Active Directory Plugin not working in multi domain environment

Issue #569 resolved
david smith
created an issue

I’m having trouble with getting the active directory plugin working in our multi domain environment.

I can successfully authenticate users that are in the default domain but if I enter a username with a domain prefix (including the default domain prefix) authentication fails.

Trace log shows the following error:

18:52:53.664 [qtp911504564-21] TRACE sonia.scm.security.ConfigurableLoginAttemptHandler - LoginAttemptHandler is disabled
18:52:53.664 [qtp911504564-21] TRACE sonia.scm.web.security.ChainAuthenticatonManager - no authentication result for user corporate\JoeBloggs found in cache
18:52:53.664 [qtp911504564-21] TRACE sonia.scm.web.security.ChainAuthenticatonManager - start authentication chain for user corporate\JoeBloggs
18:52:53.664 [qtp911504564-21] TRACE sonia.scm.web.security.ChainAuthenticatonManager - check authenticator class sonia.scm.web.security.DefaultAuthenticationHandler for user corporate\JoeBloggs
18:52:53.664 [qtp911504564-21] DEBUG sonia.scm.web.security.DefaultAuthenticationHandler - could not find user corporate\JoeBloggs
18:52:53.664 [qtp911504564-21] DEBUG sonia.scm.web.security.ChainAuthenticatonManager - authenticator sonia.scm.web.security.DefaultAuthenticationHandler ends with result, user: null, state: NOT_FOUND
18:52:53.664 [qtp911504564-21] TRACE sonia.scm.web.security.ChainAuthenticatonManager - check authenticator class sonia.scm.activedirectory.auth.ActiveDirectoryAuthenticationHandler for user corporate\JoeBloggs
18:52:53.679 [qtp911504564-21] TRACE sonia.scm.api.rest.resources.AuthenticationResource - authentication failed for user corporate\JoeBloggs
org.apache.shiro.authc.AuthenticationException: Authentication failed for token submission [org.apache.shiro.authc.UsernamePasswordToken - corporate\JoeBloggs, rememberMe=false (127.0.0.1)].  Possible unexpected error? (Typical or expected login exceptions should extend from AuthenticationException).
    at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:214) ~[shiro-core-1.2.3.jar:1.2.3]
    at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) ~[shiro-core-1.2.3.jar:1.2.3]
    at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:270) ~[shiro-core-1.2.3.jar:1.2.3]
    at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) [shiro-core-1.2.3.jar:1.2.3]
    at sonia.scm.api.rest.resources.AuthenticationResource.authenticate(AuthenticationResource.java:188) ~[classes/:na]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_55]
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[na:1.7.0_55]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:1.7.0_55]
    at java.lang.reflect.Method.invoke(Unknown Source) ~[na:1.7.0_55]
    at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) [jersey-bundle-1.18.1.jar:1.18.1]
    at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:205) [jersey-bundle-1.18.1.jar:1.18.1]
    at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) [jersey-bundle-1.18.1.jar:1.18.1]
    at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) [jersey-bundle-1.18.1.jar:1.18.1]
    at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) [jersey-bundle-1.18.1.jar:1.18.1]
    at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) [jersey-bundle-1.18.1.jar:1.18.1]
    at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) [jersey-bundle-1.18.1.jar:1.18.1]
    at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) [jersey-bundle-1.18.1.jar:1.18.1]
    at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542) [jersey-bundle-1.18.1.jar:1.18.1]
    at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473) [jersey-bundle-1.18.1.jar:1.18.1]
    at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419) [jersey-bundle-1.18.1.jar:1.18.1]
    at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409) [jersey-bundle-1.18.1.jar:1.18.1]
    at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409) [jersey-bundle-1.18.1.jar:1.18.1]
    at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:540) [jersey-bundle-1.18.1.jar:1.18.1]
    at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:715) [jersey-bundle-1.18.1.jar:1.18.1]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) [javax.servlet-2.5.0.v201103041518.jar:na]
    at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:263) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:178) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:62) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at sonia.scm.filter.SecurityFilter.doFilter(SecurityFilter.java:129) [classes/:na]
    at sonia.scm.web.filter.HttpFilter.doFilter(HttpFilter.java:102) [scm-core-1.36.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at sonia.scm.web.security.ApiBasicAuthenticationFilter.doFilter(ApiBasicAuthenticationFilter.java:112) [classes/:na]
    at sonia.scm.web.filter.HttpFilter.doFilter(HttpFilter.java:102) [scm-core-1.36.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at sonia.scm.filter.GZipFilter.doFilter(GZipFilter.java:112) [scm-core-1.36.jar:na]
    at sonia.scm.web.filter.HttpFilter.doFilter(HttpFilter.java:102) [scm-core-1.36.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at sonia.scm.web.filter.AutoLoginFilter.doFilter(AutoLoginFilter.java:85) [scm-core-1.36.jar:na]
    at sonia.scm.web.filter.HttpFilter.doFilter(HttpFilter.java:102) [scm-core-1.36.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at sonia.scm.filter.BaseUrlFilter.doFilter(BaseUrlFilter.java:117) [classes/:na]
    at sonia.scm.web.filter.HttpFilter.doFilter(HttpFilter.java:102) [scm-core-1.36.jar:na]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [shiro-web-1.2.3.jar:1.2.3]
    at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [shiro-web-1.2.3.jar:1.2.3]
    at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [shiro-core-1.2.3.jar:1.2.3]
    at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [shiro-core-1.2.3.jar:1.2.3]
    at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) [shiro-core-1.2.3.jar:1.2.3]
    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [shiro-web-1.2.3.jar:1.2.3]
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.2.3.jar:1.2.3]
    at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118) [guice-servlet-3.0.jar:na]
    at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113) [guice-servlet-3.0.jar:na]
    at sonia.scm.boot.BootstrapFilter.doFilter(BootstrapFilter.java:104) [classes/:na]
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1288) [jetty-servlet-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:443) [jetty-servlet-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) [jetty-server-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:556) [jetty-security-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227) [jetty-server-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1044) [jetty-server-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:372) [jetty-servlet-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:189) [jetty-server-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:978) [jetty-server-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) [jetty-server-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154) [jetty-server-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) [jetty-server-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.server.Server.handle(Server.java:369) [jetty-server-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:486) [jetty-server-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:944) [jetty-server-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1005) [jetty-server-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865) [jetty-http-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240) [jetty-http-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) [jetty-server-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:667) [jetty-io-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) [jetty-io-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) [jetty-util-7.6.14.v20131031.jar:7.6.14.v20131031]
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) [jetty-util-7.6.14.v20131031.jar:7.6.14.v20131031]
    at java.lang.Thread.run(Unknown Source) [na:1.7.0_55]
Caused by: java.lang.NoSuchMethodError: sonia.scm.util.Util.nonNull(Ljava/lang/String;)Ljava/lang/String;
    at sonia.scm.activedirectory.auth.ActiveDirectoryAuthenticationHandler.authenticate(ActiveDirectoryAuthenticationHandler.java:285) ~[scm-activedirectory-auth-plugin-1.8.jar:na]
    at sonia.scm.activedirectory.auth.ActiveDirectoryAuthenticationHandler.authenticate(ActiveDirectoryAuthenticationHandler.java:115) ~[scm-activedirectory-auth-plugin-1.8.jar:na]
    at sonia.scm.web.security.ChainAuthenticatonManager.doAuthentication(ChainAuthenticatonManager.java:254) ~[classes/:na]
    at sonia.scm.web.security.ChainAuthenticatonManager.authenticate(ChainAuthenticatonManager.java:151) ~[classes/:na]
    at sonia.scm.security.ScmRealm.doGetAuthenticationInfo(ScmRealm.java:180) ~[classes/:na]
    at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568) ~[shiro-core-1.2.3.jar:1.2.3]
    at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180) ~[shiro-core-1.2.3.jar:1.2.3]
    at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267) ~[shiro-core-1.2.3.jar:1.2.3]
    at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) ~[shiro-core-1.2.3.jar:1.2.3]
    ... 110 common frames omitted

Comments (6)

  1. david smith reporter
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <classpath>
        <path>\sonia\scm\plugins\scm-activity-plugin\1.11\scm-activity-plugin-1.11.jar</path>
        <path>\net\java\dev\rome\rome\1.0.0\rome-1.0.0.jar</path>
        <path>\jdom\jdom\1.0\jdom-1.0.jar</path>
        <path>\sonia\scm\plugins\scm-activedirectory-auth-plugin\1.8\scm-activedirectory-auth-plugin-1.8.jar</path>
        <path>\org\jvnet\com4j\typelibs\ado20\1.0\ado20-1.0.jar</path>
        <path>\org\jvnet\com4j\typelibs\active-directory\1.0\active-directory-1.0.jar</path>
        <path>\org\jvnet\com4j\com4j\20120426-2\com4j-20120426-2.jar</path>
    </classpath>
    
  2. david smith reporter

    Fixed!

    I can now enter a domain prefix and users are successfully authenticated.

    I've got to say i'm really impressed with how quickly you turned this around.

    Excellent work!

  3. Log in to comment