1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Anuncie Aqui
  3. Anuncie Aqui
    Anuncie aqui você Também: fdantas@4each.com.br
Cookies A2 Solutions Anuncie Aqui

[JBoss] Why is JBoss EAP 8u5 throwing jakarta.servlet.ServletException: UT010062: No...

Discussão em 'StackOverflow' iniciado por Stack, Fevereiro 12, 2025.

  1. Stack

    Stack Membro Participativo

    I'm trying to configure SSO with LDAP and Kerberos in EAP 8, by migrating a configuration from EAP 7. When logging into my app, it throws the following exception:

    12:25:54,491 ERROR [stderr] (default task-2) jakarta.servlet.ServletException: UT010062: No SecurityContext available
    12:25:54,491 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.spec.HttpServletRequestImpl.login(HttpServletRequestImpl.java:521)
    12:25:54,492 ERROR [stderr] (default task-2) at deployment.phrserver-app-2.0.0.ear.phrserver-web.war//nz.govt.customs.phr.server.web.SecurityFilter.doFilter(SecurityFilter.java:90)
    12:25:54,492 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
    12:25:54,492 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
    12:25:54,492 ERROR [stderr] (default task-2) at deployment.phrserver-app-2.0.0.ear.phrserver-web.war//nz.govt.customs.phr.server.web.CorsFilter.doFilter(CorsFilter.java:38)
    12:25:54,492 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
    12:25:54,493 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
    12:25:54,493 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
    12:25:54,493 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
    12:25:54,493 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
    12:25:54,493 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
    12:25:54,493 ERROR [stderr] (default task-2) at org.wildfly.extension.undertow@8.0.0.GA-redhat-00011//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
    12:25:54,494 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
    12:25:54,494 ERROR [stderr] (default task-2) at io.undertow.core@2.3.10.SP3-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    12:25:54,494 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:276)
    12:25:54,494 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
    12:25:54,494 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:132)
    12:25:54,494 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
    12:25:54,494 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
    12:25:54,498 ERROR [stderr] (default task-2) at org.wildfly.extension.undertow@8.0.0.GA-redhat-00011//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1430)
    12:25:54,498 ERROR [stderr] (default task-2) at org.wildfly.extension.undertow@8.0.0.GA-redhat-00011//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1430)
    12:25:54,499 ERROR [stderr] (default task-2) at org.wildfly.extension.undertow@8.0.0.GA-redhat-00011//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1430)
    12:25:54,499 ERROR [stderr] (default task-2) at org.wildfly.extension.undertow@8.0.0.GA-redhat-00011//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1430)
    12:25:54,499 ERROR [stderr] (default task-2) at org.wildfly.extension.undertow@8.0.0.GA-redhat-00011//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1430)
    12:25:54,499 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:256)
    12:25:54,499 ERROR [stderr] (default task-2) at io.undertow.servlet@2.3.10.SP3-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:101)
    12:25:54,500 ERROR [stderr] (default task-2) at io.undertow.core@2.3.10.SP3-redhat-00001//io.undertow.server.Connectors.executeRootHandler(Connectors.java:393)
    12:25:54,500 ERROR [stderr] (default task-2) at io.undertow.core@2.3.10.SP3-redhat-00001//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:859)
    12:25:54,500 ERROR [stderr] (default task-2) at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
    12:25:54,500 ERROR [stderr] (default task-2) at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
    12:25:54,500 ERROR [stderr] (default task-2) at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
    12:25:54,500 ERROR [stderr] (default task-2) at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
    12:25:54,501 ERROR [stderr] (default task-2) at org.jboss.xnio@3.8.12.SP2-redhat-00001//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)
    12:25:54,501 ERROR [stderr] (default task-2) at java.base/java.lang.Thread.run(Thread.java:840)


    My standalone.xml configuration is as follows:

    <subsystem xmlns="urn:jboss:domain:ejb3:10.0">
    ...
    <default-security-domain value="spnego-security-domain"/>
    <application-security-domains>
    <application-security-domain name="spnego-security-domain" security-domain="spnego-security-domain"/>
    </application-security-domains>
    ...
    </subsystem>
    <subsystem xmlns="urn:wildfly:elytron:18.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
    ...
    <security-domains>
    ...
    <security-domain name="spnego-security-domain" default-realm="customs-ldap-realm">
    <realm name="customs-ldap-realm" role-decoder="groups-to-roles"/>
    </security-domain>
    </security-domains>
    <security-realms>
    ...
    <ldap-realm name="customs-ldap-realm" dir-context="ldap-connection">
    <identity-mapping rdn-identifier="sAMAccountName" search-base-dn="OU=Managed Users,DC=customs,DC=govt,DC=nz">
    <attribute-mapping>
    <attribute from="memberOf" to="Roles" filter="(member={1})" filter-base-dn="CN=Users,DC=customs,DC=govt,DC=nz"/>
    </attribute-mapping>
    </identity-mapping>
    </ldap-realm>
    </security-realms>
    <http>
    ...
    <http-authentication-factory name="spnego-http" security-domain="spnego-security-domain" http-server-mechanism-factory="global">
    <mechanism-configuration>
    <mechanism mechanism-name="SPNEGO"/>
    </mechanism-configuration>
    </http-authentication-factory>
    <provider-http-server-mechanism-factory name="global"/>
    </http>
    <credential-stores>
    <credential-store name="vault" relative-to="jboss.server.config.dir" location="/vault/vault.cr-store" modifiable="true" create="true">
    <implementation-properties>
    <property name="keyStoreType" value="JCEKS"/>
    </implementation-properties>
    <credential-reference clear-text="MASK-0Gn/W1rIBk3OAmqZKgKLA.bEnB.3E1F3;jHto05fT;37"/>
    </credential-store>
    </credential-stores>
    </subsystem>


    My working EAP 7.2.5 configuration looks like:

    <subsystem xmlns="urn:jboss:domain:security:2.0">
    <security-domains>
    <security-domain name="other" cache-type="default">
    <authentication>
    <login-module code="Remoting" flag="optional">
    <module-option name="password-stacking" value="useFirstPass"/>
    </login-module>
    <login-module code="RealmDirect" flag="required">
    <module-option name="password-stacking" value="useFirstPass"/>
    </login-module>
    </authentication>
    </security-domain>
    <security-domain name="jboss-web-policy" cache-type="default">
    <authorization>
    <policy-module code="Delegating" flag="required"/>
    </authorization>
    </security-domain>
    <security-domain name="jaspitest" cache-type="default">
    <authentication-jaspi>
    <login-module-stack name="dummy">
    <login-module code="Dummy" flag="optional"/>
    </login-module-stack>
    <auth-module code="Dummy"/>
    </authentication-jaspi>
    </security-domain>
    <security-domain name="jboss-ejb-policy" cache-type="default">
    <authorization>
    <policy-module code="Delegating" flag="required"/>
    </authorization>
    </security-domain>
    <security-domain name="host" cache-type="default">
    <authentication>
    <login-module code="Kerberos" flag="required">
    <module-option name="storeKey" value="true"/>
    <module-option name="useKeyTab" value="true"/>
    <module-option name="refreshKrb5Config" value="true"/>
    <module-option name="principal" value="${phr.security.servicePrincipalName}"/>
    <module-option name="doNotPrompt" value="true"/>
    <module-option name="keyTab" value="${phr.security.keytab}"/>
    <module-option name="debug" value="true"/>
    </login-module>
    </authentication>
    </security-domain>
    <security-domain name="SPNEGO" cache-type="default">
    <authentication>
    <login-module code="SPNEGO" flag="required">
    <module-option name="password-stacking" value="useFirstPass"/>
    <module-option name="serverSecurityDomain" value="host"/>
    <module-option name="removeRealmFromPrincipal" value="true"/>
    <module-option name="usernamePasswordDomain" value="customs-security-domain"/>
    </login-module>
    <login-module name="LdapExtended-Module" code="LdapExtended" flag="required">
    <module-option name="throwValidateError" value="true"/>
    <module-option name="bindDN" value="${phr.security.bindDN}"/>
    <module-option name="bindCredential" value="${phr.security.bindCredential}"/>
    <module-option name="java.naming.provider.url" value="ldaps://customs.govt.nz:636"/>
    <module-option name="baseCtxDN" value="OU=Managed Users,DC=customs,DC=govt,DC=nz"/>
    <module-option name="baseFilter" value="(sAMAccountName={0})"/>
    <module-option name="rolesCtxDN" value="CN=Users,DC=customs,DC=govt,DC=nz"/>
    <module-option name="roleFilter" value="(member={1})"/>
    <module-option name="roleAttributeID" value="memberOf"/>
    <module-option name="roleAttributeIsDN" value="true"/>
    <module-option name="roleRecursion" value="0"/>
    <module-option name="roleNameAttributeID" value="cn"/>
    <module-option name="password-stacking" value="useFirstPass"/>
    </login-module>
    <login-module code="RoleMapping" flag="optional">
    <module-option name="rolesProperties" value="file:///${jboss.server.config.dir}/rolesMapping-roles.properties"/>
    </login-module>
    </authentication>
    </security-domain>
    <security-domain name="customs-security-domain" cache-type="default">
    <authentication>
    <login-module name="LdapExtended-Module" code="LdapExtended" flag="required">
    <module-option name="java.naming.provider.url" value="ldaps://customs.govt.nz:636"/>
    <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
    <module-option name="java.naming.security.authentication" value="simple"/>
    <module-option name="bindDN" value="${phr.security.bindDN}"/>
    <module-option name="bindCredential" value="${phr.security.bindCredential}"/>
    <module-option name="baseCtxDN" value="OU=Managed Users,DC=customs,DC=govt,DC=nz"/>
    <module-option name="baseFilter" value="(sAMAccountName={0})"/>
    <module-option name="rolesCtxDN" value="CN=Users,DC=customs,DC=govt,DC=nz"/>
    <module-option name="roleFilter" value="(member={1})"/>
    <module-option name="roleAttributeID" value="memberOf"/>
    <module-option name="roleNameAttributeID" value="cn"/>
    <module-option name="roleRecursion" value="0"/>
    <module-option name="roleAttributeIsDN" value="true"/>
    <module-option name="searchScope" value="SUBTREE_SCOPE"/>
    <module-option name="throwValidateError" value="true"/>
    <module-option name="password-stacking" value="useFirstPass"/>
    </login-module>
    <login-module code="RoleMapping" flag="optional">
    <module-option name="rolesProperties" value="file:///${jboss.server.config.dir}/rolesMapping-roles.properties"/>
    </login-module>
    </authentication>
    </security-domain>
    </security-domains>
    </subsystem>


    Can you please advise how to prevent the exception?

    Continue reading...
    Stack, Fevereiro 12, 2025
    #1

Compartilhe esta Página