You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Ken in Nashua <kc...@live.com> on 2013/04/07 21:31:58 UTC
Cannot get into system at boot for first time
Folks,
I accepted the fact that I cannot create entities during my doAuthentication method because the user first to login is administrator who has no entity or roles or permissions yet.
And so I need to hardwire an administrator account in a shiro configuration with at least a role that will permit entity creation.
So i have been wrestling with shiro filterchain definitions and just blue in the face.
Is it this difficult to make a default administrator to crack into the system at bootstrap for the first time ?
Can anyone lend some assistance ?
I wuold appreciate it.
My shiro config is as follows:
configuration.add(factory.createChain("/**").add(factory.authc()).build()); // force whole app to authenticate
configuration.add(factory.createChain("/authc/**").add(factory.authc()).build());
configuration.add(factory.createChain("/user/**").add(factory.user()).build());
configuration.add(factory.createChain("/user/administrator/*").add(factory.perms(), "*:*:*").build());
configuration.add(factory.createChain("/user/administrator/**").add(factory.roles(), Person.Role.administrator.toString()).build());
configuration.add(factory.createChain("/assets/**").add(factory.anon()).build());
configuration.add(factory.createChain("/user/administrator/**").add(factory.perms(), "*:create:*,*:read:*,*:update:*,*:delete:*").build());
configuration.add(factory.createChain("/**").add(factory.anon()).build()); // force whole app to be anonymous
configuration.add(factory.createChain("/authc/administrator").add(factory.anon()).build());
configuration.add(factory.createChain("/authc/**").add(factory.authc()).build());
configuration.add(factory.createChain("/contributed/**").add(factory.authc()).build());
configuration.add(factory.createChain("/user/administrator").add(factory.anon()).build());
configuration.add(factory.createChain("/user/**").add(factory.user()).build());
but nothing works... everytime I attempt a login as administrator/administrator I receive
org.apache.shiro.authz.UnauthenticatedException: This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against. A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager. This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again. Because an identity is currently not known due to any of these conditions, authorization is denied.
1. are there things I am restricted from doing within my doAuthentication and doAuthorization methods ? because I am trying to create entities of users within my database if they dont exist.
2. if a user doesnt exist and I want to create it in my database... where is the appropriate place... within these security routines... or on a handled exception... one of the four that seem to happen.
I am not clear on how to get into the system for the first time is the superuser and password account is known in advance.
Thank for any help
Ken
RE: Cannot get into system at boot for first time
Posted by Ken in Nashua <kc...@live.com>.
Well this bothers me about the seed entity module
after you run it once... you have to comment it out thereafter out you get this...
but how do you comment out already deployed code to a live production system...?
???
So i am hopeful about a shiro answer to the first user into a shiro system...namely the administrator
HTTP ERROR: 503
Problem accessing /pphl/login. Reason:
SERVICE_UNAVAILABLE
Powered by Jetty://
2013-04-07 17:51:12.624:WARN::failed app: java.lang.RuntimeException: Exception constructing service 'SeedEntity': Error invoking constructor public org.tynamo.seedentity.hibernate.services.SeedEntityImpl(org.slf4j.Logger,org.apache.tapestry5.hibernate.HibernateSessionSource,java.util.List): a different object with the same identifier value was already associated with the session: [org.tynamo.examples.pphl.model.AdminLayout#1]
2013-04-07 17:51:12.624:WARN::Failed startup of context org.mortbay.jetty.plugin.Jetty6PluginWebAppContext@1bf011e{/,C:\Prototype\Mavenized\Product\tynamo\trunk\tynamo-examples\pphl\src\main\webapp}
java.lang.RuntimeException: Exception constructing service 'SeedEntity': Error invoking constructor public org.tynamo.seedentity.hibernate.services.SeedEntityImpl(org.slf4j.Logger,org.apache.tapestry5.hibernate.HibernateSessionSource,java.util.List): a different object with the same identifier value was already associated with the session: [org.tynamo.examples.pphl.model.AdminLayout#1]
RE: Cannot get into system at boot for first time
Posted by Ken in Nashua <kc...@live.com>.
Alright, I am sorry... I dont mean to beatup on the tynamo guys.
Seed entity works... its was the validator tripping me up on email address format.
entities that are seeded need to pass validator.
But I thought I could avoid using this with shiro features.
But seed entity module looks like it is the admirable manner since I not only made it past my doGetAuthentication but am stepping thru my authorization now.
Ok I am in... pheewww....
Does anyone know I got dyslexia?
RE: Cannot get into system at boot for first time
Posted by Ken in Nashua <kc...@live.com>.
I tried seeding my entity but only get a stack dump which produces
HTTP ERROR: 503
Problem accessing /pphl/login. Reason:
SERVICE_UNAVAILABLE
Powered by Jetty://
2013-04-07 16:18:02.936:WARN::failed app: java.lang.RuntimeException: Exception constructing service 'SeedEntity': Error invoking constructor public org.tynamo.seedentity.hibernate.services.SeedEntityImpl(org.slf4j.Logger,org.apache.tapestry5.hibernate.HibernateSessionSource,java.util.List): validation failed for classes [org.tynamo.examples.pphl.model.Person] during persist time for groups [javax.validation.groups.Default, ]
2013-04-07 16:18:02.936:WARN::Failed startup of context org.mortbay.jetty.plugin.Jetty6PluginWebAppContext@d88d2d{/,C:\Prototype\Mavenized\Product\tynamo\trunk\tynamo-examples\pphl\src\main\webapp}
java.lang.RuntimeException: Exception constructing service 'SeedEntity': Error invoking constructor public org.tynamo.seedentity.hibernate.services.SeedEntityImpl(org.slf4j.Logger,org.apache.tapestry5.hibernate.HibernateSessionSource,java.util.List): validation failed for classes [org.tynamo.examples.pphl.model.Person] during persist time for groups [javax.validation.groups.Default, ]
at org.apache.tapestry5.ioc.internal.services.JustInTimeObjectCreator.obtainObjectFromCreator(JustInTimeObjectCreator.java:75)
at org.apache.tapestry5.ioc.internal.services.JustInTimeObjectCreator.createObject(JustInTimeObjectCreator.java:54)
at org.apache.tapestry5.ioc.internal.services.JustInTimeObjectCreator.eagerLoadService(JustInTimeObjectCreator.java:86)
at org.apache.tapestry5.ioc.internal.RegistryImpl.performRegistryStartup(RegistryImpl.java:320)
at org.apache.tapestry5.ioc.internal.RegistryWrapper.performRegistryStartup(RegistryWrapper.java:80)
at org.apache.tapestry5.TapestryFilter.init(TapestryFilter.java:118)
at org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:97)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:713)
at org.mortbay.jetty.servlet.Context.startContext(Context.java:140)
at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1282)
at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:518)
at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:499)
at org.mortbay.jetty.plugin.Jetty6PluginWebAppContext.doStart(Jetty6PluginWebAppContext.java:115)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152)
at org.mortbay.jetty.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130)
at org.mortbay.jetty.Server.doStart(Server.java:224)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at org.mortbay.jetty.plugin.Jetty6PluginServer.start(Jetty6PluginServer.java:132)
at org.mortbay.jetty.plugin.AbstractJettyMojo.startJetty(AbstractJettyMojo.java:454)
at org.mortbay.jetty.plugin.AbstractJettyMojo.execute(AbstractJettyMojo.java:396)
at org.mortbay.jetty.plugin.AbstractJettyRunMojo.execute(AbstractJettyRunMojo.java:210)
at org.mortbay.jetty.plugin.Jetty6RunMojo.execute(Jetty6RunMojo.java:184)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:101)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:209)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:84)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:59)
at org.apache.maven.lifecycle.internal.LifecycleStarter.singleThreadedBuild(LifecycleStarter.java:183)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:161)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:319)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:156)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:537)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:196)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:141)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:290)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:230)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:409)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:352)
2013-04-07 16:18:02.957:INFO::Started SelectChannelConnector@0.0.0.0:8080
[INFO] Started Jetty Server
127.0.0.1 - - [07/Apr/2013:20:18:31 +0000] "GET /pphl/login HTTP/1.1" 503 1298 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0"
and nothing is usable
RE: Cannot get into system at boot for first time
Posted by Ken in Nashua <kc...@live.com>.
if the application was built with annotations like
@RequiresRoles("administrator")
and such statements were placed before
@RequiresRoles("administrator")
Entity save (Integer id) {
...
}
then how is my administrator suppose to login ?
in doGetAuthenticationInfo I search for administrator account.
it does not exist
so i proceed to create it
but i cant because the current subject has no roles
i would hate to pre-fabricate my application with an insert sql script.
the seeded entity feature for tynamo has no graceful exception logic if a seeded entity already exists and just shuts down the whole app so its unusable. if it did I wuold have already implemented and been flown thru that part already but it has sat like that for 18months
is there a elegant way thru this?