You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by John Gilbert <jg...@dharbor.com> on 2004/11/30 17:02:04 UTC
Access Denied with JNDIPrincipalStore
Can someone tell me what they think the debug output below is saying?
It looks to me like it finds everything in LDAP but then looses it in
the cache. I also don't see any role queries,
but maybe they would happen later.
I have Slide running on WebLogic with the JNDIPrincipalStore. I think
everything is starting up correctly,
because when I had some bad setting for the JNDIPrincipalStore it would
not start.
Now when I log in to http://localhost:7001/slide I get Error
403--Forbidden.
My userid is 'admin' and it can log in to other secured servlets hitting
the same LDAP.
Any thoughts?
Thanks!
- John
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
common.Domain
- Create XHttpServletResponseFacade
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
webdav.WebdavS
ervlet - ==> GET start: 11/29/04 10:07 PM [ExecuteThread: '14' for
queue: 'weblo
gic.kernel.Default']
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
tx.object
- Cache Hit: '/' 160 / 16 / 16
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
tx.descriptors
- Cache Hit: '/' 33 / 16 / 16
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
tx.descriptors
- Cache Hit: '/' 34 / 16 / 16
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
tx.object
- Cache Hit: '/' 161 / 16 / 16
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
tx.descriptor
- Cache Hit: '/-1.0' 1 / 16 / 16
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
tx.object
- Cache Hit: '/' 162 / 16 / 16
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
tx.object
- Cache Hit: '/' 163 / 16 / 16
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] INFO
file.FileResou
rceManager - Starting RM at 'users/store/metadata' /
'users/work/metadata'
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] INFO
file.FileResou
rceManager - Started RM
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
txjndi.JNDIPri
ncipalStore - JNDIPrincipalStore[/users]: Retrieving Object
/users/admin.
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
store.MemorySt
ore - org.apache.slide.store.txjndi.JNDIPrincipalStoreCache:
MemoryStore miss
for object: /users/admin
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
ehcache.Cache
- org.apache.slide.store.txjndi.JNDIPrincipalStore cache - Miss
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
txjndi.JNDIPri
ncipalStore - JNDIPrincipalStore[/users]: Connecting to LDAP server.
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
txjndi.JNDIPri
ncipalStore - JNDIPrincipalStore[/users]: Disconnecting from LDAP
server.
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
txjndi.JNDIPri
ncipalStore - JNDIPrincipalStore[/users]: Retrieving Object /users.
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
store.MemorySt
ore - org.apache.slide.store.txjndi.JNDIPrincipalStoreCache:
MemoryStore miss
for object: /users
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
ehcache.Cache
- org.apache.slide.store.txjndi.JNDIPrincipalStore cache - Miss
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
txjndi.JNDIPri
ncipalStore - JNDIPrincipalStore[/users]: Connecting to LDAP server.
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
txjndi.JNDIPri
ncipalStore - uid=admin: Creating child binding "admin" for "/users".
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
txjndi.JNDIPri
ncipalStore - JNDIPrincipalStore[/users]: Creating SubjectNode for
"/users".
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
txjndi.JNDIPri
ncipalStore - JNDIPrincipalStore[/users]: Putting ObjectNode for /users
to cache
.
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
ehcache.Cache
- object: /users now: 1101784071988
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
ehcache.Cache
- object: /users Creation Time: 1101784071988 Next To Last Access
Time: 0
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
ehcache.Cache
- object: /users mostRecentTime: 1101784071988
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
ehcache.Cache
- object: /users Age to Idle: 900000 Age Idled: 0
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
ehcache.Cache
- org.apache.slide.store.txjndi.JNDIPrincipalStore: Is element
with key o
bject: /users expired?: false
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
txjndi.JNDIPri
ncipalStore - JNDIPrincipalStore[/users]: Disconnecting from LDAP
server.
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
txjndi.JNDIPri
ncipalStore - JNDIPrincipalStore[/users]: Retrieving Object
/users/admin.
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
store.MemorySt
ore - org.apache.slide.store.txjndi.JNDIPrincipalStoreCache:
MemoryStore miss
for object: /users/admin
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
ehcache.Cache
- org.apache.slide.store.txjndi.JNDIPrincipalStore cache - Miss
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
txjndi.JNDIPri
ncipalStore - JNDIPrincipalStore[/users]: Connecting to LDAP server.
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
txjndi.JNDIPri
ncipalStore - JNDIPrincipalStore[/users]: Disconnecting from LDAP
server.
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
txjndi.JNDIPri
ncipalStore - JNDIPrincipalStore[/users]: Retrieving Object /users.
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
store.MemorySt
ore - org.apache.slide.store.txjndi.JNDIPrincipalStoreCache:
MemoryStore hit
for object: /users
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
ehcache.Cache
- object: /users now: 1101784071988
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
ehcache.Cache
- object: /users Creation Time: 1101784071988 Next To Last Access
Time: 0
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
ehcache.Cache
- object: /users mostRecentTime: 1101784071988
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
ehcache.Cache
- object: /users Age to Idle: 900000 Age Idled: 0
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
ehcache.Cache
- org.apache.slide.store.txjndi.JNDIPrincipalStore: Is element
with key o
bject: /users expired?: false
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
txjndi.JNDIPri
ncipalStore - JNDIPrincipalStore[/users]: ObjectNode for "/users" found
in cache
.
[ExecuteThread: '14' for queue: 'weblogic.kernel.Default'] DEBUG
webdav.WebdavS
ervlet - <== GET end: 11/29/04 10:07 PM [ExecuteThread: '14' for queue:
'weblogi
c.kernel.Default']
ExecuteThread: '14' for queue: 'weblogic.kernel.Default', 29-Nov-2004
22:07:51,
admin, GET, 403 "Forbidden", 201 ms, /
<Nov 29, 2004 10:07:52 PM EST> <Info> <HTTP> <BEA-101047>
<[ServletContext(id=73
0993,name=slide.war,context-path=/slide)] ExecuteThread: '14' for queue:
'weblog
ic.kernel.Default', 29-Nov-2004 22:07:51, admin, GET, 403 "Forbidden",
201 ms, /
>
Here are my store settings:
<store name="users">
<nodestore
classname="org.apache.slide.store.txjndi.JNDIPrincipalStore">
<parameter
name="jndi.container">ou=people,ou=myrealm,dc=myserver</parameter>
<parameter name="jndi.attribute.rdn">uid</parameter>
<parameter
name="jndi.search.filter">(objectClass=inetOrgPerson)</parameter>
<parameter
name="jndi.search.scope">ONELEVEL_SCOPE</parameter>
<parameter
name="jndi.search.attributes">uid,description,sn,cn</parameter>
<parameter
name="java.naming.provider.url">ldap://localhost:7001</parameter>
<parameter
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</par
ameter>
<parameter
name="java.naming.security.principal">cn=admin</parameter>
<parameter
name="java.naming.security.authentication">simple</parameter>
<parameter
name="java.naming.security.credentials">password</parameter>
</nodestore>
<sequencestore
classname="org.apache.slide.store.txfile.FileSequenceStore">
<parameter
name="rootpath">store/sequence</parameter>
</sequencestore>
<securitystore
classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore">
<parameter
name="rootpath">users/store/metadata</parameter>
<parameter
name="workpath">users/work/metadata</parameter>
<parameter name="defer-saving">true</parameter>
<parameter name="timeout">120</parameter>
</securitystore>
<lockstore>
<reference store="securitystore"/>
</lockstore>
<revisiondescriptorsstore>
<reference store="nodestore"/>
</revisiondescriptorsstore>
<revisiondescriptorstore>
<reference store="nodestore"/>
</revisiondescriptorstore>
<contentstore>
<reference store="nodestore"/>
</contentstore>
</store>
<store name="roles">
<nodestore
classname="org.apache.slide.store.txjndi.JNDIPrincipalStore">
<parameter
name="jndi.container">ou=groups,ou=myrealm,dc=myserver</parameter>
<parameter name="jndi.attribute.rdn">cn</parameter>
<parameter
name="jndi.attribute.groupmemberset">memberURL</parameter>
<parameter
name="jndi.search.filter">(objectClass=groupOfUniqueNames)</parameter>
<parameter
name="jndi.search.scope">ONELEVEL_SCOPE</parameter>
<parameter
name="jndi.search.attributes">cn</parameter>
<parameter
name="java.naming.provider.url">ldap://localhost:7001</parameter>
<parameter
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</par
ameter>
<parameter
name="java.naming.security.principal">cn=admin</parameter>
<parameter
name="java.naming.security.authentication">simple</parameter>
<parameter
name="java.naming.security.credentials">password</parameter>
</nodestore>
<sequencestore
classname="org.apache.slide.store.txfile.FileSequenceStore">
<parameter
name="rootpath">store/sequence</parameter>
</sequencestore>
<securitystore
classname="org.apache.slide.store.txfile.TxXMLFileDescriptorsStore">
<parameter
name="rootpath">roles/store/metadata</parameter>
<parameter
name="workpath">roles/work/metadata</parameter>
<parameter name="defer-saving">true</parameter>
<parameter name="timeout">120</parameter>
</securitystore>
<lockstore>
<reference store="securitystore"/>
</lockstore>
<revisiondescriptorsstore>
<reference store="nodestore"/>
</revisiondescriptorsstore>
<revisiondescriptorstore>
<reference store="nodestore"/>
</revisiondescriptorstore>
<contentstore>
<reference store="nodestore"/>
</contentstore>
</store>