You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by Bengt Rodehav <be...@rodehav.com> on 2012/01/10 19:29:40 UTC
Problems with Shiro (ldap:) and Aries JNDI

I've encountered a problem using Aries JNDI under Karaf. I've sent messages
to both the Shiro and the Aries mailing list. No response on the Aries
mailing list but Jared (on the Shiro list) pointed out that there seem to
be a similar problem in Karaf's JIRA (which is fixed). I therefore try the
Karaf mailing list as well.

Here is the Karaf JIRA: https://issues.apache.org/jira/browse/KARAF-304

That JIRA is about problems with the "rmi:" protocol with Aries JNDI. I
have problems with the "ldap:" protocol.

I'm Using Apache Shiro 1.1.0 running in Apache Karaf 2.2.4 (with Felix). I
also use Apache Aries for JPA, blueprint and transaction support. I use
Aries JNDI 0.3.0.

Shiro is unable to get an InitialContext. Shiro calls into the standard JRE
methods that in turn call Aries JNDI (I don't know why). I get the
following stack trace:

*org.apache.shiro.authc.AuthenticationException: LDAP naming error while
attempting to authenticate user.*
* at
org.apache.shiro.realm.ldap.AbstractLdapRealm.doGetAuthenticationInfo(AbstractLdapRealm.java:196)[119:org.apache.shiro.core:1.1.0]
*
* at
org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:175)[119:org.apache.shiro.core:1.1.0]
*
* at
org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:179)[119:org.apache.shiro.core:1.1.0]
*
* at
org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:264)[119:org.apache.shiro.core:1.1.0]
*
* at
org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)[119:org.apache.shiro.core:1.1.0]
*
* at
org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)[119:org.apache.shiro.core:1.1.0]
*
* at
org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:269)[119:org.apache.shiro.core:1.1.0]
*
* at
org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:247)[119:org.apache.shiro.core:1.1.0]
*
* at
se.digia.skistory.web.SessionHandler.doLogin(SessionHandler.java:57)[122:se.digia.skistory.web:1.0.0.SNAPSHOT]
*
* at
se.digia.skistory.web.SessionHandler.handle(SessionHandler.java:34)[122:se.digia.skistory.web:1.0.0.SNAPSHOT]
*
* at
se.digia.skistory.web.HistoryServlet.doPost(HistoryServlet.java:96)[122:se.digia.skistory.web:1.0.0.SNAPSHOT]
*
* at
javax.servlet.http.HttpServlet.service(HttpServlet.java:595)[94:org.apache.geronimo.specs.geronimo-servlet_3.0_spec:1.0]
*
* at
javax.servlet.http.HttpServlet.service(HttpServlet.java:668)[94:org.apache.geronimo.specs.geronimo-servlet_3.0_spec:1.0]
*
* at
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:538)[63:org.eclipse.jetty.servlet:7.4.5.v20110725]
*
* at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1352)[63:org.eclipse.jetty.servlet:7.4.5.v20110725]
*
* at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:74)[121:org.apache.shiro.web:1.1.0]
*
* at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)[63:org.eclipse.jetty.servlet:7.4.5.v20110725]
*
* at
org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:359)[121:org.apache.shiro.web:1.1.0]
*
* at
org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:275)[121:org.apache.shiro.web:1.1.0]
*
* at
org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)[119:org.apache.shiro.core:1.1.0]
*
* at
org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)[119:org.apache.shiro.core:1.1.0]
*
* at
org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:344)[119:org.apache.shiro.core:1.1.0]
*
* at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:272)[121:org.apache.shiro.web:1.1.0]
*
* at
se.digia.skistory.web.security.IniFilter.doFilterInternal(IniFilter.java:59)[122:se.digia.skistory.web:1.0.0.SNAPSHOT]
*
* at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:81)[121:org.apache.shiro.web:1.1.0]
*
* at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)[63:org.eclipse.jetty.servlet:7.4.5.v20110725]
*
* at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:476)[63:org.eclipse.jetty.servlet:7.4.5.v20110725]
*
* at
org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:70)[72:org.ops4j.pax.web.pax-web-jetty:1.0.7]
*
* at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)[61:org.eclipse.jetty.server:7.4.5.v20110725]
*
* at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:517)[62:org.eclipse.jetty.security:7.4.5.v20110725]
*
* at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)[61:org.eclipse.jetty.server:7.4.5.v20110725]
*
* at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937)[61:org.eclipse.jetty.server:7.4.5.v20110725]
*
* at
org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:116)[72:org.ops4j.pax.web.pax-web-jetty:1.0.7]
*
* at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)[63:org.eclipse.jetty.servlet:7.4.5.v20110725]
*
* at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)[61:org.eclipse.jetty.server:7.4.5.v20110725]
*
* at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871)[61:org.eclipse.jetty.server:7.4.5.v20110725]
*
* at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)[61:org.eclipse.jetty.server:7.4.5.v20110725]
*
* at
org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:72)[72:org.ops4j.pax.web.pax-web-jetty:1.0.7]
*
* at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)[61:org.eclipse.jetty.server:7.4.5.v20110725]
*
* at
org.eclipse.jetty.server.Server.handle(Server.java:342)[61:org.eclipse.jetty.server:7.4.5.v20110725]
*
* at
org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)[61:org.eclipse.jetty.server:7.4.5.v20110725]
*
* at
org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1065)[61:org.eclipse.jetty.server:7.4.5.v20110725]
*
* at
org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:823)[57:org.eclipse.jetty.http:7.4.5.v20110725]
*
* at
org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:220)[57:org.eclipse.jetty.http:7.4.5.v20110725]
*
* at
org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)[61:org.eclipse.jetty.server:7.4.5.v20110725]
*
* at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)[56:org.eclipse.jetty.io:7
.4.5.v20110725]*
* at
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)[56:org.eclipse.jetty.io:7
.4.5.v20110725]*
* at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)[55:org.eclipse.jetty.util:7.4.5.v20110725]
*
* at java.lang.Thread.run(Thread.java:662)[:1.6.0_25]*
*Caused by: javax.naming.NoInitialContextException: Unable to determine
caller's BundleContext*
* at
org.apache.aries.jndi.OSGiInitialContextFactoryBuilder.getInitialContext(OSGiInitialContextFactoryBuilder.java:49)[107:org.apache.aries.jndi.core:0.3.0]
*
* at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)[:1.6.0_25]
*
* at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)[:1.6.0_25]
*
* at javax.naming.InitialContext.init(InitialContext.java:223)[:1.6.0_25]*
* at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)[:1.6.0_25]
*
* at
org.apache.shiro.realm.ldap.DefaultLdapContextFactory.getLdapContext(DefaultLdapContextFactory.java:257)[119:org.apache.shiro.core:1.1.0]
*
* at
org.apache.shiro.realm.ldap.DefaultLdapContextFactory.getLdapContext(DefaultLdapContextFactory.java:221)[119:org.apache.shiro.core:1.1.0]
*
* at
org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm.queryForAuthenticationInfo(ActiveDirectoryRealm.java:108)[119:org.apache.shiro.core:1.1.0]
*
* at
org.apache.shiro.realm.ldap.AbstractLdapRealm.doGetAuthenticationInfo(AbstractLdapRealm.java:191)[119:org.apache.shiro.core:1.1.0]
*
* ... 48 more*

While searching for a resolution I found the following:

http://mail-archives.apache.org/mod_mbox/incubator-aries-dev/201011.mbox/%3CAANLkTin0J5bkdaGuXL-g+vtzLEZ8X9hXod4-bd=bbeCK@mail.gmail.com%3E

It sounds like a similar problem but I can't see how (or if) it was
resolved. I now set the TTCL before calling Shiro's login method. This
works as a workaround but I don't think that should be necessary.

Is this a problem that can be fixed in Karaf or is it an Aries JNDI
problem? Any help (or information) is appreciated,

/Bengt