Details
-
Bug
-
Status: Closed
-
High
-
Resolution: Fixed
-
3.2.0
-
None
-
1
-
Flagged
-
Platform Sprint 140
Description
External authentication through for example LDAP may require loading specific classes like a socketFactory class.
The loading of such classes should be done through a classloader context of the repository itself (e.g. cms.war or repository.war).
Currently this is not enforced though, which can cause a ClassNotFoundException when a login is invoked from the ChannelManager which executes from the site context:
[INFO] [talledLocalContainer] javax.naming.CommunicationException: Loading the socket factory [Root exception is java.lang.ClassNotFoundException: org.hippoecm.repository.security.ldap.TestSocketFactory] [INFO] [talledLocalContainer] at com.sun.jndi.ldap.LdapPoolManager.isPoolingAllowed(LdapPoolManager.java:247) [INFO] [talledLocalContainer] at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1603) [INFO] [talledLocalContainer] at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746) [INFO] [talledLocalContainer] at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) [INFO] [talledLocalContainer] at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) [INFO] [talledLocalContainer] at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) [INFO] [talledLocalContainer] at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) [INFO] [talledLocalContainer] at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) [INFO] [talledLocalContainer] at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [INFO] [talledLocalContainer] at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) [INFO] [talledLocalContainer] at javax.naming.InitialContext.init(InitialContext.java:244) [INFO] [talledLocalContainer] at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) [INFO] [talledLocalContainer] at org.hippoecm.repository.security.ldap.LdapContextFactory.getLdapContext(LdapContextFactory.java:240) [INFO] [talledLocalContainer] at org.hippoecm.repository.security.ldap.LdapContextFactory.getSystemLdapContext(LdapContextFactory.java:194) [INFO] [talledLocalContainer] at org.hippoecm.repository.security.ldap.LdapUserManager.getDnForUser(LdapUserManager.java:330) [INFO] [talledLocalContainer] at org.hippoecm.repository.security.ldap.LdapUserManager.authenticate(LdapUserManager.java:123) [INFO] [talledLocalContainer] at org.hippoecm.repository.security.SecurityManager.authenticate(SecurityManager.java:291) [INFO] [talledLocalContainer] at org.hippoecm.repository.security.HippoLoginModule.login(HippoLoginModule.java:146) [INFO] [talledLocalContainer] at org.apache.jackrabbit.core.security.authentication.LocalAuthContext.login(LocalAuthContext.java:86) [INFO] [talledLocalContainer] at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1537) [INFO] [talledLocalContainer] at org.hippoecm.repository.impl.RepositoryDecorator.login(RepositoryDecorator.java:75) [INFO] [talledLocalContainer] at org.hippoecm.repository.HippoRepositoryImpl.login(HippoRepositoryImpl.java:106) [INFO] [talledLocalContainer] at org.hippoecm.repository.HippoRepositoryImpl.login(HippoRepositoryImpl.java:118) [INFO] [talledLocalContainer] at org.hippoecm.hst.core.jcr.pool.JcrHippoRepository.login(JcrHippoRepository.java:205) [INFO] [talledLocalContainer] at org.hippoecm.hst.cmsrest.container.CmsRestSecurityValve.invoke(CmsRestSecurityValve.java:89)
To fix this, and other similar use-cases, the Repository.login() method needs to temporarily set the current thread ContextClassLoader upon invocation.
