Topic
6 replies Latest Post - ‏2011-09-24T04:20:06Z by SystemAdmin
p8learning
p8learning
7 Posts
ACCEPTED ANSWER

Pinned topic intermittent security error - connecting CE

‏2011-03-24T23:09:13Z |
Hi All,

I am new to the P8 4.5
I am developing a custome web application. Using Tomcat as my client app server. CE is on websphere. I setup the JAAS login correctly and able to login to CE object store in my login servlet. When I move to JSP page and try to pull Choice List I am getting some time and some time it throws the following error. So it is not consistent. Please help me debug this.

Mar 24, 2011 4:56:02 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet jsp threw exception
com.filenet.api.exception.EngineRuntimeException: SECURITY_INVALID_CREDENTIALS: Invalid credentials.
at com.filenet.apiimpl.wsi.ClientOperation.getCredential(ClientOperation.java:277)
at com.filenet.apiimpl.wsi.ClientOperation.setCallContext(ClientOperation.java:194)
at com.filenet.apiimpl.wsi.ClientOperation.start(ClientOperation.java:102)
at com.filenet.apiimpl.wsi.ClientOperation.run(ClientOperation.java:69)
at com.filenet.apiimpl.wsi.ServiceSession.getObjects(ServiceSession.java:242)
at com.filenet.apiimpl.util.SessionHandle.getObjects(SessionHandle.java:334)
at com.filenet.apiimpl.core.Session.callGetObjects(Session.java:121)
at com.filenet.apiimpl.core.Session.executeGetObject(Session.java:325)
at com.filenet.apiimpl.core.Session.getProperty(Session.java:448)
at com.filenet.apiimpl.property.PropertyImpl.fetchValue(PropertyImpl.java:314)
at com.filenet.apiimpl.property.PropertyImpl.getObjectValue(PropertyImpl.java:254)
at com.filenet.apiimpl.property.PropertyImpl.getObjectValue(PropertyImpl.java:235)
at com.filenet.apiimpl.property.PropertyImpl.getDependentObjectListValue(PropertyImpl.java:531)
at com.filenet.apiimpl.property.PropertiesImpl.getDependentObjectListValue(PropertiesImpl.java:1150)
at com.filenet.apiimpl.core.ChoiceListImpl.get_ChoiceValues(ChoiceListImpl.java:339)
at com.ppl.trim.utils.ContentFacade.getChoiceList(ContentFacade.java:888)
at com.ppl.trim.utils.ContentFacade.getChoiceListHTML(ContentFacade.java:906)
at org.apache.jsp.choiceList_jsp._jspService(choiceList_jsp.java:83)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:386)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Unknown Source)
My CE login code:

public ContentFacade(String CEWSURI, String JAASConfigFile,
String JAASLoginModule, String LDAPUsername, String LDAPPassword)
throws Exception {
try {
logger.debug("ContentFacade: Constructor(String, String, String, String, String): called");
setCEWSURI(CEWSURI);
if (JAASConfigFile != null) {
System.setProperty("java.security.auth.login.config",
JAASConfigFile);
logger.debug("ContentFacade: Constructor(String, String, String, String, String): "
+ JAASConfigFile + " set");
}
connection = Factory.Connection.getConnection(this.CEWSURI);
logger.debug("ContentFacade: Constructor(String, String, String, String, String): CE connected");

// Establish a JAAS Login
UserContext uc = UserContext.get();
logger.debug("ContentFacade: Constructor(String, String, String, String, String): User Context got");
Subject subject = UserContext.createSubject(connection,
LDAPUsername, LDAPPassword, JAASLoginModule);
uc.pushSubject(subject);
logger.debug("ContentFacade: Constructor(String, String, String, String, String): Subject created");

// Fetch domain
domain = Factory.Domain.getInstance(connection, null);
logger.debug("ContentFacade: Constructor(String, String, String, String, String): Domain fetched");

// Fetch Objectstore
String objectStoreName = ReadProperty.readPropFile("OBJ_STORE_NAME", "TRIM");
objectStore = Factory.ObjectStore.fetchInstance(domain,
objectStoreName, null);
logger.debug("ContentFacade: Constructor(String, String, String, String, String): ObjectStore fetched: " + objectStore.get_Name());
} catch (Exception ex) {
logger.error(ex.getMessage());
StackTraceElement[] stackElements = ex.getStackTrace();
String err = "";
for (int lcv = 0; lcv < stackElements.length; lcv++) {
err = err + "\n" + stackElementslcv.toString();
}
logger.error(err);
}
}
This is my choice list code from the JSP:

com.filenet.api.admin.ChoiceList choiceList = null;
boolean found = false;

@SuppressWarnings("rawtypes")
Iterator iChoiceLists = objectStore.get_ChoiceLists().iterator();
while (iChoiceLists.hasNext()) {
choiceList = (com.filenet.api.admin.ChoiceList)iChoiceLists.next();
if (choiceList.get_Name().equalsIgnoreCase(choiceListName)) {
found = true;
break;
}
}
if (!found)
throw new Exception("ChoiceList " + choiceListName
+ " does not exist in ObjectStore");
I am getting error at this line:
Iterator iChoiceLists = objectStore.get_ChoiceLists().iterator();

One more important thing I need to mention here, once I got the object store from the login servlet, i am keeping the same in the HTTP session object and retriaving in the JSP page. This is where I have doubt.

Please help me with your suggestions and comments. If you need more info from please let me know.
Updated on 2011-09-24T04:20:06Z at 2011-09-24T04:20:06Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    199 Posts
    ACCEPTED ANSWER

    Re: intermittent security error - connecting CE

    ‏2011-03-24T23:29:16Z  in response to p8learning
    I can't say exactly what's going on here, but I have a suspicion. The authentication-related things are all per-thread, not per-object. So, for example, the ObjectStore that you are keeping in the HTTP session doesn't have any memory of the Subject that was in effect at the time that it was fetched. The caller must have been authenticated at the time the CE server calls are made.

    In your servlet code that fetches the ObjectStore, it works because you have just done a UserContext.pushSubject. Later things work inconsistently because you may be using a different worker thread in Tomcat. Because you didn't do a UserContext.popSubject, you will sometimes get a thread that still has the Subject associated with it, and sometimes not (which is a tricky security problem, so you always want to have the popSubject call).

    A good practice would be to keep the Subject in the HTTP session. Then use the following coding pattern:

    
    UserContext.get().pushSubject(someSubject) 
    
    try 
    { 
    // do some work 
    } 
    
    finally 
    { UserContext.get().popSubject() 
    }
    


    Depending on the structure of the rest of your code, the "do some work" part could be the entire JSP request/response cycle, or it could be done individually for every call you make that does a CE server hit.
    • p8learning
      p8learning
      7 Posts
      ACCEPTED ANSWER

      Re: intermittent security error - connecting CE

      ‏2011-03-29T16:10:30Z  in response to SystemAdmin
      Thank you so much for your suggestion. It is working now.
      • p8learning
        p8learning
        7 Posts
        ACCEPTED ANSWER

        Re: intermittent security error - connecting CE

        ‏2011-03-29T16:12:15Z  in response to p8learning
        One more question. If I do like this, will it create any performance problem or burden to the CE server?
        • SystemAdmin
          SystemAdmin
          199 Posts
          ACCEPTED ANSWER

          Re: intermittent security error - connecting CE

          ‏2011-03-29T18:20:35Z  in response to p8learning
          No, this is all client-side behavior, and the objects involved are relatively simple. Depending on your JAAS configuration, it may be expensive to create the Subject, so it is generally worth it to keep that around. Other than that, it's all pretty simple, performance-neutral stuff.
  • SystemAdmin
    SystemAdmin
    199 Posts
    ACCEPTED ANSWER

    Re: intermittent security error - connecting CE

    ‏2011-09-24T04:20:06Z  in response to p8learning
    Hi,

    I am new in FileNet and I want to do the same as you.
    I have web app using stripesframeworks and would like to integrate the files storage to FileNet.

    Can you give me some insight on what should to do?
    • What are the prerequisites? FileNet Content Engine Client, etc. etc.
    • Can you give me sample code for login only?

    Appreciates very much for your help.

    Thank you.

    Regards,
    Bayu.