Keep Authentication Required popup window, if logon attempt fails

560 views
Skip to first unread message

manjunath

unread,
Mar 5, 2015, 11:49:05 PM3/5/15
to waffle...@googlegroups.com
Hi,
I have setup the waffle for SSO successfully, and it ask for "Authentication Required" whenever I try to access my application. If I enter correct credentials it logon successfully. But if I enter wrong credentials it gives me 

HTTP Status 500 - The logon attempt failed

type Exception report

message The logon attempt failed

description The server encountered an internal error that prevented it from fulfilling this request.

exception 

com.sun.jna.platform.win32.Win32Exception: The logon attempt failed
	waffle.windows.auth.impl.WindowsAuthProviderImpl.acceptSecurityToken(WindowsAuthProviderImpl.java:134)
	waffle.apache.NegotiateAuthenticator.authenticate(NegotiateAuthenticator.java:97)
	org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
	org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
	org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
	org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
	org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1008)
	org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
	org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
	java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	java.lang.Thread.run(Thread.java:744)

note The full stack trace of the root cause is available in the Apache Tomcat/7.0.40 logs.


My question is instead of showing the error page, can we keep the "Authentication Required" popup window?

My web.xml is
<security-role>
    <role-name>BUILTIN\Users</role-name>
  </security-role>
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>
        SmilesMiles
      </web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>BUILTIN\Users</role-name>
    </auth-constraint>
  </security-constraint>

and Context.xml is
<Context>
  <Valve className="waffle.apache.NegotiateAuthenticator" principalFormat="fqn" roleFormat="both" />
  <Realm className="waffle.apache.WindowsRealm" />
</Context>

Thanks, in advance.

Daniel Doubrovkine

unread,
Mar 6, 2015, 9:17:18 AM3/6/15
to waffle...@googlegroups.com
This isn't "normal", or at least isn't handled properly, possibly in code. This should result in a 401 Access Denied, not in a 500. Try with a Waffle filter instead of the Tomcat valve?

Either way I think this is a bug, you should open it on github.

--
You received this message because you are subscribed to the Google Groups "waffle" group.
To unsubscribe from this group and stop receiving emails from it, send an email to waffle-users...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--

dB. | Moscow - Geneva - Seattle - New York
code.dblock.org - @dblockdotorg - artsy.net - github/dblock

manjunath

unread,
Mar 10, 2015, 6:29:30 AM3/10/15
to waffle...@googlegroups.com
Thanks Daniel...Waffle Filter works like charm :)

Daniel Doubrovkine

unread,
Mar 10, 2015, 8:30:43 AM3/10/15
to waffle...@googlegroups.com

RajaSekhar Chintapalli

unread,
Aug 20, 2015, 2:25:10 AM8/20/15
to waffle
Hi Manjunath,

  Can you please let me how you have resolved this problem, as i am facing the same issue.
  Tried different scenarios but no LUCK.

  Please let me know how you configured Waffle Filters and where we need to configure them (in web.xml ? ).

manjunath

unread,
Sep 3, 2015, 3:09:15 AM9/3/15
to waffle
Hi Raja,
Below is the configuration used for SSO.

In web.xml
I have used Waffle Negotiate Filter as suggested by Daniel.

<filter>
    <filter-name>SecurityFilter</filter-name>
    <filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>
    <init-param>
      <param-name>principalFormat</param-name>
      <param-value>fqn</param-value>
    </init-param>
    <init-param>
      <param-name>roleFormat</param-name>
      <param-value>both</param-value>
    </init-param>
    <init-param>
      <param-name>allowGuestLogin</param-name>
      <param-value>true</param-value>
    </init-param>
    <init-param>
      <param-name>securityFilterProviders</param-name>
      <param-value>
    waffle.servlet.spi.NegotiateSecurityFilterProvider
    waffle.servlet.spi.BasicSecurityFilterProvider
    </param-value>
    </init-param>
    <init-param>
      <param-name>waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols</param-name>
      <param-value>
    Negotiate
    NTLM
    </param-value>
    </init-param>
    <init-param>
      <param-name>waffle.servlet.spi.BasicSecurityFilterProvider/realm</param-name>
      <param-value>MyApp</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>SecurityFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

And make sure you have added required waffle jars in tomcat lib directory.

Thanks
Reply all
Reply to author
Forward
0 new messages