Hyland Connect

stk137 · ‎06-26-2007

How is JAAS supposed to be configured for a plain old JAAS login module (not Kerberos)?

I can't get it to work with my JAAS login module. For simplicity's sake, I am also trying to get it working with the Sample login module from Sun's, but also with no success. These modules are installed and configured in my JRE and I have successfully tested them with a simple console app.

I am starting with the sample jaas-authentication-context.xml
I edit the first bean to use my config name.

    <bean id="authenticationComponentImpl"            class="org.alfresco.repo.security.authentication.jaas.JAASAuthenticationComponent">
        <property name="realm">
            <value>DEFAULT.REALM</value>
        </property>
        <property name="jaasConfigEntryName">
            <value>Sample</value>
        </property>
    </bean>‍‍‍‍‍‍‍‍

If I don't comment out the second bean I get an error, but I am guessing from seeing "ntlm" in the class name that I shouldn't use that second bean.

With both the Sample login module and my login module, Alfresco just says "Unable to login - unknown username/password." Before I tried the Sample login module, I thought it was swallowing errors (and stdout), as nothing is logged, and the error message aren't mine. Now I am not even sure if it's trying JAAS at all.

So how do you get Alfresco to use a JAAS login module?

stk137 · ‎06-27-2007

just to add some info
if I do use the second bean in the sample I get

org.springframework.beans.factory.BeanIsNotAFactoryException: Bean named 'authenticationDao' must be of type [org.springframework.beans.factory.FactoryBean], but was actually of type [org.alfresco.repo.security.authentication.RepositoryAuthenticationDao]

Is the any example for settting up JAAS that works?

andy · ‎06-29-2007

Hi

Which repo version are you using?

For 2.0 and after the bean to override is authenticationComponent and not authenticationComponentImpl.

Make sure your app server is picking up the security configuration via the java command line or the java installation and that it is using the jre you expect.

If you take the standard install you can get at all the JRE info to check it from the admin console.

You should only have one authenticationComponent bean.

Hope this helps

Andy

peltuinum · ‎07-02-2007

did you solve your problem?

I'm getting the same error:

2007-07-02 11:12:37,430 ERROR [org.springframework.web.context.ContextLoader] Context initialization failed
org.springframework.beans.factory.BeanIsNotAFactoryException: Bean named 'authenticationDao' must be of type [org.springframework.beans.factory.FactoryBean], but was actually of type [org.alfresco.repo.security.authentication.RepositoryAuthenticationDao]

I installed v. 2.0 under JBoss, and this is my jaas-authentication-context.xml :

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
    <!– The authentication component.                                      –>

    <!– Jass authentication - most of the config goes somewhere else       –>

    <bean id="authenticationComponent"
                 class="org.alfresco.repo.security.authentication.jaas.JAASAuthenticationComponent">
        <property name="realm">
            <value>INSIEL.IT</value>
        </property>
        <property name="jaasConfigEntryName">
            <value>Alfresco</value>
        </property>
    </bean>

                <bean id="alfDaoImpl" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
                        <property name="proxyInterfaces">
                                        <value>
                                                org.alfresco.repo.security.authentication.MutableAuthenticationDao
                                        </value>
                        </property>
                        <property name="transactionManager">
                                        <ref bean="transactionManager" />
                        </property>
                        <property name="target">
                                        <bean class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
                        </property>
                        <property name="transactionAttributes">
                                <props>
                                        <prop key="*">${server.transaction.mode.default}</prop>
                                </props>
                        </property>
                </bean>

</beans>

stk137 · ‎07-02-2007

Hi
Which repo version are you using?

For 2.0 and after the bean to override is authenticationComponent and not authenticationComponentImpl.

…
Andy

This error was with 2.0.
I got it working with a 2.1 nightly. Now that I see your reply, I can try 2.0 again. The sample that comes with 2.0 has the wrong bean.

thanks

Steve

stk137 · ‎07-02-2007

did you solve your problem?

I'm getting the same error:

2007-07-02 11:12:37,430 ERROR [org.springframework.web.context.ContextLoader] Context initialization failed
org.springframework.beans.factory.BeanIsNotAFactoryException: Bean named 'authenticationDao' must be of type [org.springframework.beans.factory.FactoryBean], but was actually of type [org.alfresco.repo.security.authentication.RepositoryAuthenticationDao]

I installed v. 2.0 under JBoss, and this is my jaas-authentication-context.xml :

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
    <!– The authentication component.                                      –>

    <!– Jass authentication - most of the config goes somewhere else       –>

    <bean id="authenticationComponent"
                 class="org.alfresco.repo.security.authentication.jaas.JAASAuthenticationComponent">
        <property name="realm">
            <value>INSIEL.IT</value>
        </property>
        <property name="jaasConfigEntryName">
            <value>Alfresco</value>
        </property>
    </bean>

                <bean id="alfDaoImpl" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
                        <property name="proxyInterfaces">
                                        <value>
                                                org.alfresco.repo.security.authentication.MutableAuthenticationDao
                                        </value>
                        </property>
                        <property name="transactionManager">
                                        <ref bean="transactionManager" />
                        </property>
                        <property name="target">
                                        <bean class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />
                        </property>
                        <property name="transactionAttributes">
                                <props>
                                        <prop key="*">${server.transaction.mode.default}</prop>
                                </props>
                        </property>
                </bean>

</beans>

I got it working with a 2.1 nightly build starting with the sample that comes with it.
I haven't gone back and tried 2.0 again, but now that I see you are using authenticationComponent and not authenticationComponentImpl and still getting an error, I may not bother.

andy · ‎07-03-2007

Hi

The config example is wrong.
See http://issues.alfresco.com/browse/AR-1564


<bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
        <property name="allowDeleteUser">
            <value>true</value>
        </property>
    </bean>    
‍‍‍‍‍‍‍

Should sort this out.

Andy

peltuinum · ‎07-06-2007

I installed 2.1 Community Ed. and the error disappeared.
Many thanks

coffman · ‎09-03-2007

Hello

Hi

The config example is wrong.
See http://issues.alfresco.com/browse/AR-1564


<bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
        <property name="allowDeleteUser">
            <value>true</value>
        </property>
    </bean>    
‍‍‍‍‍‍‍

Should sort this out.

Andy

I have the same error, i am using the community 2.0, but i have a question:
What must we do with this code to fix on version 2.0 ??
I try to add the code to jaas-authentication-context.xml without success.
If i comment out the lines with alfDaoImpl, the error dissapear, but when i try to acces alfresco from CIFS or web I can display this one:

15:00:11,732 ERROR [alfresco.smb.protocol] Closing session due to exception
org.alfresco.error.AlfrescoRuntimeException: Not implemented
        at org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao.getMD4HashedPassword(DefaultMutableAuthenticationDao.java:394)
        at org.alfresco.repo.security.authentication.AuthenticationComponentImpl.getMD4HashedPassword(AuthenticationComponentImpl.java:107)
        at org.alfresco.filesys.server.auth.EnterpriseCifsAuthenticator.doNTLMv1Logon(EnterpriseCifsAuthenticator.java:1267)
        at org.alfresco.filesys.server.auth.EnterpriseCifsAuthenticator.doNtlmsspSessionSetup(EnterpriseCifsAuthenticator.java:942)
        at org.alfresco.filesys.server.auth.EnterpriseCifsAuthenticator.processSessionSetup(EnterpriseCifsAuthenticator.java:637)
        at org.alfresco.filesys.smb.server.NTProtocolHandler.procSessionSetup(NTProtocolHandler.java:407)
        at org.alfresco.filesys.smb.server.NTProtocolHandler.runProtocol(NTProtocolHandler.java:221)
        at org.alfresco.filesys.smb.server.SMBSrvSession.runHandler(SMBSrvSession.java:1450)
        at org.alfresco.filesys.smb.server.SMBSrvSession.run(SMBSrvSession.java:1351)
        at java.lang.Thread.run(Thread.java:595)
‍‍‍‍‍‍‍‍‍‍‍‍‍

Thanks

andy · ‎09-10-2007

Hi

You need to configure CIFS to use Kerberos or passthrough authentication. See the wiki.

Andy

Hyland Connect

Problem with JAAS configuration not working