AnsweredAssumed Answered

Login problem: The security token could not be authenticated

Question asked by fluca1978 on Mar 28, 2011
Latest reply on Jan 30, 2014 by scouil
Hi all,
I'm using a web service to manage documents in an Alfresco share. The application uses JSF and there is a component (a singleton) that manages the access to the repository, so that different users are all going thru the same component instance to access the share. Such component performs an authentication as follows:


public final synchronized boolean authenticate() throws SmanicoAuthException {
      try{

         if( AuthenticationUtils.getTicket() == null || AuthenticationUtils.isCurrentTicketTimedOut() ){
            WebServiceFactory.setEndpointAddress( configuration.getEndPointAddress() );
            AuthenticationUtils.startSession( configuration.getUsername(),
                  configuration.getPassword()
            );

         }
         return  ! AuthenticationUtils.isCurrentTicketTimedOut();

      }catch( AuthenticationFault af ){
                     af.printStackTrace();
      }
   }

So the authenticate method checks if there's already a valid ticket, and if not creates one and then the component can access the repository. The problem is that sometimes I get an error from the application that is unable to access the repository with such ticket:


org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized
        at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:150)
        at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:53)
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)
        at org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:159)
        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
        at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454)
        at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
        at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
        at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
        at java.lang.Thread.run(Thread.java:619)


I don't understand why the ticket is not valid, and I'd like to know how to fix programmatically such problem. Could passing a timeout to the startSessione method solve the problem? Any suggestion?
Could it be a critical race (e.g., two users accessing the share at the same time)?


Thanks.

Outcomes