModuleService init method get called?
>         I think so, I see how users and roles being seeded in the trace. I
> just don't see any reference to it in the trace though.
>
> If so, does the IsisModuleSecurityRealm get called?
>         Yes, I see it being called in the trace.
>
> If so, are there any exceptions in the stack trace?
>         Yes.
> 11:32:24,103  [ShiroAuthenticatorOrAuthorizor qtp1410986873-18 ERROR]
> Unable to authenticate
> org.apache.shiro.authc.DisabledAccountException
>
> Here it is the trace:
>
>
> seed-users-and-roles-fixture-script                         : EXEC
> org.isisaddons.module.security.seed.SeedUsersAndRolesFixtureScript
> seed-users-and-roles-fixture-script/global-tenancy          : EXEC
> org.isisaddons.module.security.seed.scripts.GlobalTenancy
> seed-users-and-roles-fixture-script/global-tenancy/Global   : Global
> seed-users-and-roles-fixture-script/isis-module-security-admin-role-and-permissions
>                : EXEC
> org.isisaddons.module.security.seed.scripts.IsisModuleSecurityAdminRoleAndPermissions
> seed-users-and-roles-fixture-script/isis-module-security-fixture-role-and-permissions
>              : EXEC
> org.isisaddons.module.security.seed.scripts.IsisModuleSecurityFixtureRoleAndPermissions
> seed-users-and-roles-fixture-script/isis-module-security-regular-user-role-and-permissions
>         : EXEC
> org.isisaddons.module.security.seed.scripts.IsisModuleSecurityRegularUserRoleAndPermissions
> seed-users-and-roles-fixture-script/isis-module-security-admin-user
>                          : EXEC
> org.isisaddons.module.security.seed.scripts.IsisModuleSecurityAdminUser
> seed-users-and-roles-fixture-script/isis-applib-fixture-results-role-and-permissions
>               : EXEC
> org.isisaddons.module.security.seed.scripts.IsisApplibFixtureResultsRoleAndPermissions
> 11:32:19,265  [WebApplication       main       INFO ]  [WicketFilter]
> Started Wicket version 6.17.0 in DEVELOPMENT mode
> ********************************************************************
> *** WARNING: Wicket is running in DEVELOPMENT mode.              ***
> ***                               ^^^^^^^^^^^                    ***
> *** Do NOT deploy to your live server(s) without changing this.  ***
> *** See Application#getConfigurationType() for more information. ***
> ********************************************************************
> 11:32:19,289  [ContextHandler       main       INFO ]  Started
> o.e.j.w.WebAppContext@62cd562d
> {/,file:/home/cesar/Development/apps/ps/previserv/webapp/src/main/webapp/,AVAILABLE}{src/main/webapp}
> 11:32:19,304  [ServerConnector      main       INFO ]  Started
> ServerConnector@d28c214{HTTP/1.1}{0.0.0.0:8080}
> 11:32:19,304  [Server               main       INFO ]  Started @12622ms
> 11:32:19,304  [WebServerBootstrapper main       INFO ]  Started the
> application in 11980ms
> 11:32:23,866  [ClassCryptFactory    qtp1410986873-18 INFO ]  using
> encryption/decryption object
> org.apache.wicket.util.crypt.SunJceCrypt@294bd80b
> 11:32:24,103  [ShiroAuthenticatorOrAuthorizor qtp1410986873-18 ERROR]
> Unable to authenticate
> org.apache.shiro.authc.DisabledAccountException
>         at
> org.isisaddons.module.security.shiro.IsisModuleSecurityRealm.doGetAuthenticationInfo(IsisModuleSecurityRealm.java:82)
>         at
> org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568)
>         at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
>         at
> org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
>         at
> org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
>         at
> org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
>         at
> org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270)
>         at
> org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
>         at
> org.apache.isis.security.shiro.ShiroAuthenticatorOrAuthorizor.authenticate(ShiroAuthenticatorOrAuthorizor.java:142)
>         at
> org.apache.isis.core.runtime.authentication.standard.AuthenticationManagerStandard.authenticate(AuthenticationManagerStandard.java:122)
>         at
> org.apache.isis.viewer.wicket.viewer.integration.wicket.AuthenticatedWebSessionForIsis.authenticate(AuthenticatedWebSessionForIsis.java:78)
>         at
> org.apache.wicket.authroles.authentication.AuthenticatedWebSession.signIn(AuthenticatedWebSession.java:65)
>         at
> org.apache.wicket.authroles.authentication.panel.SignInPanel.signIn(SignInPanel.java:218)
>         at
> org.apache.wicket.authroles.authentication.panel.SignInPanel.onConfigure(SignInPanel.java:129)
>         at org.apache.wicket.Component.configure(Component.java:1041)
>         at
> org.apache.wicket.Component.internalBeforeRender(Component.java:926)
>         at org.apache.wicket.Component.beforeRender(Component.java:1003)
>         at
> org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1684)
>         at org.apache.wicket.Component.onBeforeRender(Component.java:3811)
>         at org.apache.wicket.Page.onBeforeRender(Page.java:809)
>         at
> org.apache.wicket.Component.internalBeforeRender(Component.java:935)
>         at org.apache.wicket.Component.beforeRender(Component.java:1003)
>         at
> org.apache.wicket.Component.internalPrepareForRender(Component.java:2179)
>         at org.apache.wicket.Page.internalPrepareForRender(Page.java:240)
>         at org.apache.wicket.Component.render(Component.java:2268)
>         at org.apache.wicket.Page.renderPage(Page.java:1024)
>         at
> org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:129)
>         at
> org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:228)
>         at
> org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)
>         at
> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:862)
>         at
> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
>         at
> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261)
>         at
> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218)
>         at
> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289)
>         at
> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259)
>         at
> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201)
>         at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
>         at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>         at
> org.apache.isis.core.webapp.diagnostics.IsisLogOnExceptionFilter.doFilter(IsisLogOnExceptionFilter.java:52)
>         at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>         at
> org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
>         at
> org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
>         at
> org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
>         at
> org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
>         at
> org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
>         at
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
>         at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
>         at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
>         at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
>         at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
>         at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
>         at
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
>         at
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
>         at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
>         at
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
>         at
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
>         at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
>         at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
>         at org.eclipse.jetty.server.Server.handle(Server.java:499)
>         at
> org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
>         at
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
>         at
> org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
>         at
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
>         at
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
>         at java.lang.Thread.run(Thread.java:745)
> 11:32:24,331  [PropertiesFactory    qtp1410986873-18 INFO ]  Loading
> properties files from
> jar:file:/home/cesar/.m2/repository/org/apache/wicket/wicket-core/6.17.0/wicket-core-6.17.0.jar!/org/apache/wicket/Application.properties
> with loader
> org.apache.wicket.resource.IsoPropertiesFilePropertiesLoader@2a3ffb40
> 11:32:24,345  [PropertiesFactory    qtp1410986873-18 INFO ]  Loading
> properties files from
> jar:file:/home/cesar/.m2/repository/org/apache/isis/viewer/isis-viewer-wicket-ui/1.9.0/isis-viewer-wicket-ui-1.9.0.jar!/org/apache/isis/viewer/wicket/ui/pages/login/WicketSignInPage.properties
> with loader
> org.apache.wicket.resource.IsoPropertiesFilePropertiesLoader@2a3ffb40
> 11:32:24,353  [PropertiesFactory    qtp1410986873-18 INFO ]  Loading
> properties files from
> jar:file:/home/cesar/.m2/repository/org/apache/isis/viewer/isis-viewer-wicket-ui/1.9.0/isis-viewer-wicket-ui-1.9.0.jar!/org/apache/isis/viewer/wicket/ui/pages/accmngt/AccountManagementPageAbstract.properties
> with loader
> org.apache.wicket.resource.IsoPropertiesFilePropertiesLoader@2a3ffb40
> 11:32:24,700  [PropertiesFactory    qtp1410986873-18 INFO ]  Loading
> properties files from
> jar:file:/home/cesar/.m2/repository/org/apache/wicket/wicket-extensions/6.17.0/wicket-extensions-6.17.0.jar!/org/apache/wicket/extensions/Initializer.properties
> with loader
> org.apache.wicket.resource.IsoPropertiesFilePropertiesLoader@2a3ffb40
>
> -----Original Message-----
> From: Dan Haywood [mailto:dan@haywood-associates.co.uk]
> Sent: Thursday, November 5, 2015 10:31 AM
> To: users
> Subject: Re: Security module
>
> Does the SeedSecurityModuleService init method get called?
>
> If so, does the IsisModukeSecurityRealm get called?
>
> If so, are there any exceptions in the stack trace?
> On 5 Nov 2015 16:20, "Cesar Lugo" <cesar.lugo@sisorg.com.mx> wrote:
>
> > Hello, I am working with the security module add on (everything
> > 1.9.0), and I am using isisModuleSecurityRealm using in shiro.ini. I
> > tried to access with isis-module-security-admin using pass as the
> > password, but does not let me in. If I change back to ini.Realm then I
> > can access with Sven / pass .
> >
> >
> >
> > I have this in shiro.ini
> >
> >
> >
> > # to use .ini file
> >
> > # securityManager.realms = $iniRealm
> >
> >
> >
> >
> >
> > #to enable isis security module add-on instead
> >
> >
> > isisModuleSecurityRealm=org.isisaddons.module.security.shiro.IsisModul
> > eSecur
> > ityRealm
> >
> >
> >
> >
> > authenticationStrategy=org.isisaddons.module.security.shiro.Authentica
> > tionSt
> > rategyForIsisModuleSecurityRealm
> >
> > securityManager.authenticator.authenticationStrategy =
> > $authenticationStrategy
> >
> >
> >
> > securityManager.realms = $isisModuleSecurityRealm
> >
> >
> >
> >
> >
> > I tried to access with isis-module-security-admin using pass as the
> > password, but does not let me in. If I change back to ini.Realm then I
> > can access with Sven / pass .
> >
> >
> >
> > Cesar.
> >
> >
> >
> > ---
> > This email has been checked for viruses by Avast antivirus software.
> > https://www.avast.com/antivirus
> >
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message