cancel
Showing results for 
Search instead for 
Did you mean: 

ALF 2.1 - Bad credentials when using the AuthorityService

claudio_martins
Champ in-the-making
Champ in-the-making
Hi all,

I have extended the JavaScript API in order to add a functionality that I miss on the People API to check if a user belongs to a specific group.

However, whenever I try to call any method on the AuthorityService (injected by Spring), I receive the following exception:

Caused by: net.sf.acegisecurity.BadCredentialsException: Bad credentials presented
        at net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider.authenticate(DaoAuthenticationProvider.java:290)
        at net.sf.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:159)
        at net.sf.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:49)
        at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:372)
        at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
        at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterc
eptor.java:49)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
        at org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:238)
        at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:69)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
        at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
        at $Proxy47.getPerson(Unknown Source)
        at org.alfresco.repo.workflow.jbpm.AlfrescoJavaScript.createInputMap(AlfrescoJavaScript.java:211)
        at org.alfresco.repo.workflow.jbpm.AlfrescoJavaScript.executeScript(AlfrescoJavaScript.java:157)
        at org.alfresco.repo.workflow.jbpm.AlfrescoAssignment.assign(AlfrescoAssignment.java:134)
        at org.jbpm.taskmgmt.exe.TaskMgmtInstance.performAssignmentDelegation(TaskMgmtInstance.java:222)
        at org.jbpm.taskmgmt.exe.TaskMgmtInstance.performAssignment(TaskMgmtInstance.java:198)
        … 99 more

This API is used inside a jBPM process as:

<action   class="org.alfresco.repo.workflow.jbpm.AlfrescoJavaScript">
   <script>
     <expression>
        erw_partnerGroup = peopleextension.isAuthorityMemberOfGroup(person.properties['cm:userName'], "GROUP_AAA");
     </expression>
     <variable name="erw_partnerGroup" access="read,write" mapped-name="erw_partnerGroup" />
   </script>
</action>

The context file to create the required bean:

<bean id="peopleExtensionScript" parent="baseJavaScriptExtension"
   class="br.com.concretesolutions.alfresco.jscript.PeopleExtension">
   <property name="extensionName">
      <value>peopleextension</value>
   </property>
   <property name="serviceRegistry">
      <ref bean="ServiceRegistry" />
   </property>
   <property name="authorityDAO">
      <ref bean="authorityDAO" />
   </property>
   <property name="authorityService">
      <ref bean="AuthorityService" />
   </property>
</bean>

And the implemented class:

public boolean isAuthorityMemberOfGroup(String authorityName, String groupName) {
   
   boolean isResponse = false;

   try {
      if(authorityService.authorityExists(authorityName)) {
      
      Set<String> userAuthorities = authorityService.getAuthoritiesForUser(authorityName);
      
      if(userAuthorities.contains(groupName)) {
         isResponse = true;
      }
      
         }
   } catch(Exception e) {
      System.out.println("\n\n " + e.getMessage() + "\n\n");
   }
   
   return isResponse;
   
}


Does anyone knows what might be happening here?


Thanks in advance!
2 REPLIES 2

aniruddh
Champ in-the-making
Champ in-the-making
I am also facing the same issue with the following code


      Set<String> authorities = m_AuthorityService.getContainingAuthorities(AuthorityType.GROUP, "admin", false);


I get a "Bad Credentials" exception when this is called from a JSF Managed bean. However, same piece of code works fine when called from a custom action.

dhalupa
Champ on-the-rise
Champ on-the-rise
You might check the following file public-services-security-context.xml. Try to find the bean AuthorityService_security and you will see that for getAuthoritiesForUser method permission is set as ACL_METHOD.ROLE_ADMINISTRATOR. Change this to ACL_ALLOW and you should be able to execute the method without been logged in with admin role

Kind regards

Denis