AnsweredAssumed Answered

Problems with ntlm authentication in 2.1 RC1

Question asked by tyve on Jul 6, 2007
Latest reply on Aug 21, 2007 by tyve
I've tried to upgrade our 2.0 installation to 2.1 RC1 and have some problems with ntlm authentication.

This is the error when we access Alfresco:


08:53:25,028 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/alfresco].[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception
net.sf.acegisecurity.AuthenticationServiceException: General error; nested exception is java.lang.NullPointerException
Caused by:
java.lang.NullPointerException
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:871)
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:550)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
        at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
        at $Proxy18.authenticate(Unknown Source)
        at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.processType3(NTLMAuthenticationFilter.java:735)
        at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:402)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
        at java.lang.Thread.run(Thread.java:619)


ntlm-authentication-context.xml:


<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>

    <bean id="authenticationDao" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />

    <!– The authentication component.                                      –>

    <!– Use the passthru authentication component to authenticate using    –>
    <!– user accounts on one or more Windows servers.                      –>

    <!– Properties that specify the server(s) to use for passthru          –>
    <!– authentication :-                                                  –>
    <!–   useLocalServer   use the local server for authentication         –>
    <!–   domain           use domain controllers from the specified domain–>
    <!–   servers          comma delimted list of server addresses or      –>
    <!–                    names                                           –>

<!–JTe    <bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl"> –>
   <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
        <property name="domain">
            <value>SGU</value>
        </property>
        <property name="personService">
            <ref bean="personService" />
        </property>
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="guestAccess">
            <value>false</value>
        </property>
    </bean>

</beans>

custom-authority-service-context.xml:


<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
    <bean id="authorityService" class="org.alfresco.repo.security.authority.AuthorityServiceImpl">
        <property name="authenticationComponent">
<!–JTe            <ref bean="authenticationComponentImpl" /> –>
            <ref bean="authenticationComponent" />
        </property>
        <property name="personService">
            <ref bean="personService" />
        </property>
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="authorityDAO">
            <ref bean="authorityDAO" />
        </property>
        <property name="permissionServiceSPI">
            <ref bean="permissionServiceImpl" />
        </property>
        <property name="adminUsers">
            <set>
                        <value>alfresco</value> <!– add an NTLM user as an Administrator –>
                        <value>admin</value>
                        <value>administrator</value>
        <value>sysadmin</value> <!– add an NTLM user as an Administrator –>
                        <value>jste</value>
                        <value>root</value>

                </set>
        </property>
    </bean>
</beans>

It's possible to login using Firefox but I have to login twice.



Update:

If I remove the ntlm filters from web.xml I can log in using domain user and password in both IE and Firefox. SMB/Cifs doesn't work. Error in alfresco.log:


12:06:36,127 ERROR [smb.protocol.auth] Error during passthru authentication
net.sf.acegisecurity.AuthenticationServiceException: General error; nested exception is java.lang.NullPointerException
Caused by:
java.lang.NullPointerException
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:871)
        at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:550)
        at org.alfresco.filesys.server.auth.AlfrescoAuthenticator.doPassthruUserAuthentication(AlfrescoAuthenticator.java:437)
        at org.alfresco.filesys.server.auth.AlfrescoAuthenticator.authenticateUser(AlfrescoAuthenticator.java:161)
        at org.alfresco.filesys.server.auth.CifsAuthenticator.processSessionSetup(CifsAuthenticator.java:511)
        at org.alfresco.filesys.smb.server.NTProtocolHandler.procSessionSetup(NTProtocolHandler.java:407)
        at org.alfresco.filesys.smb.server.NTProtocolHandler.runProtocol(NTProtocolHandler.java:221)
        at org.alfresco.filesys.smb.server.SMBSrvSession.run(SMBSrvSession.java:1352)
        at java.lang.Thread.run(Thread.java:619)

Outcomes