Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-482

Expired password results in a SOAP fault when using the LDAP connector

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Fix
    • Medium
    • None
    • 1.1.1
    • SOAP

    Description

      11:51:57,651 FATAL integration.service.soap.client.SecurityServerClient: Unable to connect to the crowd server: null :Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: Unexpected EOF in prolog
      at [row,col

      {unknown-source}]: [1,0]
      org.codehaus.xfire.XFireRuntimeException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: Unexpected EOF in prolog
      at [row,col {unknown-source}

      ]: [1,0]
      org.codehaus.xfire.fault.XFireFault: Unexpected EOF in prolog
      at [row,col

      {unknown-source}]: [1,0]
      at org.codehaus.xfire.fault.XFireFault.createFault(XFireFault.java:89)
      at org.codehaus.xfire.client.Client.onReceive(Client.java:410)
      at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:139)
      at org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)
      at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)
      at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
      at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)
      at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)
      at org.codehaus.xfire.client.Client.invoke(Client.java:336)
      at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)
      at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)
      at $Proxy0.authenticatePrincipal(Unknown Source)
      at com.atlassian.crowd.integration.service.soap.client.SecurityServerClient.authenticatePrincipal(SecurityServerClient.java:34)
      at com.atlassian.crowd.integration.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:165)
      at com.guidewire.auth.crowd.CrowdServlet.doPost(CrowdServlet.java:106)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Thread.java:595)
      Caused by: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog
      at [row,col {unknown-source}

      ]: [1,0]
      at com.ctc.wstx.sr.StreamScanner.throwUnexpectedEOF(StreamScanner.java:661)
      at com.ctc.wstx.sr.BasicStreamReader.handleEOF(BasicStreamReader.java:2134)
      at com.ctc.wstx.sr.BasicStreamReader.nextFromProlog(BasicStreamReader.java:2040)
      at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1069)
      at org.codehaus.xfire.soap.handler.ReadHeadersHandler.invoke(ReadHeadersHandler.java:44)
      at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
      at org.codehaus.xfire.client.Client.onReceive(Client.java:406)
      ... 27 more

      Which is just very hard to interpret. It turns out on the crowd server side, the log files also had the following stack traces, which were a little more helpful:

      11:23:47,123 ERROR org.codehaus.xfire.handler.DefaultFaultHandler: Could not send fault.
      org.jdom.IllegalDataException: The data "Operation failed; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 532, vece^@]" is not legal for a JDOM character content: 0x0 is not a legal XML character.
      at org.jdom.Text.setText(Text.java:188)
      at org.jdom.Text.<init>(Text.java:99)
      at org.jdom.Element.addContent(Element.java:799)
      at org.codehaus.xfire.util.stax.JDOMStreamWriter.writeCharacters(JDOMStreamWriter.java:208)
      at org.codehaus.xfire.aegis.stax.ElementWriter.writeValue(ElementWriter.java:138)
      at org.codehaus.xfire.aegis.type.basic.StringType.writeObject(StringType.java:26)
      at org.codehaus.xfire.aegis.type.basic.ArrayType.writeValue(ArrayType.java:298)
      at org.codehaus.xfire.aegis.type.basic.ArrayType.writeObject(ArrayType.java:210)
      at org.codehaus.xfire.aegis.type.basic.BeanType.writeObject(BeanType.java:392)
      at org.codehaus.xfire.aegis.AegisBindingProvider.writeParameter(AegisBindingProvider.java:229)
      at org.codehaus.xfire.service.binding.AbstractBinding.writeParameter(AbstractBinding.java:273)
      at org.codehaus.xfire.handler.CustomFaultHandler.handleFault(CustomFaultHandler.java:64)
      at org.codehaus.xfire.handler.CustomFaultHandler.invoke(CustomFaultHandler.java:51)
      at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
      at org.codehaus.xfire.handler.DefaultFaultHandler.sendFault(DefaultFaultHandler.java:88)
      at org.codehaus.xfire.handler.DefaultFaultHandler.invoke(DefaultFaultHandler.java:51)
      at org.codehaus.xfire.service.binding.ServiceInvocationHandler$1.run(ServiceInvocationHandler.java:99)
      at org.codehaus.xfire.service.binding.ServiceInvocationHandler.execute(ServiceInvocationHandler.java:134)
      at org.codehaus.xfire.service.binding.ServiceInvocationHandler.invoke(ServiceInvocationHandler.java:109)
      at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
      at org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64)
      at org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38)
      at org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:304)
      at org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:129)
      at org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:174)
      at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:77)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at com.atlassian.core.filters.gzip.GzipFilter.doFilter(GzipFilter.java:53)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
      at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
      at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
      at java.lang.Thread.run(Thread.java:595)

      It turns out that LDAP error 532 means that the users password is expired. I would like to see the Crowd API handle these sort of exceptions better and, where possible, pass these errors back to the client so that they can be displayed to the user. Telling the user their password is expired at the login page instead of printing a bunch of unintelligible stack traces just seems like a much better UI experience.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. CWD-315 Authentication fails every now and then

          • Medium - Medium priority issues
          • Closed
          mentioned in

          Wiki Page Loading...

          Activity

            People

              Unassigned Unassigned
              justen.stepka@atlassian.com Justen Stepka [Atlassian]
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: