Uploaded image for project: '[Read Only] - Hippo Repository'
  1. [Read Only] - Hippo Repository
  2. REPO-1589

Repository login relying on external context (e.g. LDAP) can fail when invoked across classloaders

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 3.2.0
    • Fix Version/s: 4.1.0
    • Component/s: None
    • Similar issues:
    • Story Points:
      1
    • Flagged:
      Flagged
    • Processed by team:
      Pulsar
    • Sprint:
      Platform Sprint 140

      Description

      External authentication through for example LDAP may require loading specific classes like a socketFactory class.
      The loading of such classes should be done through a classloader context of the repository itself (e.g. cms.war or repository.war).

      Currently this is not enforced though, which can cause a ClassNotFoundException when a login is invoked from the ChannelManager which executes from the site context:

      [INFO] [talledLocalContainer] javax.naming.CommunicationException: Loading the socket factory [Root exception is java.lang.ClassNotFoundException: org.hippoecm.repository.security.ldap.TestSocketFactory]
      [INFO] [talledLocalContainer]   at com.sun.jndi.ldap.LdapPoolManager.isPoolingAllowed(LdapPoolManager.java:247)
      [INFO] [talledLocalContainer]   at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1603)
      [INFO] [talledLocalContainer]   at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
      [INFO] [talledLocalContainer]   at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
      [INFO] [talledLocalContainer]   at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
      [INFO] [talledLocalContainer]   at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
      [INFO] [talledLocalContainer]   at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
      [INFO] [talledLocalContainer]   at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
      [INFO] [talledLocalContainer]   at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
      [INFO] [talledLocalContainer]   at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
      [INFO] [talledLocalContainer]   at javax.naming.InitialContext.init(InitialContext.java:244)
      [INFO] [talledLocalContainer]   at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
      [INFO] [talledLocalContainer]   at org.hippoecm.repository.security.ldap.LdapContextFactory.getLdapContext(LdapContextFactory.java:240)
      [INFO] [talledLocalContainer]   at org.hippoecm.repository.security.ldap.LdapContextFactory.getSystemLdapContext(LdapContextFactory.java:194)
      [INFO] [talledLocalContainer]   at org.hippoecm.repository.security.ldap.LdapUserManager.getDnForUser(LdapUserManager.java:330)
      [INFO] [talledLocalContainer]   at org.hippoecm.repository.security.ldap.LdapUserManager.authenticate(LdapUserManager.java:123)
      [INFO] [talledLocalContainer]   at org.hippoecm.repository.security.SecurityManager.authenticate(SecurityManager.java:291)
      [INFO] [talledLocalContainer]   at org.hippoecm.repository.security.HippoLoginModule.login(HippoLoginModule.java:146)
      [INFO] [talledLocalContainer]   at org.apache.jackrabbit.core.security.authentication.LocalAuthContext.login(LocalAuthContext.java:86)
      [INFO] [talledLocalContainer]   at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1537)
      [INFO] [talledLocalContainer]   at org.hippoecm.repository.impl.RepositoryDecorator.login(RepositoryDecorator.java:75)
      [INFO] [talledLocalContainer]   at org.hippoecm.repository.HippoRepositoryImpl.login(HippoRepositoryImpl.java:106)
      [INFO] [talledLocalContainer]   at org.hippoecm.repository.HippoRepositoryImpl.login(HippoRepositoryImpl.java:118)
      [INFO] [talledLocalContainer]   at org.hippoecm.hst.core.jcr.pool.JcrHippoRepository.login(JcrHippoRepository.java:205)
      [INFO] [talledLocalContainer]   at org.hippoecm.hst.cmsrest.container.CmsRestSecurityValve.invoke(CmsRestSecurityValve.java:89)
      

      To fix this, and other similar use-cases, the Repository.login() method needs to temporarily set the current thread ContextClassLoader upon invocation.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                adouma Ate Douma
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: