am using spring security Facebook 0.6 , am able to get user authentication from facebook but when user tries to access my application then it shows error as follows
2012-02-16 11:06:22,376 [http-8080-1] ERROR hibernate.LazyInitializationException - could not initialize proxy - no Session
org.hibernate.LazyInitializationException: could not initialize proxy - no Session
at
org.hibernate.proxy.AbstractLazyInitializer.initialize(AbstractLazyInitializer.java:86)
at
org.codehaus.groovy.grails.orm.hibernate.proxy.HibernateProxyHandler.unwrapProxy(HibernateProxyHandler.java:83)
at
org.codehaus.groovy.grails.orm.hibernate.cfg.GrailsHibernateUtil.unwrapProxy(GrailsHibernateUtil.java:404)
at org.codehaus.groovy.grails.orm.hibernate.cfg.GrailsHibernateUtil$unwrapProxy.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:40)
at org.codehaus.groovy.grails.orm.hibernate.cfg.GrailsHibernateUtil$unwrapProxy.call(Unknown Source)
at org.codehaus.groovy.grails.plugins.orm.hibernate.HibernatePluginSupport$__clinit__closure94.doCall(HibernatePluginSupport.groovy:397)
You seem to be trying to access the user object which is stored in session, can you show us the code.
Try reattaching the detached user object before you access any of the fields.
//get user from session
user.attach()
Related
Injecting AuthzClient in quarkus 1.13 an error occured.
#Inject
AuthzClient authzClient;
Caused by: javax.enterprise.inject.spi.DeploymentException: javax.enterprise.inject.UnsatisfiedResolutionException: Unsatisfied dependency for type org.keycloak.authorization.client.AuthzClient and qualifiers [#Default]
- java member: io.github.jithset.services.KeycloakServices#authzClient
- declared on CLASS bean [types=[io.github.jithset.services.KeycloakServices, java.lang.Object], qualifiers=[#Default, #Any], target=io.github.jithset.services.KeycloakServices]
at io.quarkus.arc.processor.BeanDeployment.processErrors(BeanDeployment.java:1081)
at io.quarkus.arc.processor.BeanDeployment.init(BeanDeployment.java:255)
at io.quarkus.arc.processor.BeanProcessor.initialize(BeanProcessor.java:129)
at io.quarkus.arc.deployment.ArcProcessor.validate(ArcProcessor.java:419)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at io.quarkus.deployment.ExtensionLoader$2.execute(ExtensionLoader.java:920)
at io.quarkus.builder.BuildContext.run(BuildContext.java:277)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2415)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1452)
at java.base/java.lang.Thread.run(Thread.java:829)
at org.jboss.threads.JBossThread.run(JBossThread.java:501)
Caused by: javax.enterprise.inject.UnsatisfiedResolutionException: Unsatisfied dependency for type org.keycloak.authorization.client.AuthzClient and qualifiers [#Default]
- java member: io.github.jithset.services.KeycloakServices#authzClient
- declared on CLASS bean [types=[io.github.jithset.services.KeycloakServices, java.lang.Object], qualifiers=[#Default, #Any], target=io.github.jithset.services.KeycloakServices]
at io.quarkus.arc.processor.Beans.resolveInjectionPoint(Beans.java:484)
at io.quarkus.arc.processor.BeanInfo.init(BeanInfo.java:378)
at io.quarkus.arc.processor.BeanDeployment.init(BeanDeployment.java:247)
If that is not possible how can i check if user has certain permission with access token.
Thanks
I do not agree with #loicmathieu and #Ladicek. If you want to manage protected resources you NEED to be able to inject the AuthzClient.
This a common usecase when you want to implement user managed authorization. A good example is in the keycloak quickstart repo : https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-uma-photoz.
There is an IT test where the AuthzClient is injected in the official quarkus repository : https://github.com/quarkusio/quarkus/blob/9b09229b86b775a9452d09fca42f18e32f81e924/integration-tests/keycloak-authorization/src/main/java/io/quarkus/it/keycloak/ProtectedResource.java
And the use of the AuthzClient is documented here : https://quarkus.io/guides/security-keycloak-authorization#injecting-the-authorization-client
After some experimentation I found that the AuthzClient bean will only exist when quarkus.keycloak.policy-enforcer.enable=true is added to the configuration.
The easiest way to check for permissions is to use the security annotations as explained in the USING OAUTH2 RBAC guide or injext the security context via #Context SecurityContext ctx.
If you want to have access to the token, assuming you're using the authorization code flow, you can inject the JWT token via #Inject JwtToken jwtToken, more details in the USING OPENID CONNECT TO PROTECT WEB APPLICATIONS USING AUTHORIZATION CODE FLOW guide.
If you"re using Keycloack, you can also inject a io.quarkus.security.identity.SecurityIdentity but as #Ladicek said you're not supposed to directly used internal Keycloack classes, see the USING OPENID CONNECT AND KEYCLOAK TO CENTRALIZE AUTHORIZATION guide.
We have recently switched from JAAS to Keycloak. Application is JavaEE application with EJBs & MDBs.
Set keycloak login module in WildFly to propagate user from wen to EJB & it worked.
But facing issue when an EJB is called from MDB. There is anonymoius user in MDB when message received. So that user don't have permission to invoke EJB protected by:
<s:security>
<ejb-name>*</ejb-name>
<s:missing-method-permissions-deny-access>false</s:missing-method-permissions-deny-access>
<s:security-domain>keycloak</s:security-domain>
</s:security>
In JAAS version, we have programmatic login using dedicated mdb user.
loginContext = new LoginContext("ldap", new CallbackHandler() {
#Override
public void handle(Callback[] callbacks) {
...
}
});
loginContext.login();
//Invoke EJB now as logged in user
This have user with required permission. Since now moved to Keycloak, this JAAS login code will not work. What is the option to prevent permission issue in calling EJB from MDB?
When i have a error on a database connection, i need to log it (with Database name and username that tried to connect to the db, don't need to log the password), I use Sprig-Mybatis on my aplication.
Any ideas how to do that?
Best Regards
There is no other special way to do as a simple try/catch in java will get you the expection.
For example a simple program where I am calling a mybatis mapper method:
try{
List result = mapper.myBatisMapperMethod();//this is responsible to set up
//a connection and run a query
}
Suppose the above call fails due to invalid authentication say the below where my password is wrong connection
exception that I usually get in mybatis:
Cause: org.springframework.jdbc.CannotGetJdbcConnectionException: Could not get JDBC Connection; nested exception is org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Login failed for user 'applicationUsername'.)
Caused by: org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Login failed for user 'applicationUsername'.)
at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1225)
at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:880)
at org.springframework.jdbc.datasource.DataSourceUtils.doGetConnection(DataSourceUtils.java:111)
at org.springframework.jdbc.datasource.DataSourceUtils.getConnection(DataSourceUtils.java:77)
... 65 more
Caused by:
com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user 'applicationUsername'.
what I do is have a simple catch to above try you can have an sql exception catched but here I use simply Exception.
catch(Exception e){
//Suppose you are using Log4j You can simply
logger.error("This is my error log message"+e.getMessage());
//The above will log any kind of exception including the authentication fail or you
can specifically log a particular kind of exception.Java wont log failed password it just logs the user who tried unless you explicitly want to log it.
}
I have a bundle that was working completely fine in AEM 6. I just upgraded to AEM 6.1 and when I deploy the bundle, I'm getting the error below:
javax.jcr.LoginException: Cannot derive user name for bundle
org.demo.anthony.mybundle.core [446] and sub service null at
org.apache.sling.jcr.base.AbstractSlingRepository2.loginService(AbstractSlingRepository2.java:336)
at
org.demo.anthony.mybundle.core.impl.EvernoteSyncServiceImpl.getSession(EvernoteSyncServiceImpl.java:108)
at
org.demo.anthony.mybundle.core.impl.EvernoteSyncServiceImpl.syncNotes(EvernoteSyncServiceImpl.java:201)
at
org.demo.anthony.mybundle.core.impl.EvernoteSyncServiceImpl.syncWebClipperNotes(EvernoteSyncServiceImpl.java:174)
at
org.demo.nennig.evernote.core.impl.schedulers.EvernoteSyncTask.run(EvernoteSyncTask.java:96)
at
org.apache.sling.commons.scheduler.impl.QuartzJobExecutor.execute(QuartzJobExecutor.java:105)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202) at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
This is how I'm getting hold of the session (this is line 108 in the code as referenced in the stacktrace):
session = repository.loginService(null, null);
Until AEM 6.0, the services were allowed to be accessed by default "admin" user. From 6.1, you have to specify a "system user" and/or another user for a specific service. You can define these mapping in Sling Service User Mapper
We had similar issues and below are some of my solutions, see if they'll help:
ResourceResolverFactory getServiceResourceResolver throws Exception in AEM 6.1
How to create a system user (rep:SystemUser) in AEM 6.1?
One more example from Adobe:
https://helpx.adobe.com/experience-manager/using/querying-experience-manager-sling.html
I have an application deployed on Glassfish v3.0.1 which reads events from a table in my database. Once ready it marks them as processed. I am getting a strange error I can't explain when trying to call the method which does the update.
#Override
#TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
public void markEventAsProcessed(Long eventId) {
try {
AtlasEventQueueUpdateAsProcessedQuery setEventAsProcessed = new AtlasEventQueueUpdateAsProcessedQuery(entityManager, eventId);
int updateCount = setEventAsProcessed.execute();
logger.debug("Mark Event [" + eventId + "] processed");
return updateCount;
} catch (QueryException ex) {
logger.error("Event [" + eventId + "has not been marked as processed", ex);
}
}
When this is called in my application I am getting the following exception (Full trace at the bottom of the post):
Caused by: javax.ejb.AccessLocalException: Client not authorized for this invocation.
Does anyone know what might cause this error I have loked on the Web but didn't find anything useful.
2010-08-27 09:44:37,380 ERROR [Ejb-Timer-Thread-1 :EventProvider ] Unhandled exception in event processing - javax.ejb.EJBAccessException
javax.ejb.EJBAccessException
at com.sun.ejb.containers.BaseContainer.mapLocal3xException(BaseContainer.java:2262)
at com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:2053)
at com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:1955)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:198)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:84)
at $Proxy190.markEventAsProcessed(Unknown Source)
at com.company.atlas.eventprocessor.provider.EventProvider.processNewEvents(EventProvider.java:170)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1056)
at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:1128)
at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:5292)
at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:615)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:797)
at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:567)
at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doAround(SystemInterceptorProxy.java:157)
at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundTimeout(SystemInterceptorProxy.java:144)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:858)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:797)
at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:367)
at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:5264)
at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:5252)
at com.sun.ejb.containers.BaseContainer.callEJBTimeout(BaseContainer.java:3965)
at com.sun.ejb.containers.EJBTimerService.deliverTimeout(EJBTimerService.java:1667)
at com.sun.ejb.containers.EJBTimerService.access$100(EJBTimerService.java:98)
at com.sun.ejb.containers.EJBTimerService$TaskExpiredWork.run(EJBTimerService.java:2485)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.ejb.AccessLocalException: Client not authorized for this invocation.
at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1850)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:188)
... 34 more
I've deleted the directory domains/domainx/generated/policy/<appname>/
and completly redeployed (not just restarted) the app.. its working now as expected.
The GlassFish documentation has an entry for this error:
javax.ejb.AccessLocalException: Client Not Authorized Error
Description
Role-mapping information is available
in Sun-specific XML (for example,
sun-ejb-jar.xml), and authentication
is okay, but the following error
message is displayed:
[...INFO|sun-appserver-pe8.0|javax.enterprise.system.container.ejb|...|
javax.ejb.AccessLocalException: Client not authorized for this invocation.
at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:...
at com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(...)
Solution
Check whether the EJB module (.jar)
or web module (.war) is packaged in
an application (.ear) and does not
have role-mapping information in
application level, Sun-specific,
sun-application.xml. For any
application (.ear), security
role-mapping information must be
specified in sun-application.xml. It
is acceptable to have both
module-level XML and application-level
XML.
I don't know if it makes sense in your context.
If it doesn't, maybe have a look at the following thread Persisting Entity: javax.ejb.AccessLocalException: Client not authorized for this invocation. One of the poster suggested to set the logging level of the SECURITY Logger to FINE [so that] the Glassfish Policy subsystem will log a detailed message describing the nature of the failed permission check. This might help. And I can't tell you if you're facing the same problem but the OP solved his issue by cleaning the generated policy files:
This exception can also occur, if you try to copy and paste EJB session beans with new methods, as patch files for fixing bugs or incorporating new features. Restarting the server or disabling & enabling the enterprise app will not help, as the EJB Session beans or entities have to be repackaged and redeployed, so that the App server registers the new methods and checks and grants/excludes the access privileges to the new/altered methods in EJB session beans.
I had the same problem here when injecting a Stateless SessionBean (TransactionAttribute.REQUIRES_NEW) into an other Stateless SessionBean. For me restarting the server solved it for me...
Just wanted to let you know ;-)
I had the same issue. I'm not using any kind of access control on the service but on one instance of glassfish everything worked fine, on another, I got this error but only on some methods. I added #PermitAll and redeployed the service and everything started working.
On Glassfish 3.1.2 at least, sometimes a previous iteration of a bean that has changed will choke Glassfish at deployment. The app will run until it gets to whatever bit of code that should be called but can't be because the previously deployed class is still there. I think Glassfish might keep track of each and prevent the new code from calling the old code, but I haven't really been that keen to worry about it as the solution is simple enough:
Stop the server, go to the domain directory and delete all the files and sub-directories in the application directory. Then do the same in the generated and osgi-cache directories. Restart the server and rebuild/redeploy.
I had this same Error but mine was caused from this:
<c:set var="speciesList" value="#{timberSaleController.distinctSaleSpecies}" />
the function:
public List<Species> getDistinctSaleSpecies()
{
return ejbFacade.getDistinctSpeciesForAllSales();
}
when i changed the set tag to this it worked:
<c:set var="speciesList" value="#{timberSaleController.getDistinctSaleSpecies()}" />