Bug 1040853 - REST API authentication does not work for RTGov server
Summary: REST API authentication does not work for RTGov server
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: Installer
Version: 6.0.0 GA
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ER8
: 6.0.0
Assignee: Thomas Hauser
QA Contact: Len DiMaggio
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-12 08:54 UTC by Jiri Pechanec
Modified: 2014-02-06 15:32 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Jiri Pechanec 2013-12-12 08:54:44 UTC 
A vault file is missing after default installation from installer

Logged exception
09:50:21,004 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/gadget-web].[makeRequest]] (http-localhost/127.0.0.1:9080-3) JBWEB000236: Servlet.service() for servlet makeRequest threw exception: java.lang.RuntimeException: java.lang.Exception: No KeyStore found at path /home/jpechane/releases/er7/rtgov/jboss-eap-6.1/standalone/configuration/overlord-saml.keystore
	at org.overlord.gadgets.web.server.http.auth.SAMLBearerTokenAuthenticationProvider.createSAMLBearerTokenAssertion(SAMLBearerTokenAuthenticationProvider.java:88) [classes:]
	at org.overlord.gadgets.web.server.http.auth.SAMLBearerTokenAuthenticationProvider.provideAuthentication(SAMLBearerTokenAuthenticationProvider.java:72) [classes:]
	at org.overlord.gadgets.web.server.http.AuthenticatingHttpFetcher.fetch(AuthenticatingHttpFetcher.java:97) [classes:]
	at org.apache.shindig.gadgets.http.DefaultRequestPipeline.execute(DefaultRequestPipeline.java:108) [shindig-gadgets-3.0.0-beta4.jar:3.0.0-beta4]
	at org.apache.shindig.gadgets.servlet.MakeRequestHandler.fetch(MakeRequestHandler.java:150) [shindig-gadgets-3.0.0-beta4.jar:3.0.0-beta4]
	at org.apache.shindig.gadgets.servlet.MakeRequestServlet.doGet(MakeRequestServlet.java:55) [shindig-gadgets-3.0.0-beta4.jar:3.0.0-beta4]
	at org.apache.shindig.gadgets.servlet.MakeRequestServlet.doPost(MakeRequestServlet.java:68) [shindig-gadgets-3.0.0-beta4.jar:3.0.0-beta4]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.shindig.gadgets.servlet.ETagFilter.doFilter(ETagFilter.java:55) [shindig-gadgets-3.0.0-beta4.jar:3.0.0-beta4]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.shindig.auth.AuthenticationServletFilter.callChain(AuthenticationServletFilter.java:151) [shindig-common-3.0.0-beta4.jar:3.0.0-beta4]
	at org.apache.shindig.auth.AuthenticationServletFilter.doFilter(AuthenticationServletFilter.java:96) [shindig-common-3.0.0-beta4.jar:3.0.0-beta4]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.shindig.common.servlet.HostFilter.doFilter(HostFilter.java:39) [shindig-common-3.0.0-beta4.jar:3.0.0-beta4]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.2.1.Final-redhat-10.jar:7.2.1.Final-redhat-10]
	at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.2.1.Final-redhat-10.jar:7.2.1.Final-redhat-10]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:499) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.2.1.Final-redhat-10.jar:7.2.1.Final-redhat-10]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
	at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
Caused by: java.lang.Exception: No KeyStore found at path /home/jpechane/releases/er7/rtgov/jboss-eap-6.1/standalone/configuration/overlord-saml.keystore
	at org.overlord.commons.auth.jboss7.SAMLBearerTokenUtil.loadKeystore(SAMLBearerTokenUtil.java:150) [overlord-commons-auth-1.1.0-redhat-4.jar:1.1.0-redhat-4]
	at org.overlord.gadgets.web.server.http.auth.SAMLBearerTokenAuthenticationProvider.createSAMLBearerTokenAssertion(SAMLBearerTokenAuthenticationProvider.java:84) [classes:]
	... 34 more



Security domain config
               <security-domain name="overlord-jaxrs" cache-type="default">
                    <authentication>
                        <login-module code="org.overlord.commons.auth.jboss7.SAMLBearerTokenLoginModule" flag="sufficient">
                            <module-option name="allowedIssuers" value="/s-ramp-ui,/dtgov,/dtgov-ui,/gadget-web,/bpel-console"/>
                            <module-option name="signatureRequired" value="true"/>
                            <module-option name="keystorePath" value="${jboss.server.config.dir}/overlord-saml.keystore"/>
                            <module-option name="keystorePassword" value="${VAULT::vault::saml-keystore.password::1}"/>
                            <module-option name="keyAlias" value="overlord"/>
                            <module-option name="keyPassword" value="${VAULT::overlord::overlord-alias.password::1}"/>
                        </login-module>
                        <login-module code="RealmDirect" flag="required">
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                    </authentication>
                </security-domain>

File overlord-saml.keystore is missing
Comment 1 Jiri Pechanec 2013-12-12 11:45:46 UTC 
The keystore is present when dtgov is installed but not when rtgov-only is installed.
Comment 2 Thomas Hauser 2013-12-12 15:49:27 UTC 
Thanks for finding this discrepancy.

Fixed in 080dffb80c7c809ec760ce3f40c60d169367b43f
Comment 3 Jiri Pechanec 2013-12-20 09:56:01 UTC 
Verified in ER8
Note You need to log in before you can comment on or make changes to this bug.