This discussion is archived
3 Replies Latest reply: Mar 30, 2011 12:53 AM by EJP RSS

Authentication failed when user is required to change his password

JordiPlantalech Newbie
Currently Being Moderated
Hello, I have an ADF application deployed on a Weblogic 10.3.4, whose security uses the company's Active Directory as a security provider. The login works fine as long as the user has nothing special; and in case the login is denied, I can know if the user is locked or disabled. However, if I select in the Active Directory that the user has to change his password in the next login, I have noticed that the login is being rejected as well. Even though I could understand the reason of this behaviour, it is a trouble for me, as I then do not know how to validate the current password in a form that allows the user to change his password as requested. This is because passwords are only managed by the Active Directory through WebLogic Server's security.

This is what I do to validate the user's password (both in the login, or other places where I have such requirement):

FacesContext ctx = FacesContext.getCurrentInstance();
HttpServletRequest request = (HttpServletRequest)ctx.getExternalContext().getRequest();
CallbackHandler handler = new URLCallbackHandler(un, pw);
LdapConnection ldap = new LdapConnection();
try {
// Validate user and password
Subject mySubject = Authentication.login(handler);
} catch (FailedLoginException fle) {
fle.printStackTrace();
} catch (LoginException le) {
le.printStackTrace();
}

And this is the error I get when "Authentication.login(handler)" is being executed if the user is required by the Active Directory to change his password:

javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User gdsldaptest1 javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User gdsldaptest1 denied
     at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
     at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
     at sun.reflect.GeneratedMethodAccessor117.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
     at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
     at java.security.AccessController.doPrivileged(Native Method)
     at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
     at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
     at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
     at sun.reflect.GeneratedMethodAccessor299.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
     at $Proxy25.login(Unknown Source)
     at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
     at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
     at $Proxy43.authenticate(Unknown Source)
     at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
     at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
     at weblogic.security.services.Authentication.doLogin(Authentication.java:133)
     at weblogic.security.services.Authentication.login(Authentication.java:74)
     at weblogic.security.services.Authentication.login(Authentication.java:51)
     at com.grifols.gds.webapp.security.bean.LoginPageBean.doLogin(LoginPageBean.java:81)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.sun.el.parser.AstValue.invoke(Unknown Source)
     at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
     at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53)
     at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1256)
     at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
     at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
     at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
     at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
     at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475)
     at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:765)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:305)
     at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:185)
     at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
     at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
     at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
     at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
     at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
     at java.security.AccessController.doPrivileged(Native Method)
     at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
     at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
     at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
     at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
     at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
     at java.security.AccessController.doPrivileged(Native Method)
     at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
     at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
     at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
     at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
     at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)

Does anyone know how to avoid this exception when the user is required to change his password, or at least, how to validate the user's current password through WebLogic's security in a different way?

Thank you in advance. Don't hesitate to ask me any other information you may need

Jordi

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points