Problems with Shiro (ldap:) and Aries JNDI

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Problems with Shiro (ldap:) and Aries JNDI

Bengt Rodehav
I've encountered a problem using Aries JNDI under Karaf. I've sent messages to both the Shiro and the Aries mailing list. No response on the Aries mailing list but Jared (on the Shiro list) pointed out that there seem to be a similar problem in Karaf's JIRA (which is fixed). I therefore try the Karaf mailing list as well.


That JIRA is about problems with the "rmi:" protocol with Aries JNDI. I have problems with the "ldap:" protocol.

I'm Using Apache Shiro 1.1.0 running in Apache Karaf 2.2.4 (with Felix). I also use Apache Aries for JPA, blueprint and transaction support. I use Aries JNDI 0.3.0.

Shiro is unable to get an InitialContext. Shiro calls into the standard JRE methods that in turn call Aries JNDI (I don't know why). I get the following stack trace:

org.apache.shiro.authc.AuthenticationException: LDAP naming error while attempting to authenticate user.
at org.apache.shiro.realm.ldap.AbstractLdapRealm.doGetAuthenticationInfo(AbstractLdapRealm.java:196)[119:org.apache.shiro.core:1.1.0]
at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:175)[119:org.apache.shiro.core:1.1.0]
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:179)[119:org.apache.shiro.core:1.1.0]
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:264)[119:org.apache.shiro.core:1.1.0]
at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)[119:org.apache.shiro.core:1.1.0]
at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)[119:org.apache.shiro.core:1.1.0]
at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:269)[119:org.apache.shiro.core:1.1.0]
at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:247)[119:org.apache.shiro.core:1.1.0]
at se.digia.skistory.web.SessionHandler.doLogin(SessionHandler.java:57)[122:se.digia.skistory.web:1.0.0.SNAPSHOT]
at se.digia.skistory.web.SessionHandler.handle(SessionHandler.java:34)[122:se.digia.skistory.web:1.0.0.SNAPSHOT]
at se.digia.skistory.web.HistoryServlet.doPost(HistoryServlet.java:96)[122:se.digia.skistory.web:1.0.0.SNAPSHOT]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)[94:org.apache.geronimo.specs.geronimo-servlet_3.0_spec:1.0]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)[94:org.apache.geronimo.specs.geronimo-servlet_3.0_spec:1.0]
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:538)[63:org.eclipse.jetty.servlet:7.4.5.v20110725]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1352)[63:org.eclipse.jetty.servlet:7.4.5.v20110725]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:74)[121:org.apache.shiro.web:1.1.0]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)[63:org.eclipse.jetty.servlet:7.4.5.v20110725]
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:359)[121:org.apache.shiro.web:1.1.0]
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:275)[121:org.apache.shiro.web:1.1.0]
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)[119:org.apache.shiro.core:1.1.0]
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)[119:org.apache.shiro.core:1.1.0]
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:344)[119:org.apache.shiro.core:1.1.0]
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:272)[121:org.apache.shiro.web:1.1.0]
at se.digia.skistory.web.security.IniFilter.doFilterInternal(IniFilter.java:59)[122:se.digia.skistory.web:1.0.0.SNAPSHOT]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:81)[121:org.apache.shiro.web:1.1.0]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)[63:org.eclipse.jetty.servlet:7.4.5.v20110725]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:476)[63:org.eclipse.jetty.servlet:7.4.5.v20110725]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:70)[72:org.ops4j.pax.web.pax-web-jetty:1.0.7]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)[61:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:517)[62:org.eclipse.jetty.security:7.4.5.v20110725]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)[61:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937)[61:org.eclipse.jetty.server:7.4.5.v20110725]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:116)[72:org.ops4j.pax.web.pax-web-jetty:1.0.7]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)[63:org.eclipse.jetty.servlet:7.4.5.v20110725]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)[61:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871)[61:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)[61:org.eclipse.jetty.server:7.4.5.v20110725]
at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:72)[72:org.ops4j.pax.web.pax-web-jetty:1.0.7]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)[61:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.Server.handle(Server.java:342)[61:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)[61:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1065)[61:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:823)[57:org.eclipse.jetty.http:7.4.5.v20110725]
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:220)[57:org.eclipse.jetty.http:7.4.5.v20110725]
at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)[61:org.eclipse.jetty.server:7.4.5.v20110725]
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)[56:org.eclipse.jetty.io:7.4.5.v20110725]
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)[56:org.eclipse.jetty.io:7.4.5.v20110725]
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)[55:org.eclipse.jetty.util:7.4.5.v20110725]
at java.lang.Thread.run(Thread.java:662)[:1.6.0_25]
Caused by: javax.naming.NoInitialContextException: Unable to determine caller's BundleContext
at org.apache.aries.jndi.OSGiInitialContextFactoryBuilder.getInitialContext(OSGiInitialContextFactoryBuilder.java:49)[107:org.apache.aries.jndi.core:0.3.0]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)[:1.6.0_25]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)[:1.6.0_25]
at javax.naming.InitialContext.init(InitialContext.java:223)[:1.6.0_25]
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)[:1.6.0_25]
at org.apache.shiro.realm.ldap.DefaultLdapContextFactory.getLdapContext(DefaultLdapContextFactory.java:257)[119:org.apache.shiro.core:1.1.0]
at org.apache.shiro.realm.ldap.DefaultLdapContextFactory.getLdapContext(DefaultLdapContextFactory.java:221)[119:org.apache.shiro.core:1.1.0]
at org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm.queryForAuthenticationInfo(ActiveDirectoryRealm.java:108)[119:org.apache.shiro.core:1.1.0]
at org.apache.shiro.realm.ldap.AbstractLdapRealm.doGetAuthenticationInfo(AbstractLdapRealm.java:191)[119:org.apache.shiro.core:1.1.0]
... 48 more

While searching for a resolution I found the following:


It sounds like a similar problem but I can't see how (or if) it was resolved. I now set the TTCL before calling Shiro's login method. This works as a workaround but I don't think that should be necessary.

Is this a problem that can be fixed in Karaf or is it an Aries JNDI problem? Any help (or information) is appreciated,

/Bengt