问题
I am overriding the method doGetExternalRoleListOfUser of the class classActiveDirectoryUserStoreManager in WSO2 IS. I do this to make IS return Active Directory nested group of a user since IS just return "direct" groups of a user as OOB feature.
The code is quite simple, but when we consume the IS service getUserClaimValues to check the information of a user, I get the following soapFault error:
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>Error occurred while accessing Java Security Manager Privilege Block</faultstring>
<detail>
<ns:RemoteUserStoreManagerServiceUserStoreException xmlns:ns="http://service.ws.um.carbon.wso2.org">
<UserStoreException xsi:type="ax2656:UserStoreException" xmlns="http://service.ws.um.carbon.wso2.org" xmlns:ax2657="http://api.user.carbon.wso2.org/xsd" xmlns:ax2656="http://core.user.carbon.wso2.org/xsd" xmlns:ax2664="http://tenant.core.user.carbon.wso2.org/xsd" xmlns:ax2660="http://dao.service.ws.um.carbon.wso2.org/xsd" xmlns:ax2662="http://common.mgt.user.carbon.wso2.org/xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
</ns:RemoteUserStoreManagerServiceUserStoreException>
</detail>
</soapenv:Fault>
the following log appears in IS log:
ERROR {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Error occurred while accessing Java Security Manager Privilege Block
ERROR {org.wso2.carbon.identity.user.profile.ui.client.UserProfileCient} - org.apache.axis2.AxisFault: org.apache.axis2.databinding.ADBException: Unexpected subelement {http://base.identity.carbon.wso2.org/xsd}code
The code is quite simple, just access to Active Directory to retrieve nested group of each group of the user, returning it in a String []
This is the debug log:
[2016-06-30 11:15:03,736] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user 00269097C
[2016-06-30 11:15:03,737] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - value after escaping special characters in 00269097C : 00269097C
[2016-06-30 11:15:03,784] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user with SearchFilter: (&(objectClass=person)(cn=00269097C)) in SearchBase:
[2016-06-30 11:15:03,810] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Name in space for 00269097C is CN=00269097C,OU=Usuarios,DC=dc1,DC=dc2,DC=and
[2016-06-30 11:15:03,811] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User: 00269097C exist: true
[2016-06-30 11:15:03,859] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user with SearchFilter: (&(objectClass=person)(cn=00269097C)) in SearchBase:
[2016-06-30 11:15:03,860] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting attribute :streetAddress
[2016-06-30 11:15:03,861] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting attribute :mail
[2016-06-30 11:15:03,861] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting attribute :sn
[2016-06-30 11:15:03,862] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting attribute :organizationName
[2016-06-30 11:15:03,863] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting attribute :telephoneNumber
[2016-06-30 11:15:03,863] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting attribute :role
[2016-06-30 11:15:03,863] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting attribute :profileConfiguration
[2016-06-30 11:15:03,864] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting attribute :givenName
[2016-06-30 11:15:03,864] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting attribute :im
[2016-06-30 11:15:03,865] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting attribute :url
[2016-06-30 11:15:03,865] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting attribute :country
[2016-06-30 11:15:03,866] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Requesting attribute :mobile
[2016-06-30 11:15:03,891] DEBUG {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Retrieving internal roles for user name : 00269097C and search filter *
[2016-06-30 11:15:03,893] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user 00269097C
[2016-06-30 11:15:03,893] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - value after escaping special characters in 00269097C : 00269097C
[2016-06-30 11:15:03,942] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user with SearchFilter: (&(objectClass=person)(cn=00269097C)) in SearchBase:
[2016-06-30 11:15:03,968] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Name in space for 00269097C is CN=00269097C,OU=Usuarios,DC=dc1,DC=dc2,DC=and
[2016-06-30 11:15:03,969] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User: 00269097C exist: true
[2016-06-30 11:15:04,088] ERROR {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Error occurred while accessing Java Security Manager Privilege Block
[2016-06-30 11:15:04,095] ERROR {org.wso2.carbon.identity.user.profile.ui.client.UserProfileCient} - org.apache.axis2.AxisFault: org.apache.axis2.databinding.ADBException: Unexpected subelement {http://base.identity.carbon.wso2.org/xsd}code
Any help?
I have found out that it might be that the IS web service client is not up-to-date and that causes the validation error shown. Could it be possible? How can I find that client and version?
来源:https://stackoverflow.com/questions/38116572/java-security-error-when-overriding-dogetexternalrolelistofuser-in-wso2-is