AnsweredAssumed Answered

J'ai implémenté mon propre mécanisme d'authentification...

Question asked by pounard on Jul 23, 2007
Latest reply on Jul 25, 2007 by pounard
Bonjour,

J'ai implémenté mon propre mécanisme d'authentification et je me retrouve (après avoir passé des heures pour la configuration) devant une exception pas très sympa qui me dit en gros:
ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/alfresco]] Exception lors de l'envoi de l'évènement contexte initialisé (context initialized) à l'instance de classe d'écoute (listener) org.alfresco.web.app.ContextListener
org.alfresco.error.AlfrescoRuntimeException: Failed to start modules
   at org.alfresco.repo.module.ModuleComponentHelper.startModules(ModuleComponentHelper.java:240)
   at org.alfresco.repo.module.ModuleServiceImpl.startModules(ModuleServiceImpl.java:132)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:585)
   at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
   at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
   at $Proxy45.startModules(Unknown Source)
   at org.alfresco.repo.module.ModuleStarter.onBootstrap(ModuleStarter.java:54)
   at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)
   at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
   at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:241)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:349)
   at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.refresh(AbstractRefreshableWebApplicationContext.java:156)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:184)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
   at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
   at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
   at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
   at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
   at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
   at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
   at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
   at org.apache.catalina.core.StandardService.start(StandardService.java:448)
   at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
   at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:585)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Caused by: org.alfresco.error.AlfrescoRuntimeException: Registry root not present:
   Store: system://system
   Path:  /sys:system-registry
   at org.alfresco.repo.admin.registry.RegistryServiceImpl.getRegistryRootNodeRef(RegistryServiceImpl.java:137)
   at org.alfresco.repo.admin.registry.RegistryServiceImpl.getPath(RegistryServiceImpl.java:184)
   at org.alfresco.repo.admin.registry.RegistryServiceImpl.getChildElements(RegistryServiceImpl.java:326)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:585)
   at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
   at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
   at $Proxy41.getChildElements(Unknown Source)
   at org.alfresco.repo.module.ModuleComponentHelper.renameModule(ModuleComponentHelper.java:335)
   at org.alfresco.repo.module.ModuleComponentHelper.startModule(ModuleComponentHelper.java:433)
   at org.alfresco.repo.module.ModuleComponentHelper.access$000(ModuleComponentHelper.java:62)
   at org.alfresco.repo.module.ModuleComponentHelper$1.doWork(ModuleComponentHelper.java:222)
   at org.alfresco.repo.transaction.TransactionUtil.executeInTransaction(TransactionUtil.java:189)
   at org.alfresco.repo.transaction.TransactionUtil.executeInNonPropagatingUserTransaction(TransactionUtil.java:127)
   at org.alfresco.repo.module.ModuleComponentHelper.startModules(ModuleComponentHelper.java:226)
   … 47 more
J'ai cherché un peu partout sur le net, et rien trouvé qui pourrait me donner ni la cause, ni la solution à mon problème.
La configuration de mon authentification est celle-ci (Alfrescotomcatsharedclassesalfrescoextensionauthentication-services-context.xml):
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<!– ===================================================================  –>
<!– This file contains the bean definitions that support authentication  –>
<!– ===================================================================  –>

<!–                                                                        –>
<!– Acegi is used for authentication and protecting method calls on public –>
<!– services. To do this requires our authentication mechanism to work     –>
<!– within the acegi framework.                                            –>
<!–                                                                        –>
<!– It is important to decide if user names are case sensitive or not.     –>
<!– This is configured in repository.properties.                           –>
<!–                                                                        –> 
<!–                                                                        –>
<!– TODO:                                                                  –>
<!–                                                                        –>
<!– The transactional wrappers should be removed from the beans in this    –>
<!– file. This should be done in the public services definitions.          –>
<!– This requires some tests to be fixed up.                               –>
<!–                                                                        –>


<beans>
    <!–                                                                    –>
    <!– The Acegi authentication manager.                                  –>
    <!–                                                                    –>
    <!– Provders are asked to authenticate in order.                       –>
    <!– First, is a provider that checks if an acegi authentication object –>
    <!– is already bound to the executing thread. If it is, and it is set  –>
    <!– as authenticated then no further authentication is required. If    –>
    <!– this is absent, Acegi validates the password for every method      –>
    <!– invocation, which is too CPU expensive. If we set an               –>
    <!– authentication based on a ticket etc …. or we want to set the    –>
    <!– the system user as the current user … we do not have the         –>
    <!– password. So if we have set an authentication and set it as        –>
    <!– authenticated that is sufficient to validate the user.             –>
    <!–                                                                    –>
    <!– If the authentication bound to the current thread is not set as    –>
    <!– authenticated the standard Acegi DAO Authentication provider       –>
    <!– is used to authenticate.                                           –>
    <!–                                                                    –>

    <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref bean="authenticatedAuthenticationPassthroughProvider" />
                <ref bean="daoAuthenticationProvider" />
            </list>
        </property>
    </bean>

    <!– We provide a DAO to plug into the Acegi DaoAuthenticationProvider  –>

    <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
        <property name="authenticationDao">
            <ref bean="authenticationDao" />
        </property>
        <property name="saltSource">
            <ref bean="saltSource" />
        </property>
        <property name="passwordEncoder">
            <ref bean="passwordEncoder" />
        </property>
    </bean>

    <!– An authentication Provider that just believes authentications      –>
    <!– bound to the local thread are valid if they are set as             –>
    <!– authenticated.                                                     –>

    <bean id="authenticatedAuthenticationPassthroughProvider" class="org.alfresco.repo.security.authentication.AuthenticatedAuthenticationPassthroughProvider" />

    <!– The authroity DAO implements an interface extended from the Acegi  –>
    <!– DAO that supports CRUD.                                            –>

    <alias name="authenticationDao" alias="alfDaoImpl"/>  <!– TODO: Remove –>
    <bean id="authenticationDao" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao">
    <!–bean id="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao"–>
       <!–property name="nodeService">
           <ref bean="nodeService" />
       </property>
       <property name="dictionaryService">
           <ref bean="dictionaryService" />
       </property>
       <property name="namespaceService">
           <ref bean="namespaceService" />
       </property–>
       <property name="searchService">
           <ref bean="admSearchService" />
       </property>
       <!–property name="userNamesAreCaseSensitive">
          <value>${user.name.caseSensitive}</value>
       </property>
       <property name="passwordEncoder">
           <ref bean="passwordEncoder" />
       </property–>
    </bean>

    <!– The DAO also acts as a salt provider.                              –>
   
    <alias alias="saltSource" name="authenticationDao"/>

    <!– Passwords are encoded using MD4                                    –>
    <!– This is not ideal and only done to be compatible with NTLM         –>
    <!– authentication against the default authentication mechanism.       –>

    <bean id="passwordEncoder" class="org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl"></bean>


    <!– The Authentication Service implementation.                         –>
    <!–                                                                    –>
    <!– This delegates its work to two services:                           –>
    <!– an AuthenticationComponent and a MutableAuthenticationDAO.         –>
    <!–                                                                    –>
    <!– The permissions service is required so that permissions can be     –>
    <!– cleaned up when a user is deleted.                                 –>
   
    <alias name="authenticationService" alias="authenticationServiceImpl"/>  <!– TODO: Remove –>
    <bean id="authenticationService" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDao" />
        </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent" />
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponent" />
        </property>
    </bean>

    <!– The authentication component.                                      –>

    <!–bean id="AuthenticationComponent" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
        <property name="proxyInterfaces">
            <value>org.alfresco.repo.security.authentication.AuthenticationComponent</value>
        </property>
        <property name="transactionManager">
            <ref bean="transactionManager" />
        </property>
        <property name="target">
            <ref bean="authenticationComponent" />
        </property–>
        <!–property name="transactionAttributes">
            <props>
                <prop key="*">${server.transaction.mode.default}</prop>
            </props>
        </property–>
    <!–/bean–>
   
    <bean id="authenticationComponent" class="com.XXX.alfrescoprovider.auth.XXXAuthenticationComponentImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDao" />
        </property>
        <!–property name="authenticationManager">
            <ref bean="authenticationManager" />
        </property–>
        <property name="allowGuestLogin">
            <value>true</value>
        </property>
    </bean>

   
    <!– Simple Authentication component that rejects all authentication requests –>
    <!– Use this defintion for Novell IChain integration.                        –>
    <!– It should never go to the login screen  so this is not required          –>
   
    <!–
    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl">
        <property name="accept">
            <value>true</value>
        </property>   
    </bean>
    –>
   

    <!– The person service.                                                –>

    <bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl" init-method="init">
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="searchService">
            <ref bean="admSearchService" />
        </property>
        <property name="permissionServiceSPI">
            <ref bean="permissionServiceImpl" />
        </property>
        <property name="authorityService">
           <ref bean="authorityService" />
        </property>
        <property name="namespacePrefixResolver">
            <ref bean="namespaceService" />
        </property>
        <property name="policyComponent">
            <ref bean="policyComponent"/>
        </property>
        <property name="personCache">
            <ref bean="personCache" />
        </property>
        <!– Configurable properties.                                 –>
        <!–                                                          –>
        <!– TODO:                                                    –>
        <!– Add support for creating real home spaces adn setting    –>
        <!– permissions on the hame space and people created.        –>
        <!–                                                          –>
        <!– The store in which people are persisted.                 –>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <!– Some authentication mechanisms may need to create people –>
        <!– in the repository on demand. This enables that feature.  –>
        <!– If dsiabled an error will be generated for missing       –>
        <!– people. If enabled then a person will be created and     –>
        <!– persisted.                                               –>
        <!– Valid values are                                         –>
        <!–     ${server.transaction.allow-writes}                   –>
        <!–     false                                                –>
        <property name="createMissingPeople">
           <value>${server.transaction.allow-writes}</value>
        </property>
        <property name="userNamesAreCaseSensitive">
          <value>${user.name.caseSensitive}</value>
        </property>
        <!– New properties after 1.4.0 to deal with duplicate user ids when found –>
        <property name="processDuplicates">
            <value>true</value>
        </property>
        <!– one of:  LEAVE, SPLIT, DELETE –>
        <property name="duplicateMode">
            <value>SPLIT</value>
        </property>
        <property name="lastIsBest">
            <value>true</value>
        </property>
        <property name="includeAutoCreated">
            <value>false</value>
        </property>
    </bean>

    <bean name="homeFolderManager" class="org.alfresco.repo.security.person.HomeFolderManager">
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="policyComponent">
            <ref bean="policyComponent" />
        </property>
        <property name="defaultProvider">
            <ref bean="personalHomeFolderProvider" />
        </property>
    </bean>
   
    <bean name="companyHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
        <property name="serviceRegistry">
            <ref bean="ServiceRegistry" />
        </property>
        <property name="path">
           <value>/${spaces.company_home.childname}</value>
        </property>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <property name="homeFolderManager">
            <ref bean="homeFolderManager" />
        </property>
    </bean>
   
    <bean name="guestHomeFolderProvider" class="org.alfresco.repo.security.person.ExistingPathBasedHomeFolderProvider">
        <property name="serviceRegistry">
            <ref bean="ServiceRegistry" />
        </property>
        <property name="path">
           <value>/${spaces.company_home.childname}/${spaces.guest_home.childname}</value>
        </property>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <property name="homeFolderManager">
            <ref bean="homeFolderManager" />
        </property>
        <property name="userPemissions">
            <set>
                <value>Consumer</value>
            </set>
        </property>
    </bean>
   
    <bean name="bootstrapHomeFolderProvider" class="org.alfresco.repo.security.person.BootstrapHomeFolderProvider">
        <property name="homeFolderManager">
            <ref bean="homeFolderManager" />
        </property>
    </bean>
   
    <bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
        <property name="serviceRegistry">
            <ref bean="ServiceRegistry" />
        </property>
        <property name="path">
           <value>/${spaces.company_home.childname}</value>
        </property>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <property name="homeFolderManager">
            <ref bean="homeFolderManager" />
        </property>
        <property name="inheritsPermissionsOnCreate">
            <value>false</value>
        </property>
        <property name="ownerPemissionsToSetOnCreate">
            <set>
                <value>All</value>
            </set>
        </property>
        <property name="userPemissions">
            <set>
                <value>All</value>
            </set>
        </property>
    </bean>
   
    <bean name="userHomesHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
        <property name="serviceRegistry">
            <ref bean="ServiceRegistry" />
        </property>
        <property name="path">
           <value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value>
        </property>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <property name="homeFolderManager">
            <ref bean="homeFolderManager" />
        </property>
        <property name="inheritsPermissionsOnCreate">
            <value>false</value>
        </property>
        <property name="ownerPemissionsToSetOnCreate">
            <set>
                <value>All</value>
            </set>
        </property>
        <property name="userPemissions">
            <set>
                <value>All</value>
            </set>
        </property>
    </bean>
   
   
    <!– The ticket component.                                              –>
    <!– Used for reauthentication                                          –>
    <bean id="ticketComponent" class="org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl">
        <property name="ticketsCache">
            <ref bean="ticketsCache"/>
        </property>
        <!– The period for which tickets are valid in XML duration format. –>
        <!– The default is P1H for one hour.                               –>
        <property name="validDuration">
            <value>P1H</value>
        </property>
        <!– Do tickets expire or live for ever?                            –>
        <property name="ticketsExpire">
            <value>false</value>
        </property>
        <!– Are tickets only valid for a single use?                       –>
        <property name="oneOff">
            <value>false</value>
        </property>
    </bean>
</beans>
Voilà, je suis coincé et je tourne en rond là…
Pour infos, l'initialisation de mon module je l'ai mise en statique dans la classe qui implémente AbstractAuthenticationComponent (sinon Alfresco crash quand il essaye d'initialiser ses services, vu qu'il le fait avant les modules), et ça fonctionne (même si c'est pas idéal); et mon component est très simple.
PS: j'ai volontairement masqué les noms de la société et du produit par XXX, mais la classe est bien trouvée et instanciée (à priori, pas d'erreurs de ce côté là, et mon module est bien chargé juste avant d'avoir les erreurs ci-dessus).

Outcomes