Bug 846820 - war-deployers-jboss-beans.xml contains PicketLinkAuthenticator, which is not in classpath
war-deployers-jboss-beans.xml contains PicketLinkAuthenticator, which is not ...
Status: CLOSED NEXTRELEASE
Product: JBoss Enterprise Application Platform 5
Classification: JBoss
Component: distribution (Show other bugs)
5.1.2
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Christopher O'Brien
Len DiMaggio
:
Depends On:
Blocks: 846743
  Show dependency treegraph
 
Reported: 2012-08-08 15:54 EDT by mposolda
Modified: 2016-08-02 12:04 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-08-02 12:04:56 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description mposolda 2012-08-08 15:54:02 EDT
in server/default/deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml there is declaration of new authenticator in "authenticators" configuration:

<entry>
  <key>SECURITY_DOMAIN</key
  <value>org.picketlink.identity.federation.bindings.tomcat.PicketLinkAuthenticator</value>
</entry>

Problem is that this authenticator is not available in EAP classpath by default. It's available in EAP in attached picketlink component under $EAP_HOME/picketlink/picketlink-federation/picketlink-core-2.0.2.jar, but this JAR is not in EAP classpath by default. So it seems that PicketLinkAuthenticator should be commented by default and EAP users can uncomment only in case when they want to use picketlink and add picketlink JAR into classpath.


The main problem with current configuration in EAP 5.1.2-GA is, that if user adds another authenticator into the end of the authenticators chain - like SPNEGO authenticator for instance:

<entry>
  <key>SPNEGO</key>
  <value>org.jboss.security.negotiation.NegotiationAuthenticator</value>
</entry>

then the server startup ends with the confusing error message:
ERROR [ContextConfig] Cannot configure an authenticator for method SPNEGO

which is actually not caused by SPNEGO itself but it's caused by the fact that previous authenticator (PicketLinkAuthenticator) is not in classpath.

Note You need to log in before you can comment on or make changes to this bug.