I have exactly the same issue since 5 days, Impossible to import Users and group from OpenLDAP to Liferay CE 6.1 ...
Here the structure of my OpenLDAP :
World
--tn
----com
------domain
--------admin
--------Computers
--------domain
--------Groups
----------IT
------------cn
------------gidNumber
------------objectClass
------------memberUid (n member)
--------Users
----------uid0001
------------cn
------------gidNumber
------------homeDirectory
------------objectClass
------------sn
------------uid
------------uidNumber
------------givenName
------------loginShell
------------userPassword
And here is my portal-ext.porperties file :
## LDAP Server Settings
ldap.base.provider.url=ldap://controller.domain.com.tn:389
ldap.base.dn=DC=domain,DC=com,DC=tn
# authentication
ldap.security.principal=cn=admin,dc=domain,dc=com,dc=tn
ldap.security.credentials=My Password !
# search from this point in the tree
ldap.users.dn=DC=domain,DC=com,DC=tn
# You can write your own class that implements
# com.liferay.portal.security.ldap.AttributesTransformer to transform the
# LDAP attributes before a user or group is imported to the LDAP store.
ldap.attrs.transformer.impl=com.liferay.portal.security.ldap.DefaultAttributesTransformer
# standard mappings, must be present in LDAP or we get an exception
#ldap.user.mappings=screenName=cn\npassword=userPassword\nemailAddress=\nfirstName=givenName\nlastName=sn\njobTitle=\ngroup=
ldap.user.mappings=screenName=cn\npassword=userPassword\nfirstName=givenName\nlastName=sn\njobTitle=title\ngroup=groupMembership\nemailAddress=uid
ldap.auth.search.filter=(mail=#user_id#)
ldap.import.user.search.filter=(objectClass=inetOrgPerson)
## Import, users can be imported on demand at login or at startup and at regular intervals.
ldap.import.enabled=true
ldap.import.interval=360
ldap.import.on.startup=true
ldap.export.enabled=false
ldap.user.default.object.classes=inetOrgPerson,organizationalPerson
## Custom Mappings, same format as ldap.user.mappings
##Commented by ME : ldap.user.custom.mappings=nickname=mailNickname\ndisplay=cn
## Added from this link : http://www.liferay.com/community/forums/-/message_boards/message/5681334
users.screen.name.validator=com.liferay.portal.security.auth.LiberalScreenNameValidator
users.screen.name.allow.numeric=true
##added from this link : http://issues.liferay.com/browse/LPS-14519
users.screen.name.always.autogenerate=true
##added from this link : http://vkbardia.blogspot.com/2012/05/liferay-authentication-fails-for-screen.html?showComment=1345199625453#c3592789922325172023
users.email.address.required= false
#Groups
ldap.group.mappings=groupName=cn\ndescription=description\nuser=memberUid
ldap.import.create.role.per.group=false
PS : I don't have an email field for my users that's why I want them to login with their UID.
PS : When running in eclipse I got this :
13:35:47,450 ERROR [PortalLDAPImporterImpl:196] Error importing LDAP users and groups
java.lang.NullPointerException
at com.liferay.portal.kernel.io.unsync.UnsyncStringReader.<init>(UnsyncStringReader.java:33)
at com.liferay.portal.kernel.util.PropertiesUtil.load(PropertiesUtil.java:199)
at com.liferay.portal.kernel.util.PropertiesUtil.load(PropertiesUtil.java:192)
at com.liferay.portal.security.ldap.LDAPSettingsUtil.getUserExpandoMappings(LDAPSettingsUtil.java:124)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDAP(PortalLDAPImporterImpl.java:169)
at com.liferay.portal.security.ldap.PortalLDAPImporterImpl.importFromLDAP(PortalLDAPImporterImpl.java:128)
at com.liferay.portal.security.ldap.PortalLDAPImporterUtil.importFromLDAP(PortalLDAPImporterUtil.java:34)
at com.liferay.portal.util.PortalInstances._initCompany(PortalInstances.java:448)
at com.liferay.portal.util.PortalInstances.initCompany(PortalInstances.java:92)
at com.liferay.portal.servlet.MainServlet.initCompanies(MainServlet.java:766)
at com.liferay.portal.servlet.MainServlet.init(MainServlet.java:336)
at javax.servlet.GenericServlet.init(GenericServlet.java:160)
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1266)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1185)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1080)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5001)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5289)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:866)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:842)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:615)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:649)
at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1581)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
PS : I'm writing all this in detail cause this is so important for me.
Waiting for your Help.
Best & Regards
hope this might help you,
http://www.liferay.com/community/forums/-/message_boards/message/8246721
Related
I am at my wits end!
I have a minimal install of Ubuntu Server 18.04 and OpenJDK 11 (headless).
Downloaded, to a local folder are the java 9+ binaries for Derby (db-derby-10.15.2.0-bin)
Path and Environment settings are all correct!
When I start the server startNetworkServer -h 0.0.0.0, I get an error when doing a simple connect using the ij command line tool
ij> connect 'jdbc:derby://localhost:1527/dbname;create=true';
ERROR XJ041: DERBY SQL error: ERRORCODE: 40000, SQLSTATE: XJ041, SQLERRMC: Failed to create database 'dbname', see the next exception for details.::SQLSTATE: XBM01::SQLSTATE: XJ001
The derby.log file makes reference to:
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getenv.SOURCE_DATE_EPOCH")
Looking further into this error, I learned that I somehow need a security.profile. I found this website that seemed to be the answers to my problems. https://www.javacodegeeks.com/2020/04/apache-derby-database-jvm-security-policy.html
Following these pretty straight-forward instructions, I get:
java.security.AccessControlException: access denied
org.apache.derby.shared.common.security.SystemPermission( "engine", "usederbyinternals" )
For the next person who has this strange problem (it seems to happen with some regularity, here's a simple workaround, copied from this FAQ page at Chalmers Institute of Technology:
Q: When we try to create a database in Derby and the database explorer in NetBeans, we get one or more of the following error(s):
An error occurred while creating the database:
java.sql.NonTransientConnectionException: DERBY SQL error: ERRORCODE:
40000, SQLSTATE: XJ041, SQLERRMC: ...
Caused by: java.security.AccessControlException: access denied
("java.lang.RuntimePermission" "getenv.SOURCE_DATE_EPOCH")
A: This is some kind of missconfiguration in the JVM with a very aggressive security policy that doesn't allow applications to fetch the time on the system (since epoch). The solution is to edit ~/.java.policy or [java.home]/lib/security/java.policy and add the following:
grant {
permission java.lang.RuntimePermission "getenv.SOURCE_DATE_EPOCH", "read";
};
If you are on Windows you can read about where this policy file is supposed to be located here;
https://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html
Apache-Derby is a database management system prepared for a multi-user environment, therefore, when you execute the startNetworkServer -h 0.0.0.0 instruction, you are telling it by default to take certain security into account, and that is why it does not let you do an insecure connection such as ij> connect 'jdbc:derby://172.16.17.31:1527/BBDD_server;create=true';
because you are connecting without specifying username and password, so you should either connect by specifying username + password, or start the server without any security:
startNetworkServer -h 0.0.0.0 -noSecurityManager
More help:
https://db.apache.org/derby/docs/10.4/adminguide/tadminnetservopen.html
https://db.apache.org/derby/docs/10.4/adminguide/tadminnetservbasic.html
we're trying to upgrade from Wildfly 15 to Wildfly 17. When starting the application under 17 we get lot's of DEBUGs in log as follows:
2019-07-16 08:30:41,031|DEBUG| org.jboss.as.domain.management|Identification of operation not progressing after [15000000000] ns has been requested
2019-07-16 08:30:51,029|DEBUG| io.undertow.request|Matched prefix path /management for path /management
2019-07-16 08:30:51,029|DEBUG| io.undertow.request.security|Setting authentication required for exchange HttpServerExchange{ POST /management}
2019-07-16 08:30:51,029|DEBUG| org.wildfly.security|Unable to create instance
java.security.NoSuchAlgorithmException: ELY00011: Unable to create service for 'HttpServerAuthenticationMechanismFactory.BEARER_TOKEN'
at org.wildfly.security.WildFlyElytronProvider$ProviderService.newInstance(WildFlyElytronProvider.java:342)
at org.wildfly.security.http.util.SecurityProviderServerMechanismFactory.getMechanismNames(SecurityProviderServerMechanismFactory.java:79)
at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory.getMechanismNames(SetMechanismInformationMechanismFactory.java:58)
at org.wildfly.security.http.util.FilterServerMechanismFactory.getMechanismNames(FilterServerMechanismFactory.java:100)
at org.wildfly.security.http.util.SortedServerMechanismFactory.getMechanismNames(SortedServerMechanismFactory.java:50)
at org.wildfly.security.auth.server.HttpAuthenticationFactory.getAllSupportedMechNames(HttpAuthenticationFactory.java:65)
at org.wildfly.security.auth.server.AbstractMechanismAuthenticationFactory.getMechanismNames(AbstractMechanismAuthenticationFactory.java:77)
at org.jboss.as.domain.http.server.ManagementHttpServer.lambda$secureDomainAccess$3(ManagementHttpServer.java:447)
at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:253)
at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$800(HttpAuthenticator.java:242)
at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:97)
at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:96)
at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:364)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NoSuchMethodException: org.wildfly.security.http.bearer.BearerTokenAuthenticationMechanism.<init>(java.security.Provider)
at java.lang.Class.getConstructor0(Class.java:3082)
at java.lang.Class.getConstructor(Class.java:1825)
at org.wildfly.security.WildFlyElytronProvider$ProviderService.newInstance(WildFlyElytronProvider.java:339)
Why is this and how can I get rid of these log entries?
Best regards
Mark.
This appears to be a bug in the WildFlyElytronProvider, I have created the following so we can implement a fix - https://issues.jboss.org/browse/ELY-1847
As this is just a DEBUG message you should be able to ignore in the meantime if you are not trying to use this mechanism.
I have created login fragment for login.jsp which is working perfectly fine.
Now I need to add some code to fetch some data from custom tables so I have added XYZLocalServiceUtil call using scriptlet.
Now service call is working but problem is when I deploy fragment hook it gives following error and portlet becomes unavailable, but only for first time after deployment.
When I refresh page, next time it works properly without any error. I am not sure why it is not able to get following dependency for first time.
07:17:00,237 ERROR [http-nio-9080-exec-9][PortletRequestDispatcherImpl:265] Unable to dispatch request: javax.el.ELException: Provider com.sun.el.ExpressionFactoryImpl not found
07:17:00,242 ERROR [http-nio-9080-exec-9][PortletServlet:111] javax.portlet.PortletException: org.apache.jasper.JasperException: javax.el.ELException: Provider com.sun.el.ExpressionFactoryImpl not found
javax.portlet.PortletException: org.apache.jasper.JasperException: javax.el.ELException: Provider com.sun.el.ExpressionFactoryImpl not found
at com.liferay.portlet.PortletRequestDispatcherImpl.dispatch(PortletRequestDispatcherImpl.java:267)
at com.liferay.portlet.PortletRequestDispatcherImpl.include(PortletRequestDispatcherImpl.java:102)
at com.liferay.portal.kernel.portlet.bridges.mvc.MVCPortlet.include(MVCPortlet.java:594)
at com.liferay.portal.kernel.portlet.bridges.mvc.MVCPortlet.include(MVCPortlet.java:610)
at com.liferay.portal.kernel.portlet.bridges.mvc.MVCPortlet.doView(MVCPortlet.java:160)
at com.liferay.portal.kernel.portlet.LiferayPortlet.doDispatch(LiferayPortlet.java:303)
at com.liferay.portal.kernel.portlet.bridges.mvc.MVCPortlet.doDispatch(MVCPortlet.java:497)
at javax.portlet.GenericPortlet.render(GenericPortlet.java:262)
at com.liferay.portal.kernel.portlet.bridges.mvc.MVCPortlet.render(MVCPortlet.java:317)
at com.liferay.portlet.FilterChainImpl.doFilter(FilterChainImpl.java:103)
at com.liferay.portlet.ScriptDataPortletFilter.doFilter(ScriptDataPortletFilter.java:57)
at com.liferay.portlet.FilterChainImpl.doFilter(FilterChainImpl.java:100)
at com.liferay.portal.kernel.portlet.PortletFilterUtil.doFilter(PortletFilterUtil.java:64)
at com.liferay.portal.kernel.servlet.PortletServlet.service(PortletServlet.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.eclipse.equinox.http.servlet.internal.registration.EndpointRegistration.service(EndpointRegistration.java:153)
at org.eclipse.equinox.http.servlet.internal.servlet.ResponseStateHandler.processRequest(ResponseStateHandler.java:62)
at org.eclipse.equinox.http.servlet.internal.context.DispatchTargets.doDispatch(DispatchTargets.java:117)
at org.eclipse.equinox.http.servlet.internal.servlet.RequestDispatcherAdaptor.include(RequestDispatcherAdaptor.java:48)
at com.liferay.portlet.InvokerPortletImpl.invoke(InvokerPortletImpl.java:530)
at com.liferay.portlet.InvokerPortletImpl.invokeRender(InvokerPortletImpl.java:605)
at com.liferay.portlet.InvokerPortletImpl.render(InvokerPortletImpl.java:391)
at com.liferay.portal.monitoring.internal.portlet.MonitoringInvokerPortlet.render(MonitoringInvokerPortlet.java:265)
at org.apache.jsp.html.portal.render_005fportlet_jsp._jspService(render_005fportlet_jsp.java:1580)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at com.liferay.portal.servlet.DirectRequestDispatcher.include(DirectRequestDispatcher.java:64)
at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.doDispatch(ClassLoaderRequestDispatcherWrapper.java:78)
at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.include(ClassLoaderRequestDispatcherWrapper.java:53)
at com.liferay.portlet.PortletContainerImpl._render(PortletContainerImpl.java:707)
at com.liferay.portlet.PortletContainerImpl.render(PortletContainerImpl.java:162)
at com.liferay.portlet.SecurityPortletContainerWrapper.render(SecurityPortletContainerWrapper.java:133)
at com.liferay.portlet.RestrictPortletContainerWrapper.render(RestrictPortletContainerWrapper.java:133)
...
I have tried by adding following dependency in gradle file but no luck.
compile group: 'org.glassfish', name: 'javax.el', version: '3.0.0'
I am using "liferay-ce-portal-7.0-ga4", If anyone faced similar issue please suggest the way to resolve it.
Thanks
Trying to configure Security Manager for Tomcat 7. We are running Java 1.8.0_51 on a 64 bit Windows 2008 server and run Tomcat as a service. I've added the following lines as Java Options:
-Djava.security.manager
-Djava.security.policy=D:\Program Files\Apache Software Foundation\Tomcat7.0\conf\catalina.policy
The security policy file is the default file and has not been modified. After adding the lines I can no longer start Tomcat. I get the following error messages:
2015-10-07 08:58:31 Commons Daemon procrun stderr initialized properties: reading security properties file: C:\Program Files\Java\jre1.8.0_51\lib\security\java.security jar: beginEntry META-INF/MANIFEST.MF jar: done with meta! jar: nothing to verify! scl: getPermissions ProtectionDomain (file:/D:/Program%20Files/Apache%20Software%20Foundation/Tomcat7.0/bin/tomcat-juli.jar <no signer certificates>) sun.misc.Launcher$AppClassLoader#c387f44 <no principals> java.security.Permissions#28d93b30 ( ("java.lang.RuntimePermission" "exitVM") ("java.io.FilePermission" "\D:\Program Files\Apache Software Foundation\Tomcat7.0\bin\tomcat-juli.jar" "read") ) scl: policy: reading file:/D:/Program%20Files/Apache%20Software%20Foundation/Tomcat7.0/conf/catalina.policy [Policy Parser]: sun.security.util.PropertyExpander$ExpandException: unable to expand property catalina.home [Policy Parser]: sun.security.util.PropertyExpander$ExpandException: unable to expand property catalina.base
I also see errors like the following:
java.lang.IllegalArgumentException: null KeyStore name
If I remove the new config lines all is well.
Any ideas?
My webserver, orion 1.5.4, run on jre 1.4.2, when I run
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
the following exception is thrown
java.security.NoSuchAlgorithmException:Algorithm PBKDF2WithHmacSHA1 not available
I google and find need to add Bouncy Castle provider, so I download bcprov-jdk14-150.jar and placed it in classpath, and download the unlimited policy files in the JVM, then when I run the program code, error thrown in line
aesCipher.init(Cipher.DECRYPT_MODE,secretKey, new IvParameterSpec(ivByte));
the error message is
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.SunJCE_b.(DashoA12275)
... 15 more
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
at javax.crypto.SunJCE_b.a(DashoA12275)
at javax.crypto.SunJCE_b.g(DashoA12275)
at javax.crypto.SunJCE_b.f(DashoA12275)
at javax.crypto.SunJCE_t.run(DashoA12275)
at java.security.AccessController.doPrivileged(Native Method)
... 16 more
how to solve it?
I found the problem, I download the unlimited policy files for java 1.6 wrongly, should download for java 1.4.
thanks