Hi community,

Ich versuche mit dem Modul FS-Personalisation einen Fallback-Login gegen den Permission Service aufzubauen.

Wenn der Kerberis-Login fehlschlägt, soll mit username/password gegen den Permission Service authentifiziert werden.

Beim post auf das Login-Servlet bekomme ich jedoch eine IOException "port out of range:-1", die ich nicht deuten kann.

Vielleicht ein Verbindungsproblem? Die Anwendung läuft auf einem anderen Server, als der, auf dem FS installiert ist.

Wie wird denn der PermissionService kontaktiert?

Oder muss ich die users.xml und groups.xml auch auf dem Zielserver deployen?

Danke für einen Tipp!!

Benny Kannengießer

// re-lounge

Server-Version: 5.1.414.67329

2015-08-31 17:18:43,540 [http-apr-80-exec-79] ERROR de.espirit.firstspirit.opt.personalisation.modules.authentication.PermissionServiceAuthenticationModule - Error while initialising PermissionServiceAuthenticationModule!
de.espirit.firstspirit.common.IOError: java.lang.IllegalArgumentException: port out of range:-1
    at de.espirit.firstspirit.io.servlet.WebAuthentication$ManagerProviderConnection.connect(WebAuthentication.java:1300)
    at de.espirit.firstspirit.io.servlet.WebAuthentication$ManagerProviderConnection.getConnectedManagerProvider(WebAuthentication.java:1229)
    at de.espirit.firstspirit.io.servlet.WebAuthentication.getManagerProvider(WebAuthentication.java:173)
    at de.espirit.firstspirit.opt.personalisation.modules.authentication.PermissionServiceAuthenticationModule.start(PermissionServiceAuthenticationModule.java:75)
    at de.espirit.firstspirit.opt.personalisation.modules.authentication.PermissionServiceAuthenticationModule.checkAuthorisation(PermissionServiceAuthenticationModule.java:39)
    at de.espirit.firstspirit.opt.personalisation.LoginManager.performLogin(LoginManager.java:192)
    at de.espirit.firstspirit.opt.personalisation.servlets.LoginServlet.doPost(LoginServlet.java:50)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2441)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2430)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: port out of range:-1
    at java.net.InetSocketAddress.checkPort(InetSocketAddress.java:143)
    at java.net.InetSocketAddress.<init>(InetSocketAddress.java:224)
    at de.espirit.firstspirit.client.io.SocketPool._connectChannel(SocketPool.java:208)
    at de.espirit.firstspirit.client.io.SocketPool._connectSocket(SocketPool.java:180)
    at de.espirit.firstspirit.client.io.SocketPool.connectSocket(SocketPool.java:140)
    at de.espirit.firstspirit.client.io.SocketPool.leaseSocket(SocketPool.java:67)
    at de.espirit.firstspirit.client.io.SocketServerCaller.leaseClient(SocketServerCaller.java:137)
    at de.espirit.firstspirit.client.io.SocketServerCaller.leaseClient(SocketServerCaller.java:26)
    at de.espirit.firstspirit.client.io.ServerCaller.call(ServerCaller.java:232)
    at de.espirit.firstspirit.client.io.ServerCaller._call(ServerCaller.java:518)
    at de.espirit.firstspirit.client.io.ServerCaller.ping(ServerCaller.java:449)
    at de.espirit.firstspirit.client.io.SocketServerCaller.initSocketCommunicationOK(SocketServerCaller.java:97)
    at de.espirit.firstspirit.client.io.SocketServerCaller.doConnect(SocketServerCaller.java:73)
    at de.espirit.firstspirit.client.io.ServerCaller.connect(ServerCaller.java:139)
    at de.espirit.firstspirit.io.servlet.WebAuthentication$ManagerProviderConnection.connect(WebAuthentication.java:1291)
    ... 31 more

personalization.xml:

<FIRSTPERSONALISATION>
    <LOGIN_PACKAGES>
        <LOGIN_PACKAGE name="Kerberos" priority="0">
            <LOGIN_MODULE class="de.espirit.firstspirit.opt.personalisation.modules.login.KerberosLoginModule" name="Kerberos Login">
                <PARAMETER_ENTRY name="userAgents" value=".*(Firefox|Iceweasel|Konqueror|MSIE|Opera|Safari|Shiretoko|Gecko).*" />
                <PARAMETER_ENTRY name="useFullPrincipal" value="false" />
            </LOGIN_MODULE>
            <ATTRIBUTES_MODULE class="de.espirit.firstspirit.opt.personalisation.modules.attributes.LDAPAttributesModule" name="LDAP">
                <PARAMETER_ENTRY name="search.base_dn" value="OU=Abteilungen,DC=e-spirit,DC=intern" />
                <PARAMETER_ENTRY name="bind_dn" value="CN=Remotezugriff re-lounge allgemein,OU=Fremdfirmenzugriff,OU=Sonstige,OU=Abteilungen,DC=e-spirit,DC=intern" />
                <PARAMETER_ENTRY name="search.filter" value="(sAMAccountName=$USER_LOGIN$)" />
                <PARAMETER_ENTRY name="bind_password" value="test" />
                <PARAMETER_ENTRY name="host_url" value="ldap://srvdcfr1.e-spirit.intern,ldap://srvdcfr5.e-spirit.intern" />
                <PARAMETER_ENTRY name="ssl" value="false" />
                <PARAMETER_ENTRY name="attributes" value="cn, displayName, givenName, name, sn, telephoneNumber, department" />
                <PARAMETER_ENTRY name="mode" value="search_compare" />
            </ATTRIBUTES_MODULE>
            <GROUPS_MODULE class="de.espirit.firstspirit.opt.personalisation.modules.groups.LDAPGroupsModule" name="LDAP Group">
                <PARAMETER_ENTRY name="group_attribute" value="memberOf" />
                <PARAMETER_ENTRY name="bind_dn" value="CN=Remotezugriff re-lounge allgemein,OU=Fremdfirmenzugriff,OU=Sonstige,OU=Abteilungen,DC=e-spirit,DC=intern" />
                <PARAMETER_ENTRY name="bind_password" value="test" />
                <PARAMETER_ENTRY name="host_url" value="ldap://srvdcfr1.e-spirit.intern,ldap://srvdcfr5.e-spirit.intern" />
                <PARAMETER_ENTRY name="user_dn" value="not-used" />
                <PARAMETER_ENTRY name="ssl" value="false" />
            </GROUPS_MODULE>
        </LOGIN_PACKAGE>
        <LOGIN_PACKAGE name="permissionService" priority="1">
            <LOGIN_MODULE class="de.espirit.firstspirit.opt.personalisation.modules.login.RequestParameterLoginModule" name="Request Parameter Login">
            </LOGIN_MODULE>
            <AUTHENTICATION_MODULE class="de.espirit.firstspirit.opt.personalisation.modules.authentication.PermissionServiceAuthenticationModule" name="Permission Service">
                <PARAMETER_ENTRY name="UserFilePath" value="users.xml" />
                <PARAMETER_ENTRY name="createCookie" value="false" />
            </AUTHENTICATION_MODULE>
            <GROUPS_MODULE class="de.espirit.firstspirit.opt.personalisation.modules.groups.PermissionServiceGroupsModule" name="Permission Service">
                <PARAMETER_ENTRY name="UserFilePath" value="users.xml" />
            </GROUPS_MODULE>
        </LOGIN_PACKAGE>
    </LOGIN_PACKAGES>
    <GLOBAL_CONFIG_PARAMETERS>
        <PARAMETER_ENTRY name="useDummyUser" value="false" />
        <PARAMETER_ENTRY name="activateEveryoneGroup" value="true" />
        <PARAMETER_ENTRY name="everyoneGroupString" value="" />
        <PARAMETER_ENTRY name="ssoCookieName" value="" />
        <PARAMETER_ENTRY name="ssoCookieLifetime" value="" />
        <PARAMETER_ENTRY name="ssoCookieDomain" value="" />
        <PARAMETER_ENTRY name="log4JFallbackConfigFile" value="/WEB-INF/fsp-logging.conf" />
    </GLOBAL_CONFIG_PARAMETERS>
</FIRSTPERSONALISATION>