Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
11 replies Latest Post - ‏2013-08-28T17:53:28Z by wrodrig
PaoloBerardo
PaoloBerardo
6 Posts
ACCEPTED ANSWER

Pinned topic Liberty Profile 8.5.5 WebAppSecurityCollaboratorImpl problem

‏2013-08-27T11:32:07Z |

I have a problem using Liberty Profile 8.5.5 with LDAP. I have an EAR with application.xml setted correctly for security. into the ear i have a web probject with web.xml setted correctly. The login authentication goes well (request.getRemoteUser() gives correct result) but in the next action, when i use response.isUserInRoles returns me this exception:

    [FATAL] [isUserInRole - WebAppSecurityCollaboratorImpl.java:327] Exception in method ...
    Exception type: class java.lang.NullPointerException Msg: null
    java.lang.NullPointerException

I really don't understand how this could happen... If someone have a solution, a work-around, a fix, please tell me.
 

  • rsanchezh
    rsanchezh
    26 Posts
    ACCEPTED ANSWER

    Re: Liberty Profile 8.5.5 WebAppSecurityCollaboratorImpl problem

    ‏2013-08-27T14:20:56Z  in response to PaoloBerardo

    Hello,

    Does the same application work fine in WAS? Also, do you have  a  stack trace of the error?

    • PaoloBerardo
      PaoloBerardo
      6 Posts
      ACCEPTED ANSWER

      Re: Liberty Profile 8.5.5 WebAppSecurityCollaboratorImpl problem

      ‏2013-08-27T14:52:28Z  in response to rsanchezh

      Hello rsanchezh, the same application works well on WAS 8.5 on linux server.

      When I ran it on WLP 8.5.5 on my local machine, it gives this exception. The same exception is generated if I don't connect to the LDAP server and use a local user registry...

      P.S: There isn't a stack trace of this error... the only info are that i reported into my previous post... there isn't a FFDC file, no other logs for this error... it's an error generated from an IBM class, so our logger can't do much....

      • rsanchezh
        rsanchezh
        26 Posts
        ACCEPTED ANSWER

        Re: Liberty Profile 8.5.5 WebAppSecurityCollaboratorImpl problem

        ‏2013-08-27T16:21:02Z  in response to PaoloBerardo

        Probably you already saw this document, but did you configure the liberty server with the necessary features, like described here?

        http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/index.jsp?topic=%2Fcom.ibm.websphere.wlp.nd.doc%2Fae%2Ftwlp_sec_ldap.html

        • PaoloBerardo
          PaoloBerardo
          6 Posts
          ACCEPTED ANSWER

          Re: Liberty Profile 8.5.5 WebAppSecurityCollaboratorImpl problem

          ‏2013-08-27T16:36:05Z  in response to rsanchezh

          Hello again :-)

          I have read and followed this tutorial to make correct settings of the server.xml.

          If my settings aren't good, it can't respond correctly to request.getRemoteUser() (this method return null if the user isn't authenticated).

          The problem is in the next action. When i use response.isUserInRole, websphere call WebAppSecurityCollaboratorImpl and give me this runtime error. I don't understand why... it's a WLP issue? is there a fix for it? is there a workaround?

           

          Thanks in advance, have a nice day.

  • utle@us.ibm.com
    utle@us.ibm.com
    8 Posts
    ACCEPTED ANSWER

    Re: Liberty Profile 8.5.5 WebAppSecurityCollaboratorImpl problem

    ‏2013-08-27T16:34:16Z  in response to PaoloBerardo

    Hi,

    Can you provide a high level of your scenario? Do you call isUserInRole() method from your application or from a form login page? If you call it  from a form login page, can you try to call this method from your application? It should work if you call this method from your application

    Ut.

     

     

    • PaoloBerardo
      PaoloBerardo
      6 Posts
      ACCEPTED ANSWER

      Re: Liberty Profile 8.5.5 WebAppSecurityCollaboratorImpl problem

      ‏2013-08-27T16:39:58Z  in response to utle@us.ibm.com

      Hello utle@us.ibm.com, when i use this method (isUserInRole) i'm in an action after a form login page where i use j_security_check.

      So i'm an authorized user. After the login i need some info about the user (for example the abilitated roles) because i must permit the user to use some function related to his roles.

      When i call this method (from my machine, with WLP 8.5.5 with correct settings) it gives me this exception.

      • utle@us.ibm.com
        utle@us.ibm.com
        8 Posts
        ACCEPTED ANSWER

        Re: Liberty Profile 8.5.5 WebAppSecurityCollaboratorImpl problem

        ‏2013-08-27T16:45:51Z  in response to PaoloBerardo

        Hi,

        Can you post the form login page where you call this method. Please.

        Ut

        • PaoloBerardo
          PaoloBerardo
          6 Posts
          ACCEPTED ANSWER

          Re: Liberty Profile 8.5.5 WebAppSecurityCollaboratorImpl problem

          ‏2013-08-27T16:53:32Z  in response to utle@us.ibm.com
          <form id="loginForm" method="POST" action="j_security_check">
              <INPUT type="text" id="j_username" name="j_username">
          <INPUT type="password" id="j_password" name="j_password">
          <input type="submit" id="submitButton" name="submitButton" value="INVIA">
             </form>

           

          this is the login form. i don't use a scriptlet, i don't call isUserInRole from a jsp,

          i call it into an action after the login...

          i'm in an action after a form login page where i use j_security_check.

          So i'm an authorized user. After the login i need some info about the user (for example the abilitated roles) because i must permit the user to use some function related to his roles.

           

           

          • utle@us.ibm.com
            utle@us.ibm.com
            8 Posts
            ACCEPTED ANSWER

            Re: Liberty Profile 8.5.5 WebAppSecurityCollaboratorImpl problem

            ‏2013-08-27T20:11:43Z  in response to PaoloBerardo

            There is seem to be a problem, please open a PMR so our security support team can investigate this problem further. Thanks.

            • PaoloBerardo
              PaoloBerardo
              6 Posts
              ACCEPTED ANSWER

              Re: Liberty Profile 8.5.5 WebAppSecurityCollaboratorImpl problem

              ‏2013-08-28T08:30:22Z  in response to utle@us.ibm.com

              Thanks for the info, i'm opening a PRM (first time for me). I put Customer Code and motivation and click on Submit.

              Existing Access  ( 1 )

              Customer Code IBM Offer Access Level State
                Base

              Is it correct?

              Thanks in advance, sorry but it's the first PRM for me.

              • wrodrig
                wrodrig
                1 Post
                ACCEPTED ANSWER

                Re: Liberty Profile 8.5.5 WebAppSecurityCollaboratorImpl problem

                ‏2013-08-28T17:53:28Z  in response to PaoloBerardo

                Hi Paolo:

                To make sure all is good, please take a look at this link that explains the process to open PMR.

                 

                Hope this helps