Uploaded image for project: 'Activiti'
  1. Activiti
  2. ACTIVITI-499

Fallback db user login (admin) fails if the centralized user data store is not reachable.

    Details

    • Type: Bug
    • Status: Done (View Workflow)
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: Alfresco Activiti 1.5.0, Alfresco Activiti 1.5.2.1
    • Fix Version/s: APS 1.6.1
    • Component/s: Kickstart/Studio
    • Labels:
      None
    • ACT Numbers:

      00818406

    • Sprint:
      Sprint1, Docs Sprint 18, Sprint2, Sprint3

      Description

      Summary

      With external identity management (ldap/ad) enabled and fallback to db authentication is enabled, if the centralized user data store is not reachable, and you try to login with the admin@app.activiti.com user (or other db user), application fails to login.

      Steps to Replicate

      • install with ldap/ad synchronization/authentication (activiti-ldap.properties) with ldap.allow.database.authenticaion.fallback=true
      • startup application, test login with both ldap/ad user and admin@app.activiti.com
      • shut down ldap/ad
      • refresh browser try to login with admin@app.activiti.com

      Expected Behaviour

      • If the fallback is enabled on a external auth configured install, if the centralized user data store is not reachable, the database users should still be able to login

      Actual Behavior

      • If the fallback is enabled on an external auth configured install, if the centralized user data store is not reachable, the database users can not login
      09:36:02,774 [http-nio-9999-exec-5] DEBUG com.activiti.web.CustomUsernamePasswordAuthenticationFilter  - Request is to process authentication
      09:37:18,255 [http-nio-9999-exec-5] ERROR com.activiti.web.CustomUsernamePasswordAuthenticationFilter  - An internal error occurred while trying to authenticate the user.
      org.springframework.security.authentication.InternalAuthenticationServiceException: 172.16.190.173:389; nested exception is javax.naming.CommunicationException: 172.16.190.173:389 [Root exception is java.net.ConnectException: Operation timed out]
      	at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:207)
      	at com.activti.idm.ldap.auth.ActivitiLdapAuthenticationProvider.authenticate(ActivitiLdapAuthenticationProvider.java:78)
      	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
      	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:192)
      	at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:93)
      	at com.activiti.web.CustomUsernamePasswordAuthenticationFilter.attemptAuthentication(CustomUsernamePasswordAuthenticationFilter.java:33)
      	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
      	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
      	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
      	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
      	at com.activiti.security.CustomStatelessCSRFFilter.doFilterInternal(CustomStatelessCSRFFilter.java:68)
      	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
      	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
      	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
      	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
      	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
      	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
      	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
      	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
      	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
      	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
      	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
      	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
      	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:528)
      	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1099)
      	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
      	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1520)
      	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1476)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: org.springframework.ldap.CommunicationException: 172.16.190.173:389; nested exception is javax.naming.CommunicationException: 172.16.190.173:389 [Root exception is java.net.ConnectException: Operation timed out]
      	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)
      	at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356)
      	at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:140)
      	at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:159)
      	at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)
      	at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:316)
      	at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:126)
      	at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:94)
      	at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:189)
      	... 41 more
      Caused by: javax.naming.CommunicationException: 172.16.190.173:389 [Root exception is java.net.ConnectException: Operation timed out]
      	at com.sun.jndi.ldap.Connection.<init>(Connection.java:226)
      	at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
      	at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614)
      	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
      	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
      	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
      	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
      	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
      	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
      	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
      	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
      	at javax.naming.InitialContext.init(InitialContext.java:244)
      	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
      	at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42)
      	at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:344)
      	... 48 more
      Caused by: java.net.ConnectException: Operation timed out
      	at java.net.PlainSocketImpl.socketConnect(Native Method)
      	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
      	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
      	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
      	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
      	at java.net.Socket.connect(Socket.java:589)
      	at java.net.Socket.connect(Socket.java:538)
      	at java.net.Socket.<init>(Socket.java:434)
      	at java.net.Socket.<init>(Socket.java:211)
      	at com.sun.jndi.ldap.Connection.createSocket(Connection.java:363)
      	at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
      	... 62 more
      09:37:18,284 [http-nio-9999-exec-5] DEBUG com.activiti.web.CustomUsernamePasswordAuthenticationFilter  - Authentication request failed: org.springframework.security.authentication.InternalAuthenticationServiceException: 172.16.190.173:389; nested exception is javax.naming.CommunicationException: 172.16.190.173:389 [Root exception is java.net.ConnectException: Operation timed out]
      09:37:18,285 [http-nio-9999-exec-5] DEBUG com.activiti.web.CustomUsernamePasswordAuthenticationFilter  - Updated SecurityContextHolder to contain null Authentication
      09:37:18,285 [http-nio-9999-exec-5] DEBUG com.activiti.web.CustomUsernamePasswordAuthenticationFilter  - Delegating to authentication failure handler com.activiti.security.AjaxAuthenticationFailureHandler@7678907d
      09:37:18,285 [http-nio-9999-exec-5] DEBUG com.activiti.security.CustomPersistentRememberMeServices  - Interactive login attempt was unsuccessful.
      09:37:18,285 [http-nio-9999-exec-5] DEBUG com.activiti.security.CustomPersistentRememberMeServices  - Cancelling cookie
      

        TestRail: Results

          Attachments

            Issue Links

              Structure

                Activity

                  People

                  • Assignee:
                    ssaiyed Sohel Saiyed
                    Reporter:
                    jsoria Jennie Soria [X] (Inactive)
                  • Votes:
                    2 Vote for this issue
                    Watchers:
                    9 Start watching this issue

                    Dates

                    • Created:
                      Updated:

                      TestRail: Cases

                        Structure Helper Panel