Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Chaining Alfresco and LDAP

ajmillar
Champ in-the-making
Champ in-the-making

‎05-15-2008 06:56 AM

Dear all, I'm trying to get chaining working with Alfresco 2.9B and I'm struggling.

When I started out I was able to log in with admin/admin. I then set the LDAP config going and was able to login using my ldap username/password but not with the local admin/admin. I then tried to work with the chaining-authentication-context.xml.sample by renaming it and swapping from JAAS to LDAP values as below (located in tomcat/shared/classes/alfresco/extension)


<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>

    <!– Chaining –>
    <bean id="authenticationServiceImpl" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
        <property name="authenticationServices">
            <list>
                <ref bean="authenticationServiceImplLDAP"/>
            </list>
        </property>
        <property name="mutableAuthenticationService">
            <ref bean="authenticationServiceImplAlfresco"/>
        </property>
    </bean>

    
    <!– Alfresco Auth –>
    <bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoAlfresco"/>
        </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponentImplAlfresco"/>
        </property>
    </bean>

    <bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
        <property name="nodeService">
            <ref bean="nodeService"/>
        </property>
        <property name="dictionaryService">
            <ref bean="dictionaryService"/>
        </property>
        <property name="namespaceService">
            <ref bean="namespaceService"/>
        </property>
        <property name="searchService">
            <ref bean="searchService"/>
        </property>
        <property name="userNamesAreCaseSensitive">
            <value>${user.name.caseSensitive}</value>
        </property>
        <property name="passwordEncoder">
            <ref bean="passwordEncoder"/>
        </property>
    </bean>

    <bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoAlfresco"/>
        </property>
        <property name="authenticationManager">
            <ref bean="authenticationManager"/>
        </property>
        <property name="allowGuestLogin">
            <value>false</value>
        </property>
    </bean>

   <!– LDAP Auth –>
    <bean id="authenticationServiceImplLDAP" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoLDAP" />
        </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent" />
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponentImplLDAP" />
        </property>
    </bean>

    <bean id="authenticationComponentImplLDAP" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="userNameFormat">
            <value>cn=%s,ou=edir,ou=people,ou=lifesci,o=dundee</value>
        </property>
    </bean>

    <bean id="authenticationDaoLDAP" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao"/>

</beans>

I've checked the alfresco.log file and this is all I have


11:53:56,830 ERROR [org.alfresco.repo.content.transform.magick.AbstractImageMagickContentTransformer] ImageMagickContentTransformer not available: Failed to perform ImageMagick transformation: 
Execution result: 
   os:         Linux
   command:    convert /opt/alfresco/tomcat/temp/Alfresco/ImageMagickContentTransformer_init_source_13831.gif  /opt/alfresco/tomcat/temp/Alfresco/ImageMagickContentTransformer_init_target_13832.png
   succeeded:  false
   exit code:  1
   out:        
   err:        Cannot run program "convert": java.io.IOException: error=2, No such file or directory
11:54:00,256 WARN  [org.springframework.remoting.rmi.RmiRegistryFactoryBean] Could not detect RMI registry - creating new one
11:54:06,368 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.Oracle9Dialect.
11:54:35,882 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
11:54:42,429 INFO  [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: /opt/alfresco-docs
11:54:42,474 INFO  [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …
11:54:42,869 INFO  [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).
11:54:43,015 ERROR [org.alfresco.smb.protocol.auth] No valid CIFS authentication combination available
11:54:43,015 ERROR [org.alfresco.smb.protocol.auth] Either enable Kerberos support or use an authentication component that supports MD4 hashed passwords
11:54:43,016 ERROR [org.alfresco.smb.protocol] CIFS server configuration error, Invalid CIFS authenticator configuration
org.alfresco.error.AlfrescoRuntimeException: Invalid CIFS authenticator configuration
   at org.alfresco.filesys.server.auth.EnterpriseCifsAuthenticator.initialize(EnterpriseCifsAuthenticator.java:378)
   at org.alfresco.filesys.server.config.ServerConfiguration.setAuthenticator(ServerConfiguration.java:3503)
   at org.alfresco.filesys.server.config.ServerConfiguration.processSecurityConfig(ServerConfiguration.java:2453)
   at org.alfresco.filesys.server.config.ServerConfiguration.init(ServerConfiguration.java:689)
   at org.alfresco.filesys.server.config.ServerConfiguration.onBootstrap(ServerConfiguration.java:4200)
   at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)
   at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
   at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:241)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:349)
   at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.refresh(AbstractRefreshableWebApplicationContext.java:156)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:184)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
   at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
   at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
   at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
   at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
   at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
   at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
   at org.apache.catalina.core.StandardService.start(StandardService.java:448)
   at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
11:54:43,211 WARN  [org.alfresco.util.OpenOfficeConnectionTester] A connection to OpenOffice could not be established.
11:54:43,216 INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_06-b02; maximum heap size 493.063MB
11:54:43,216 WARN  [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - WARNING - maximum heap size 493.063MB is less than recommended 512MB
11:54:43,217 INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community Network): Current version 2.9.0 (B 683) schema 116 - Installed version 2.9.0 (B 683) schema 116

I've tried changing the alfrescoServiceImpl to alfrescoService, but it just generates even more errors.

Any help would be very much appreciated.
Labels:
0 Kudos
3 REPLIES 3

andy
Champ on-the-rise
Champ on-the-rise

‎07-28-2008 05:42 AM

Hi

Do you still have this issue?

Andy
0 Kudos

ajmillar
Champ in-the-making
Champ in-the-making

‎07-28-2008 06:12 AM

Hi Andy,

I had to revert back to the 2.1 edition and it worked almost straight away. The documentation is not the clearest for getting this kind of thing working. Discovered that I had to comment out the following bean in the ldap-authentication-context.xml file before it would work. Got this fix from someone else on the forums. Think I posted it in a seperate thread.

<!–
<bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
<property name="allowDeleteUser">
<value>true</value>
</property>
</bean> –>

It really would be a huge benefit if you could find someway to provide a GUI for configuring Alfresco rather than having to edit all these individual XML files. It really opens up a wide scope for errors being introduced into the config of the system that could otherwise be avoided.

Hoping that when 3.0 is released at the end of this week that we'll be able to upgrade our system. We are piloting it with a few groups, but would love to upgrade to the latest version before we roll it out to the whole company.

A
0 Kudos

mykelalvis
Champ in-the-making
Champ in-the-making

‎08-01-2008 01:51 PM

I have a similar problem with chaining Alfresco Community 2.9B internal authentication and LDAP.

I have followed the rather sparse documentation and the extensive posts and come up with the following configs.  Note that these are the only changes (except for ldap-authentication.properties changes)  I've done to a base install of community 2.9B with tomcat.

chaining-authentication-context.xml

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
    <!– Chaining of both the services and components –>
    <bean id="authenticationService" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
        <property name="authenticationServices">
            <list>
                <ref bean="authenticationServiceImplLDAP"/>
            </list>
        </property>
<!–
        <property name="mutableAuthenticationService">
            <ref bean="authenticationServiceImplAlfresco"/>
        </property>
–>
    </bean>
    
    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ChainingAuthenticationComponentImpl">
      <property name="authenticationComponents">
            <list>
      <!–
                <ref bean="authenticationComponentImplJAAS"/>
      –>
                <ref bean="authenticationComponentImplLDAP"/>
            </list>
        </property>
        <property name="mutableAuthenticationComponent">
            <ref bean="authenticationComponentImplAlfresco"/>
        </property>
   </bean>
    
    <!– Alfresco Auth –>
    
    <bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoAlfresco"/>
        </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponentImplAlfresco"/>
        </property>
    </bean>
    
    <bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
        <property name="nodeService">
            <ref bean="nodeService"/>
        </property>
        <property name="dictionaryService">
            <ref bean="dictionaryService"/>
        </property>
        <property name="namespaceService">
            <ref bean="namespaceService"/>
        </property>
        <property name="searchService">
            <ref bean="admSearchService"/>
        </property>
        <property name="userNamesAreCaseSensitive">
            <value>${user.name.caseSensitive}</value>
        </property>
        <property name="passwordEncoder">
            <ref bean="passwordEncoder"/>
        </property>
    </bean>
    
    <bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoAlfresco"/>
        </property>
        <property name="authenticationManager">
            <ref bean="authenticationManager"/>
        </property>
        <property name="allowGuestLogin">
            <value>false</value>
        </property>
    </bean>
    
    <!– LDAP –>
    
    <bean id="authenticationServiceImplLDAP" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoLDAP"/>
        </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponentImplLDAP"/>
        </property>
    </bean>
   <bean id="authenticationDaoLDAP" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao"/>
</beans>

and

ldap-authentication-context.xml 

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
    
   <!– The main configuration has moved into a properties file –>
    
    <bean name="ldapAuthenticationPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="ignoreUnresolvablePlaceholders">
            <value>true</value>
        </property>  
        <property name="locations">
            <value>classpath:alfresco/extension/ldap-authentication.properties</value>
        </property>
    </bean>
    
    <!– DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. –>
    
<!–
    <bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
        <property name="allowDeleteUser">
            <value>true</value>
        </property>
    </bean>    
–>
   

    <!– LDAP authentication configuration –>
    
    <!– 
    
    You can also use JAAS authentication for Kerberos against Active Directory or NTLM if you also require single sign on from the
    web browser. You do not have to use LDAP authentication to synchronise groups and users from an LDAP store if it supports other
    authentication routes, like Active Directory.
    
    –>
    
    <!–
    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
    –>
    <bean id="authenticationComponentImplLDAP" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="userNameFormat">
            <!–
            
            This maps between what the user types in and what is passed through to the underlying LDAP authentication.
            
            "%s" - the user id is passed through without modification.
            Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple".
            
            "cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authenticate as "cn=Joe Bloggs,ou=London,dc=company,dc=com" 
            Usually for simple authentication. Simple authentication always uses the DN for the user.
            
            –>
            <value>${ldap.authentication.userNameFormat}</value>
        </property>
    </bean>
    
    <!–
    
    This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups
    to pull them out of the LDAP reopsitory
    
    –>
    
    <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
        <property name="initialDirContextEnvironment">
            <map>
                <!– The LDAP provider –>
                <entry key="java.naming.factory.initial">
                    <value>${ldap.authentication.java.naming.factory.initial}</value>
                </entry>
                
                <!– The url to the LDAP server –>
                <!– Note you can use space separated urls - they will be tried in turn until one works –>
                <!– This could be used to authenticate against one or more ldap servers (you will not know which one ….) –>
                <entry key="java.naming.provider.url">
                    <value>${ldap.authentication.java.naming.provider.url}</value>
                </entry>
                
                <!– The authentication mechanism to use      –>
                <!– Some sasl authentication mechanisms may require a realm to be set –>
                <!–                java.naming.security.sasl.realm –>
                <!– The available options will depend on your LDAP provider –>
                <entry key="java.naming.security.authentication">
                    <value>${ldap.authentication.java.naming.security.authentication}</value>
                </entry>
                
                <!– The id of a user who can read group and user information –>
                <!– This does not go through the pattern substitution defined above and is used "as is" –>
                <entry key="java.naming.security.principal">
                    <value>${ldap.authentication.java.naming.security.principal}</value>
                </entry>
                
                <!– The password for the user defined above –>
                <entry key="java.naming.security.credentials">
                    <value>${ldap.authentication.java.naming.security.credentials}</value>
                </entry>
            </map>
        </property>
    </bean>
    
</beans>

With an appropriate ldap-authentication.properties, I can log in using my LDAP (ActiveDirectory) credentials.

However, note that the mutableAuthenticationService is commented out at the top of the chaining file.  If this service is not commented out, several issues appear:
    Chained auth is enabled (with Alfresco as the mutable auth service)

  • Attempting to login as admin/admin gives:


    • javax.faces.FacesException: Error calling action method of component with id loginForm:submit
    caused by:
    javax.faces.el.EvaluationException: Exception while invoking expression #{LoginBean.login}
    caused by:
    java.lang.NullPointerException

    Show Details
    javax.faces.FacesException: Error calling action method of component with id loginForm:submit
    at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:72)
    at javax.faces.component.UICommand.broadcast(UICommand.java:109)
    at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97)
    at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171)
    at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)
    at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)
    at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)
    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at org.alfresco.web.app.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:94)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
    at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
    at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
    at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
    at java.lang.Thread.run(Thread.java:595)
    Caused by: javax.faces.el.EvaluationException: Exception while invoking expression #{LoginBean.login}
    at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:156)
    at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:61)
    … 24 more
    Caused by: java.lang.NullPointerException
    at org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.getUserOrNull(RepositoryAuthenticationDao.java:158)
    at org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.loadUserByUsername(RepositoryAuthenticationDao.java:119)
    at org.alfresco.repo.security.authentication.AuthenticationComponentImpl.getUserDetails(AuthenticationComponentImpl.java:98)
    at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUser(AbstractAuthenticationComponent.java:121)
    at org.alfresco.repo.security.authentication.AuthenticationComponentImpl.authenticateImpl(AuthenticationComponentImpl.java:75)
    at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.authenticate(AbstractAuthenticationComponent.java:74)
    at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:114)
    at org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl.authenticate(ChainingAuthenticationServiceImpl.java:164)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:585)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
    at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
    at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:49)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
    at org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:241)
    at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:69)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
    at $Proxy20.authenticate(Unknown Source)
    at org.alfresco.web.bean.LoginBean.login(LoginBean.java:247)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:585)
    at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:132)
    … 25 more
    Return to application
    Logout
    on the web browser and an identical stack trace in the log.


  • Hit the "Back" button to get back to the login page and try an LDAP user.
    • The LDAP user logs in fine, but when I click logout I get the following


    java.lang.NullPointerException

    Show Details
    java.lang.NullPointerException
    at org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.getUserOrNull(RepositoryAuthenticationDao.java:158)
    at org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.loadUserByUsername(RepositoryAuthenticationDao.java:119)
    at org.alfresco.repo.security.authentication.AuthenticationComponentImpl.getUserDetails(AuthenticationComponentImpl.java:98)
    at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUser(AbstractAuthenticationComponent.java:121)
    at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.validate(AuthenticationServiceImpl.java:150)
    at org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl.validate(ChainingAuthenticationServiceImpl.java:277)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:585)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
    at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
    at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:49)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
    at org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:241)
    at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:69)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
    at $Proxy20.validate(Unknown Source)
    at org.alfresco.web.app.servlet.AuthenticationHelper.authenticate(AuthenticationHelper.java:229)
    at org.alfresco.web.app.servlet.AuthenticationHelper.authenticate(AuthenticationHelper.java:109)
    at org.alfresco.web.app.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:75)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
    at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
    at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
    at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
    at java.lang.Thread.run(Thread.java:595)
    Return to application
    Logout

  • Close the browser and log in as an LDAP user.  This succeeds but a logout produces precisely the same effect as the previous example (i.e. it fails as consistently as I would expect)

    • In either of the previous instances, the session is completely hosed.  Nothing I have been able to do short of closing the browser and trying again has allowed me to reach the login screen.

  • Here's where it gets weird:

    • If I start a new browser session and login as an LDAP user, I can right-click on the logout button (using Firefox) and tell Firefox to "open in new tab".  At that point, my current session is dead, so any attempt to click anything in the initial tab results in the familiar 

    java.lang.NullPointerException

    Hide Details

    java.lang.NullPointerException
    at org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.getUserOrNull(RepositoryAuthenticationDao.java:158)
    at org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.loadUserByUsername(RepositoryAuthenticationDao.java:11
    {blahblahblah}

  • The interesting thing here is that the new tab has a perfectly valid login session.  I can re-login with any LDAP user I choose.  As long as I log out by right-clicking on the logout link and opening a new tab, I can switch users successfully (well, sort of successfully).
However, under no circumstances do I seem to be able to log in as Admin, because the Alfresco internal auth component seems broken and/or misconfigured for chaining.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC