Topic
  • 9 replies
  • Latest Post - ‏2011-05-16T18:54:12Z by kark
SystemAdmin
SystemAdmin
462 Posts

Pinned topic UserRegistry error when using FileRegistrySample

‏2011-05-12T14:31:43Z |
Background:
We use FileRegistrySample on the desktop to read user attributes (user display name attribute) from local file-based user registry. We configure the registry identically in 6.1 and 8 in the administrative console, use the same users.props file, and call the same API.

Analysis:
There is a method called initialize (Properties props) in FileRegistrySample class that must be called by WAS on startup to initialize the location of users and groups files. That method is called in WAS 6.1 (a breakpoint on that method triggers), but it is never called in WAS 8 (breakpoint never triggers); therefore, the file name is not initialized and the system tries to open a null file to read the user data.

Suspicion:
The initialization call is missing from somewhere in WAS8 bootstrap code.
Source code for UserAttributes.java is attached.
Key line that is failing:
final FileRegistrySample fileRegistry = new FileRegistrySample();
final String dataLine = fileRegistry.getUserDisplayName(user); // <-- exception is here.
Stack trace per the console:

5/12/11 8:19:48:266 EDT 0000001e webapp E com.ibm.ws.webcontainer.webapp.WebApp logServletError SRVE0293E: Servlet Error-action: com.ford.it.exception.FordResourceRuntimeException: Error during load the Local User Registry lookup for currently logged-in user wasadm01.
at com.ford.it.context.UserAttributes.loadLocalRegistryAttributes(UserAttributes.java:679)
at com.ford.it.context.RequestContextFilter.getUserAttributes(RequestContextFilter.java:188)
at com.ford.it.context.RequestContextFilter.doFilter(RequestContextFilter.java:121)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:192)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:89)
at com.ford.jcoe.jab.context.EncodingFilter.doFilter(EncodingFilter.java:77)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:192)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:89)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:919)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1016)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3604)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:950)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1625)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:197)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:445)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:504)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:301)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:275)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1620)
Caused by: com.ibm.websphere.security.CustomRegistryException
at com.ibm.websphere.security.FileRegistrySample.isValidUser(FileRegistrySample.java:438)
at com.ibm.websphere.security.FileRegistrySample.getUserDisplayName(FileRegistrySample.java:289)
at com.ford.it.context.UserAttributes.loadLocalRegistryAttributes(UserAttributes.java:656)
... 28 more
Caused by: java.lang.NullPointerException
at java.io.FileInputStream.<init>(FileInputStream.java:120)
at java.io.FileInputStream.<init>(FileInputStream.java:83)
at java.io.FileReader.<init>(FileReader.java:52)
at com.ibm.websphere.security.FileRegistrySample.fileOpen(FileRegistrySample.java:879)
at com.ibm.websphere.security.FileRegistrySample.isValidUser(FileRegistrySample.java:426)
... 30 more
Updated on 2011-05-16T18:54:12Z at 2011-05-16T18:54:12Z by kark
  • kark
    kark
    18 Posts

    Re: UserRegistry error when using FileRegistrySample

    ‏2011-05-12T18:58:00Z  
    Hi,

    Are you configuring the FileRegistrySample as the active user registry and not seeing it being initialized? Can you send me your security.xml file? Also, please enable com.ibm.ws.security.*=all:com.ibm.ws.security.policy.*=off trace during the server startup - for both 6.1 and 8.0 if possible.

    --Ajay
  • SystemAdmin
    SystemAdmin
    462 Posts

    Re: UserRegistry error when using FileRegistrySample

    ‏2011-05-12T21:17:24Z  
    Requested files attached.
  • SystemAdmin
    SystemAdmin
    462 Posts

    Re: UserRegistry error when using FileRegistrySample

    ‏2011-05-12T21:18:23Z  
    • kark
    • ‏2011-05-12T18:58:00Z
    Hi,

    Are you configuring the FileRegistrySample as the active user registry and not seeing it being initialized? Can you send me your security.xml file? Also, please enable com.ibm.ws.security.*=all:com.ibm.ws.security.policy.*=off trace during the server startup - for both 6.1 and 8.0 if possible.

    --Ajay
    Yes, we are configuring it as the active registry.
  • kark
    kark
    18 Posts

    Re: UserRegistry error when using FileRegistrySample

    ‏2011-05-12T22:06:15Z  
    Yes, we are configuring it as the active registry.
    Looking at the traces, I do see the FileRegistrySample being initialized in both versions during server bringup. Since you are using serverID/pass the server startup would have failed if the reigstry was not initialized.

    5/12/11 16:15:46:236 EDT 00000000 UserRegistryI A SECJ0136I: Custom Registry:com.ibm.websphere.security.FileRegistrySample has been initialized

    The trace also shows that authentication of both users (oshvarts, wasadm01) is successful in the 8.0 beta. Are you able to log into the console using the file based user registry information? That also would confirm that the user registry is being initialized and working properly.

    The actual FileRegistrySample is in the com.ibm.webpshere.security.*=all package. If you please add it to the current trace, that might help get more info.

    Looking at your code, you seem to create and use a new FileRegistrySample object? If so, it should not be using the object initialized during the bringup anyway.

    --Ajay
  • SystemAdmin
    SystemAdmin
    462 Posts

    Re: UserRegistry error when using FileRegistrySample

    ‏2011-05-13T14:02:11Z  
    • kark
    • ‏2011-05-12T22:06:15Z
    Looking at the traces, I do see the FileRegistrySample being initialized in both versions during server bringup. Since you are using serverID/pass the server startup would have failed if the reigstry was not initialized.

    5/12/11 16:15:46:236 EDT 00000000 UserRegistryI A SECJ0136I: Custom Registry:com.ibm.websphere.security.FileRegistrySample has been initialized

    The trace also shows that authentication of both users (oshvarts, wasadm01) is successful in the 8.0 beta. Are you able to log into the console using the file based user registry information? That also would confirm that the user registry is being initialized and working properly.

    The actual FileRegistrySample is in the com.ibm.webpshere.security.*=all package. If you please add it to the current trace, that might help get more info.

    Looking at your code, you seem to create and use a new FileRegistrySample object? If so, it should not be using the object initialized during the bringup anyway.

    --Ajay
    Ajay,

    I guess that in WAS 6.1 reinstantiating the FileRegistrySample did not cause problems, whereas in 8.0, it does. From the failure mode, it sounds like FileRegistrySample used to be treated as a singleton and one initialization sufficed globally. Now it is treated as a separate instance and needs to be initialized each time.

    The intent is to retrieve additional attributes from the registry. Can you suggest a better (read: simple) way to do that?
  • SystemAdmin
    SystemAdmin
    462 Posts

    Re: UserRegistry error when using FileRegistrySample

    ‏2011-05-13T15:26:14Z  
    • kark
    • ‏2011-05-12T22:06:15Z
    Looking at the traces, I do see the FileRegistrySample being initialized in both versions during server bringup. Since you are using serverID/pass the server startup would have failed if the reigstry was not initialized.

    5/12/11 16:15:46:236 EDT 00000000 UserRegistryI A SECJ0136I: Custom Registry:com.ibm.websphere.security.FileRegistrySample has been initialized

    The trace also shows that authentication of both users (oshvarts, wasadm01) is successful in the 8.0 beta. Are you able to log into the console using the file based user registry information? That also would confirm that the user registry is being initialized and working properly.

    The actual FileRegistrySample is in the com.ibm.webpshere.security.*=all package. If you please add it to the current trace, that might help get more info.

    Looking at your code, you seem to create and use a new FileRegistrySample object? If so, it should not be using the object initialized during the bringup anyway.

    --Ajay
    This is the message from the developer:

    I see now that there is an initialize call happening in WAS8, but that does not appear to be on the same object or same thread as the one I invoke to get the user attributes. How can I obtain a reference to the same initialized object OR reinitialize it the same way as WAS itself does? Alternatively, how can the object be changed to work the same way it works in WAS 6.1?

    Steve
  • kark
    kark
    18 Posts

    Re: UserRegistry error when using FileRegistrySample

    ‏2011-05-13T22:36:36Z  
    This is the message from the developer:

    I see now that there is an initialize call happening in WAS8, but that does not appear to be on the same object or same thread as the one I invoke to get the user attributes. How can I obtain a reference to the same initialized object OR reinitialize it the same way as WAS itself does? Alternatively, how can the object be changed to work the same way it works in WAS 6.1?

    Steve
    To get the user registry that is used by your application, try the getUserRegistry method as documented here.

    http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.javadoc.doc/web/spidocs/com/ibm/wsspi/security/registry/RegistryHelper.html

    If you have only one realm, you can pass null.

    --Ajay
  • SystemAdmin
    SystemAdmin
    462 Posts

    Re: UserRegistry error when using FileRegistrySample

    ‏2011-05-16T18:09:39Z  
    • kark
    • ‏2011-05-13T22:36:36Z
    To get the user registry that is used by your application, try the getUserRegistry method as documented here.

    http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.javadoc.doc/web/spidocs/com/ibm/wsspi/security/registry/RegistryHelper.html

    If you have only one realm, you can pass null.

    --Ajay
    That works, Ajay. Thanks!

    Is there a similar class for WAS 6.1?

    Steve
  • kark
    kark
    18 Posts

    Re: UserRegistry error when using FileRegistrySample

    ‏2011-05-16T18:54:12Z  
    That works, Ajay. Thanks!

    Is there a similar class for WAS 6.1?

    Steve
    This method was introduced in v7.0. In 6.1, one can obtain the user registry using the naming lookup as in

    // Retrieves the default InitialContext for this server.
    javax.naming.InitialContext ctx = new javax.naming.InitialContext();

    // Retrieves the local UserRegistry implementation.
    com.ibm.websphere.security.UserRegistry reg = (com.ibm.websphere.security.UserRegistry) ctx.lookup("UserRegistry");

    The naming lookup should also work in 8.0 but we recommend using the helper method as it can also handle multi domain support.

    --Ajay