Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-58167

JAAS login doesn't work when LiberalScreenNameValidator is enabled and user's screenName contains digits only

    Details

      Description

      Steps to reproduce - Tomcat (Note: other app servers may require different/further or less configuration to enable JAAS, but the portal properties are the same)

      1- Create

      $CATALINA_HOME/conf/jaas.config
      	PortalRealm {
      		com.liferay.portal.security.jaas.PortalLoginModule required debug=true;
      	};
      

      2- Append

      -Djava.security.auth.login.config=$CATALINA_BASE/conf/jaas.config

      to the CATALINA_OPTS/JAVA_OPTS env. variable in setenv.sh
      3- Alter

      ROOT.xml
      
      <Context path="" crossContext="true">
      	<!-- JAAS -->
      
      	<Realm
      		className="org.apache.catalina.realm.JAASRealm"
      		appName="PortalRealm"
      		userClassNames="com.liferay.portal.kernel.security.jaas.PortalPrincipal"
      		roleClassNames="com.liferay.portal.kernel.security.jaas.PortalRole"
      		useContextClassLoader="false"
      	/>
      </Context>
      

      4- Set

      portal-ext.properties
      	company.security.auth.type=screenName
      	portal.jaas.auth.type=screenName
      	portal.jaas.enable=true
      	users.screen.name.validator=com.liferay.portal.security.auth.LiberalScreenNameValidator
      	users.screen.name.allow.numeric=true
      

      5- Start the portal
      6- Create a new user with screen name "12345"
      7- Attempt to login with the new user

      Expected result Login works
      Actual result Login fails, exception is thrown:

      13:27:50,534 INFO  [stdout] (http--127.0.0.1-8080-3) 13:27:50,531 ERROR [http--127.0.0.1-8080-3][SecureFilter:83] com.liferay.portal.NoSuchUserException: No User exists with the pr
      imary key 12345
      13:27:50,535 INFO  [stdout] (http--127.0.0.1-8080-3) com.liferay.portal.NoSuchUserException: No User exists with the primary key 12345
      13:27:50,536 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.service.persistence.UserPersistenceImpl.findByPrimaryKey(UserPersistenceImpl.java:7199)
      13:27:50,537 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.service.persistence.UserPersistenceImpl.findByPrimaryKey(UserPersistenceImpl.java:7217)
      13:27:50,538 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.service.impl.UserLocalServiceImpl.getUserById(UserLocalServiceImpl.java:2711)
      13:27:50,539 INFO  [stdout] (http--127.0.0.1-8080-3)    at sun.reflect.GeneratedMethodAccessor296.invoke(Unknown Source)
      13:27:50,540 INFO  [stdout] (http--127.0.0.1-8080-3)    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      13:27:50,541 INFO  [stdout] (http--127.0.0.1-8080-3)    at java.lang.reflect.Method.invoke(Method.java:606)
      13:27:50,542 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:115)
      13:27:50,544 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.spring.transaction.DefaultTransactionExecutor.execute(DefaultTransactionExecutor.java:62)
      13:27:50,546 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.spring.transaction.TransactionInterceptor.invoke(TransactionInterceptor.java:51)
      13:27:50,549 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:111)
      13:27:50,550 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.spring.aop.ServiceBeanAopProxy.invoke(ServiceBeanAopProxy.java:175)
      13:27:50,552 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.sun.proxy.$Proxy112.getUserById(Unknown Source)
      13:27:50,553 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.service.UserLocalServiceUtil.getUserById(UserLocalServiceUtil.java:2140)
      13:27:50,554 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.util.PortalImpl.getUser(PortalImpl.java:5323)
      13:27:50,555 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.util.PortalUtil.getUser(PortalUtil.java:1536)
      13:27:50,557 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.servlet.filters.secure.SecureFilter.processFilter(SecureFilter.java:288)
      13:27:50,558 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
      13:27:50,559 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
      13:27:50,561 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
      13:27:50,562 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
      13:27:50,564 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.servlet.filters.jsoncontenttype.JSONContentTypeFilter.processFilter(JSONContentTypeFilter.java:42)
      13:27:50,565 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
      13:27:50,566 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
      13:27:50,567 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
      13:27:50,568 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
      13:27:50,569 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.servlet.filters.sso.ntlm.NtlmPostFilter.processFilter(NtlmPostFilter.java:83)
      13:27:50,570 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
      13:27:50,571 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
      13:27:50,572 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
      13:27:50,573 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
      13:27:50,574 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.sharepoint.SharepointFilter.processFilter(SharepointFilter.java:88)
      13:27:50,575 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
      13:27:50,576 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
      13:27:50,577 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
      13:27:50,578 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
      13:27:50,579 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.processFilter(VirtualHostFilter.java:226)
      13:27:50,581 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
      13:27:50,581 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
      13:27:50,583 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
      13:27:50,583 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:185)
      
      13:27:50,585 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
      13:27:50,586 INFO  [stdout] (http--127.0.0.1-8080-3)    at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738)
      13:27:50,586 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.servlet.filters.urlrewrite.UrlRewriteFilter.processFilter(UrlRewriteFilter.java:57)
      13:27:50,587 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
      13:27:50,589 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
      13:27:50,590 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
      13:27:50,591 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:165)
      
      13:27:50,592 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
      13:27:50,593 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:165)
      
      13:27:50,594 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
      13:27:50,595 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:185)
      
      13:27:50,597 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
      13:27:50,598 INFO  [stdout] (http--127.0.0.1-8080-3)    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:119)
      13:27:50,599 INFO  [stdout] (http--127.0.0.1-8080-3)    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
      13:27:50,601 INFO  [stdout] (http--127.0.0.1-8080-3)    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
      13:27:50,601 INFO  [stdout] (http--127.0.0.1-8080-3)    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
      13:27:50,602 INFO  [stdout] (http--127.0.0.1-8080-3)    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
      13:27:50,603 INFO  [stdout] (http--127.0.0.1-8080-3)    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489)
      13:27:50,604 INFO  [stdout] (http--127.0.0.1-8080-3)    at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)
      13:27:50,605 INFO  [stdout] (http--127.0.0.1-8080-3)    at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
      13:27:50,606 INFO  [stdout] (http--127.0.0.1-8080-3)    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
      13:27:50,606 INFO  [stdout] (http--127.0.0.1-8080-3)    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      13:27:50,607 INFO  [stdout] (http--127.0.0.1-8080-3)    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      13:27:50,608 INFO  [stdout] (http--127.0.0.1-8080-3)    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
      13:27:50,609 INFO  [stdout] (http--127.0.0.1-8080-3)    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
      13:27:50,610 INFO  [stdout] (http--127.0.0.1-8080-3)    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)
      13:27:50,611 INFO  [stdout] (http--127.0.0.1-8080-3)    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
      13:27:50,612 INFO  [stdout] (http--127.0.0.1-8080-3)    at java.lang.Thread.run(Thread.java:724)
      

      Doesn't seem to be app-server specific. We could reproduce it on WebLogic also.

        Attachments

        1. fixed.png
          82 kB
          Hong Zhao
        2. reproduced.png
          61 kB
          Hong Zhao

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  4 years, 16 weeks, 3 days ago

                  Packages

                  Version Package
                  6.2.4 CE GA5
                  6.2.X EE
                  7.0.0 Alpha 1