J'ai implémenté mon propre mécanisme d'authentification...
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Alfresco Hub
- :
- Forum Archive
- :
- J'ai implémenté mon propre mécanisme d'authentific...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
J'ai implémenté mon propre mécanisme d'authentification...
Bonjour,
J'ai implémenté mon propre mécanisme d'authentification et je me retrouve (après avoir passé des heures pour la configuration) devant une exception pas très sympa qui me dit en gros:
La configuration de mon authentification est celle-ci (Alfrescotomcatsharedclassesalfrescoextensionauthentication-services-context.xml):
Pour infos, l'initialisation de mon module je l'ai mise en statique dans la classe qui implémente AbstractAuthenticationComponent (sinon Alfresco crash quand il essaye d'initialiser ses services, vu qu'il le fait avant les modules), et ça fonctionne (même si c'est pas idéal); et mon component est très simple.
PS: j'ai volontairement masqué les noms de la société et du produit par XXX, mais la classe est bien trouvée et instanciée (à priori, pas d'erreurs de ce côté là, et mon module est bien chargé juste avant d'avoir les erreurs ci-dessus).
J'ai implémenté mon propre mécanisme d'authentification et je me retrouve (après avoir passé des heures pour la configuration) devant une exception pas très sympa qui me dit en gros:
ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/alfresco]] Exception lors de l'envoi de l'évènement contexte initialisé (context initialized) à l'instance de classe d'écoute (listener) org.alfresco.web.app.ContextListener
org.alfresco.error.AlfrescoRuntimeException: Failed to start modules
at org.alfresco.repo.module.ModuleComponentHelper.startModules(ModuleComponentHelper.java:240)
at org.alfresco.repo.module.ModuleServiceImpl.startModules(ModuleServiceImpl.java:132)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
at $Proxy45.startModules(Unknown Source)
at org.alfresco.repo.module.ModuleStarter.onBootstrap(ModuleStarter.java:54)
at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)
at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:241)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:349)
at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.refresh(AbstractRefreshableWebApplicationContext.java:156)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:184)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Caused by: org.alfresco.error.AlfrescoRuntimeException: Registry root not present:
Store: system://system
Path: /sys:system-registry
at org.alfresco.repo.admin.registry.RegistryServiceImpl.getRegistryRootNodeRef(RegistryServiceImpl.java:137)
at org.alfresco.repo.admin.registry.RegistryServiceImpl.getPath(RegistryServiceImpl.java:184)
at org.alfresco.repo.admin.registry.RegistryServiceImpl.getChildElements(RegistryServiceImpl.java:326)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
at $Proxy41.getChildElements(Unknown Source)
at org.alfresco.repo.module.ModuleComponentHelper.renameModule(ModuleComponentHelper.java:335)
at org.alfresco.repo.module.ModuleComponentHelper.startModule(ModuleComponentHelper.java:433)
at org.alfresco.repo.module.ModuleComponentHelper.access$000(ModuleComponentHelper.java:62)
at org.alfresco.repo.module.ModuleComponentHelper$1.doWork(ModuleComponentHelper.java:222)
at org.alfresco.repo.transaction.TransactionUtil.executeInTransaction(TransactionUtil.java:189)
at org.alfresco.repo.transaction.TransactionUtil.executeInNonPropagatingUserTransaction(TransactionUtil.java:127)
at org.alfresco.repo.module.ModuleComponentHelper.startModules(ModuleComponentHelper.java:226)
… 47 moreLa configuration de mon authentification est celle-ci (Alfrescotomcatsharedclassesalfrescoextensionauthentication-services-context.xml):
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<!– =================================================================== –>
<!– This file contains the bean definitions that support authentication –>
<!– =================================================================== –>
<!– –>
<!– Acegi is used for authentication and protecting method calls on public –>
<!– services. To do this requires our authentication mechanism to work –>
<!– within the acegi framework. –>
<!– –>
<!– It is important to decide if user names are case sensitive or not. –>
<!– This is configured in repository.properties. –>
<!– –>
<!– –>
<!– TODO: –>
<!– –>
<!– The transactional wrappers should be removed from the beans in this –>
<!– file. This should be done in the public services definitions. –>
<!– This requires some tests to be fixed up. –>
<!– –>
<beans>
<!– –>
<!– The Acegi authentication manager. –>
<!– –>
<!– Provders are asked to authenticate in order. –>
<!– First, is a provider that checks if an acegi authentication object –>
<!– is already bound to the executing thread. If it is, and it is set –>
<!– as authenticated then no further authentication is required. If –>
<!– this is absent, Acegi validates the password for every method –>
<!– invocation, which is too CPU expensive. If we set an –>
<!– authentication based on a ticket etc …. or we want to set the –>
<!– the system user as the current user … we do not have the –>
<!– password. So if we have set an authentication and set it as –>
<!– authenticated that is sufficient to validate the user. –>
<!– –>
<!– If the authentication bound to the current thread is not set as –>
<!– authenticated the standard Acegi DAO Authentication provider –>
<!– is used to authenticate. –>
<!– –>
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="authenticatedAuthenticationPassthroughProvider" />
<ref bean="daoAuthenticationProvider" />
</list>
</property>
</bean>
<!– We provide a DAO to plug into the Acegi DaoAuthenticationProvider –>
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="authenticationDao">
<ref bean="authenticationDao" />
</property>
<property name="saltSource">
<ref bean="saltSource" />
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder" />
</property>
</bean>
<!– An authentication Provider that just believes authentications –>
<!– bound to the local thread are valid if they are set as –>
<!– authenticated. –>
<bean id="authenticatedAuthenticationPassthroughProvider" class="org.alfresco.repo.security.authentication.AuthenticatedAuthenticationPassthroughProvider" />
<!– The authroity DAO implements an interface extended from the Acegi –>
<!– DAO that supports CRUD. –>
<alias name="authenticationDao" alias="alfDaoImpl"/> <!– TODO: Remove –>
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao">
<!–bean id="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao"–>
<!–property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="dictionaryService">
<ref bean="dictionaryService" />
</property>
<property name="namespaceService">
<ref bean="namespaceService" />
</property–>
<property name="searchService">
<ref bean="admSearchService" />
</property>
<!–property name="userNamesAreCaseSensitive">
<value>${user.name.caseSensitive}</value>
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder" />
</property–>
</bean>
<!– The DAO also acts as a salt provider. –>
<alias alias="saltSource" name="authenticationDao"/>
<!– Passwords are encoded using MD4 –>
<!– This is not ideal and only done to be compatible with NTLM –>
<!– authentication against the default authentication mechanism. –>
<bean id="passwordEncoder" class="org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl"></bean>
<!– The Authentication Service implementation. –>
<!– –>
<!– This delegates its work to two services: –>
<!– an AuthenticationComponent and a MutableAuthenticationDAO. –>
<!– –>
<!– The permissions service is required so that permissions can be –>
<!– cleaned up when a user is deleted. –>
<alias name="authenticationService" alias="authenticationServiceImpl"/> <!– TODO: Remove –>
<bean id="authenticationService" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="authenticationDao" />
</property>
<property name="ticketComponent">
<ref bean="ticketComponent" />
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponent" />
</property>
</bean>
<!– The authentication component. –>
<!–bean id="AuthenticationComponent" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="proxyInterfaces">
<value>org.alfresco.repo.security.authentication.AuthenticationComponent</value>
</property>
<property name="transactionManager">
<ref bean="transactionManager" />
</property>
<property name="target">
<ref bean="authenticationComponent" />
</property–>
<!–property name="transactionAttributes">
<props>
<prop key="*">${server.transaction.mode.default}</prop>
</props>
</property–>
<!–/bean–>
<bean id="authenticationComponent" class="com.XXX.alfrescoprovider.auth.XXXAuthenticationComponentImpl">
<property name="authenticationDao">
<ref bean="authenticationDao" />
</property>
<!–property name="authenticationManager">
<ref bean="authenticationManager" />
</property–>
<property name="allowGuestLogin">
<value>true</value>
</property>
</bean>
<!– Simple Authentication component that rejects all authentication requests –>
<!– Use this defintion for Novell IChain integration. –>
<!– It should never go to the login screen so this is not required –>
<!–
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl">
<property name="accept">
<value>true</value>
</property>
</bean>
–>
<!– The person service. –>
<bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl" init-method="init">
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="searchService">
<ref bean="admSearchService" />
</property>
<property name="permissionServiceSPI">
<ref bean="permissionServiceImpl" />
</property>
<property name="authorityService">
<ref bean="authorityService" />
</property>
<property name="namespacePrefixResolver">
<ref bean="namespaceService" />
</property>
<property name="policyComponent">
<ref bean="policyComponent"/>
</property>
<property name="personCache">
<ref bean="personCache" />
</property>
<!– Configurable properties. –>
<!– –>
<!– TODO: –>
<!– Add support for creating real home spaces adn setting –>
<!– permissions on the hame space and people created. –>
<!– –>
<!– The store in which people are persisted. –>
<property name="storeUrl">
<value>${spaces.store}</value>
</property>
<!– Some authentication mechanisms may need to create people –>
<!– in the repository on demand. This enables that feature. –>
<!– If dsiabled an error will be generated for missing –>
<!– people. If enabled then a person will be created and –>
<!– persisted. –>
<!– Valid values are –>
<!– ${server.transaction.allow-writes} –>
<!– false –>
<property name="createMissingPeople">
<value>${server.transaction.allow-writes}</value>
</property>
<property name="userNamesAreCaseSensitive">
<value>${user.name.caseSensitive}</value>
</property>
<!– New properties after 1.4.0 to deal with duplicate user ids when found –>
<property name="processDuplicates">
<value>true</value>
</property>
<!– one of: LEAVE, SPLIT, DELETE –>
<property name="duplicateMode">
<value>SPLIT</value>
</property>
<property name="lastIsBest">
<value>true</value>
</property>
<property name="includeAutoCreated">
<value>false</value>
</property>
</bean>
<bean name="homeFolderManager" class="org.alfresco.repo.security.person.HomeFolderManager">
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="policyComponent">
<ref bean="policyComponent" />
</property>
<property name="defaultProvider">
<ref bean="personalHomeFolderProvider" />
</property>
</bean>
<bean name="companyHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
<property name="serviceRegistry">
<ref bean="ServiceRegistry" />
</property>
<property name="path">
<value>/${spaces.company_home.childname}</value>
</property>
<property name="storeUrl">
<value>${spaces.store}</value>
</property>
<property name="homeFolderManager">
<ref bean="homeFolderManager" />
</property>
</bean>
<bean name="guestHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
<property name="serviceRegistry">
<ref bean="ServiceRegistry" />
</property>
<property name="path">
<value>/${spaces.company_home.childname}/${spaces.guest_home.childname}</value>
</property>
<property name="storeUrl">
<value>${spaces.store}</value>
</property>
<property name="homeFolderManager">
<ref bean="homeFolderManager" />
</property>
<property name="userPemissions">
<set>
<value>Consumer</value>
</set>
</property>
</bean>
<bean name="bootstrapHomeFolderProvider" class="org.alfresco.repo.security.person.BootstrapHomeFolderProvider">
<property name="homeFolderManager">
<ref bean="homeFolderManager" />
</property>
</bean>
<bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
<property name="serviceRegistry">
<ref bean="ServiceRegistry" />
</property>
<property name="path">
<value>/${spaces.company_home.childname}</value>
</property>
<property name="storeUrl">
<value>${spaces.store}</value>
</property>
<property name="homeFolderManager">
<ref bean="homeFolderManager" />
</property>
<property name="inheritsPermissionsOnCreate">
<value>false</value>
</property>
<property name="ownerPemissionsToSetOnCreate">
<set>
<value>All</value>
</set>
</property>
<property name="userPemissions">
<set>
<value>All</value>
</set>
</property>
</bean>
<bean name="userHomesHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
<property name="serviceRegistry">
<ref bean="ServiceRegistry" />
</property>
<property name="path">
<value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value>
</property>
<property name="storeUrl">
<value>${spaces.store}</value>
</property>
<property name="homeFolderManager">
<ref bean="homeFolderManager" />
</property>
<property name="inheritsPermissionsOnCreate">
<value>false</value>
</property>
<property name="ownerPemissionsToSetOnCreate">
<set>
<value>All</value>
</set>
</property>
<property name="userPemissions">
<set>
<value>All</value>
</set>
</property>
</bean>
<!– The ticket component. –>
<!– Used for reauthentication –>
<bean id="ticketComponent" class="org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl">
<property name="ticketsCache">
<ref bean="ticketsCache"/>
</property>
<!– The period for which tickets are valid in XML duration format. –>
<!– The default is P1H for one hour. –>
<property name="validDuration">
<value>P1H</value>
</property>
<!– Do tickets expire or live for ever? –>
<property name="ticketsExpire">
<value>false</value>
</property>
<!– Are tickets only valid for a single use? –>
<property name="oneOff">
<value>false</value>
</property>
</bean>
</beans>Pour infos, l'initialisation de mon module je l'ai mise en statique dans la classe qui implémente AbstractAuthenticationComponent (sinon Alfresco crash quand il essaye d'initialiser ses services, vu qu'il le fait avant les modules), et ça fonctionne (même si c'est pas idéal); et mon component est très simple.
PS: j'ai volontairement masqué les noms de la société et du produit par XXX, mais la classe est bien trouvée et instanciée (à priori, pas d'erreurs de ce côté là, et mon module est bien chargé juste avant d'avoir les erreurs ci-dessus).
Labels
1 Reply
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: J'ai implémenté mon propre mécanisme d'authentification...
Je me suis auto-corrigé, j'ai trouvé l'erreur:
Il ne faut surtout pas surcharger la méthode public String getSystemUserName(); de AbstractAuthenticationComponent
Je sais même plus pourquoi je l'avais fait..
/me se tape la tête contre les murs avec un truite
EDIT: allez, je passe au personService et à l'authorityService maintenant
REEDIT: si un modo/admin passe par là, j'ai pas trouvé comment on change le sujet avec punBB, faut le mettre en résolu si c'est dans vos habitudes
Il ne faut surtout pas surcharger la méthode public String getSystemUserName(); de AbstractAuthenticationComponent
Je sais même plus pourquoi je l'avais fait..
/me se tape la tête contre les murs avec un truite
EDIT: allez, je passe au personService et à l'authorityService maintenant
REEDIT: si un modo/admin passe par là, j'ai pas trouvé comment on change le sujet avec punBB, faut le mettre en résolu si c'est dans vos habitudes
The Archive
Content from pre 2016 and from language groups that have been closed.
Content is read-only.
Latest Articles
- configuration envoi de mail Exchange
- Issue with MOVE Request (502) When Using Session T...
- Problemas al visual archivo desde alfresco
- Rendre obligatoire la saisie d'une propriété d'un ...
- Language dans l'entrepot
- Error al implementar Alfresco en AWS
- Alfresco Content Application und Share no se carga...
- set the number of characters to insert in the titl...
- Unidades de red webdav
- En inicio, aparece Error al cargar elementos en re...
- Alfresco RM in Community 6.2
- Obtener enlace público de una imagen
- sessiones
- Problems with my own ssl and Solr
- No deja borrar espacios
We use cookies on this site to enhance your user experience
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.