Hi Ate,
First of all thank you for your reply. This is the stack trace I receive when
our custom Filter has wrapped the request with a constructed Principal:
2008-08-21 07:29:24,353 [http-8080-Processor23] ERROR
org.apache.jetspeed.profiler.impl.ProfilerValveImpl - Specified path /home.psml
not found or viewable/visible.
org.apache.jetspeed.page.document.NodeNotFoundException: Specified path
/home.psml not found or viewable/visible.
at
org.apache.jetspeed.portalsite.view.SiteView.getNodeProxy(SiteView.java:771)
at
org.apache.jetspeed.portalsite.impl.PortalSiteSessionContextImpl.selectRequestPage(PortalSiteSessionContextImpl.java:437)
at
org.apache.jetspeed.portalsite.impl.PortalSiteSessionContextImpl.selectRequestPage(PortalSiteSessionContextImpl.java:228)
at
org.apache.jetspeed.portalsite.impl.PortalSiteRequestContextImpl.getPage(PortalSiteRequestContextImpl.java:213)
at
org.apache.jetspeed.portalsite.impl.PortalSiteRequestContextImpl.getManagedPage(PortalSiteRequestContextImpl.java:196)
at
org.apache.jetspeed.profiler.impl.ProfilerValveImpl.invoke(ProfilerValveImpl.java:241)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.security.impl.LoginValidationValveImpl.invoke(LoginValidationValveImpl.java:159)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.security.impl.PasswordCredentialValveImpl.invoke(PasswordCredentialValveImpl.java:150)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.localization.impl.LocalizationValveImpl.invoke(LocalizationValveImpl.java:170)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.security.impl.AbstractSecurityValve$1.run(AbstractSecurityValve.java:138)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:454)
at
org.apache.jetspeed.security.JSSubject.doAsPrivileged(JSSubject.java:179)
at
org.apache.jetspeed.security.impl.AbstractSecurityValve.invoke(AbstractSecurityValve.java:132)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.container.url.impl.PortalURLValveImpl.invoke(PortalURLValveImpl.java:67)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.capabilities.impl.CapabilityValveImpl.invoke(CapabilityValveImpl.java:126)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.pipeline.JetspeedPipeline.invoke(JetspeedPipeline.java:146)
at
org.apache.jetspeed.engine.JetspeedEngine.service(JetspeedEngine.java:227)
at
org.apache.jetspeed.engine.JetspeedServlet.doGet(JetspeedServlet.java:242)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
org.apache.jetspeed.engine.servlet.XXSUrlAttackFilter.doFilter(XXSUrlAttackFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
nl.sdu.security.http.IntegratedLogOnFilter.doFilter(IntegratedLogOnFilter.java:61)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:595)
I will follow up on your lead and look into PortalFilter class you mentioned.
Besides that I'll debug my way into the pipeline and valves to try see what is
causing this exception.
Thx, Æde
> Date: Thu, 21 Aug 2008 03:06:33 +0200
> From: [EMAIL PROTECTED]
> To: [email protected]
> Subject: Re: Jetspeed in SSO environment
>
> Hi Æde,
>
> First of all, without the error stack trace you've mentioned below it is
> difficult to assess the problem(s) you are
> encountering.
>
> In general, it seems you've already followed (most of) the right steps to get
> your SSO integration working.
> If you will need a custom SecurityValve depends on your requirements but on
> the first outset I would think not.
> For NTLM its custom SecurityValve is used to allow *both* NTLM and "normal"
> authentication (as fallback).
> In your case though it looks like you only need/depend on the external SSO
> system for authentication and then you might
> just need a custom/extended PortalFilter for initializing your own Subject.
> If you have written your own Filter not based upon or extended from
> PortalFilter please take a look at the PortalFilter
> class because it already contains most if not all the required features you
> might need.
>
> Regards,
>
> Ate
>
> Æde van der Weij wrote:
> > Hi all,
> >
> > I'm working on a project where the Jetspeed Portal needs to be integrated
> > with a Liberty compliant Single Sign on Implementation. It provides two
> > methods:
> > * let a (Apache) server authenticate and validate request and reverse proxy
> > the request to Jetspeed,
> > * or let your Jetspeed validate the request.
> >
> > In the first scenario there a request header is added with information
> > about the user (userid, username and roles). In the second case you have to
> > take care of that you self. We've choosen the first option to start with,
> > so we can rely on every request to be from an authenticated user. The
> > second one can always be implemented....
> >
> > We borrowed some of the concepts that are used for the NTLM Authentication
> > (http://portals.apache.org/jetspeed-2/guides/guide-ntlm.html). A custom
> > Filter extracts the user information from the request header, wraps the
> > orginal request with a custom RequestWrapper and provides it with a newly
> > constructed Principle if the necessary information can be extracted. We can
> > see that the wrapped request is propogated to the portlets when we provided
> > a header with some bogus value. A bogus value results in an empty (null)
> > Principal. When we provide a valid value and a Principal can be constructed
> > an exception somewhere in the pipeline is the result. I don't have the
> > exact stacktrace at hand at this moment, but can provide it later on when
> > requested.
> >
> > The NTLM has its own SecurityValve implementation and that's probably what
> > we need to create ourselves. Unless the default implementation can be
> > tweaked to deal with our Principal. This should be possible with the Spring
> > configuration files, but I don't know where to start...
> >
> > Is there some one out there who has experience with this type of thing and
> > give some pointers? I've seen the Single Sign On concept of authenticating,
> > validating and enriching the request at other implementations. This should
> > not be a too unique situation? Any help is greatly appreciated!
> >
> > Regards,
> > Æde
> >
> >
> > _________________________________________________________________
> > Express yourself instantly with MSN Messenger! Download today it's FREE!
> > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
