Error 500 login failure after upgrading Filr license and reconfiguring

  • Document ID:7024596
  • Creation Date:30-Apr-2020
  • Modified Date:30-Apr-2020
    • Micro Focus Products:
      Filr

Environment

Filr 4

Situation

After upgrading from the Filr Standard license to the Filr Advanced license, all users receive the error:

HTTP Status 500 - Internal Service Error

with the message:

Error creating bean with name 'sPropsUtil' defined in ServletContext resoucre [/WEB-INF/context/applicationContext.xml]: Instantiation of bean failed,; nested exception is org.pringframework.beans.BeanInstantiaionException: could not instantiate bean class [org.kablink.teaming.util.SPropsUtil]: Constructor threw exception; nested exception is java.lang.IllegalStateException: PropsUtil is a singleton class

Resolution

Replace the contents of /opt/novell/filr/apache-tomcat/webapps/ssf/WEB-INF/context/security-auth.xml with those from a working system (see "Additional Information" section, below.). Then, restart Filr (rcfilr restart) to enable the new configuration.

Cause

After applying the Filr Advanced license, and then reconfiguring Filr (as required), the /opt/novell/filr/apache-tomcat/webapps/ssf/WEB-INF/context/security-auth.xml file is mistakenly being reset to the default (unconfigured) state which causes Filr startup to fail, resulting in an "Error 500" login failure for all users.

Status

Reported to Engineering

Additional Information

The contents of /opt/novell/filr/apache-tomcat/webapps/ssf/WEB-INF/context/security-auth.xml from a working system:

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
    http://www.springframework.org/schema/aop http://www.springframework.org/schema/context/spring-aop-3.0.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <!-- ============================== Base beans =================================== -->

    <import resource="security-auth-common.xml"/>

    <!-- ============================== Preemptive authentication using HTTP BASIC authorization header  ============================ -->

        <bean id="basicProcessingFilter" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
                <property name="authenticationManager" ref="_authenticationManager"/>
                <property name="ignoreFailure"><value>true</value></property>
        </bean>

    <!-- =================================== OpenID authentication ================================== -->

    <bean id="openidAuthenticationDetailsSource" class="com.novell.teaming.spring.security.openid.OpenIDAuthenticationDetailsSource"/>

    <bean id="openidProcessingFilter" class="com.novell.teaming.spring.security.openid.OpenIDAuthenticationFilter">
        <property name="coreDao" ref="coreDao"/>
        <property name="zoneModule" ref="zoneModule"/>
                <property name="authenticationManager" ref="_authenticationManager"/>
                <!--<property name="filterProcessesUrl" value="/s/portalLogin"/>-->
                <property name="filterProcessesUrl" value="/j_spring_openid_security_check"/>
                <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
                <property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
                <property name="sessionAuthenticationStrategy" ref="sessionAuthenticationStrategy" />
                <property name="authenticationDetailsSource" ref="openidAuthenticationDetailsSource" />
            <property name="consumer">
                <bean class="com.novell.teaming.spring.security.openid.OpenID4JavaConsumer">
                        <constructor-arg>
                            <bean class="org.springframework.security.openid.RegexBasedAxFetchListFactory">
                                <constructor-arg>
                                    <map>
                                        <entry key=".*google.com.*">
                                            <list>
                                                <bean class="org.springframework.security.openid.OpenIDAttribute">
                                                        <constructor-arg value="email"/>
                                                        <constructor-arg value="http://axschema.org/contact/email"/>
                                                        <property name="required"><value>true</value></property>
                                                </bean>
                                                <bean class="org.springframework.security.openid.OpenIDAttribute">
                                                        <constructor-arg value="firstname"/>
                                                        <constructor-arg value="http://axschema.org/namePerson/first"/>
                                                        <property name="required"><value>true</value></property>
                                                </bean>
                                                <bean class="org.springframework.security.openid.OpenIDAttribute">
                                                        <constructor-arg value="lastname"/>
                                                        <constructor-arg value="http://axschema.org/namePerson/last"/>
                                                        <property name="required"><value>true</value></property>
                                                </bean>
                                            </list>
                                        </entry>
                                        <entry key=".*yahoo.com.*">
                                            <list>
                                                <bean class="org.springframework.security.openid.OpenIDAttribute">
                                                        <constructor-arg value="email"/>
                                                        <constructor-arg value="http://axschema.org/contact/email"/>
                                                        <property name="required"><value>true</value></property>
                                                </bean>
                                                <bean class="org.springframework.security.openid.OpenIDAttribute">
                                                        <constructor-arg value="fullname"/>
                                                        <constructor-arg value="http://axschema.org/namePerson"/>
                                                        <property name="required"><value>true</value></property>
                                                </bean>
                                            </list>
                                        </entry>
                                    </map>
                                </constructor-arg>
                            </bean>
                        </constructor-arg>
                </bean>
            </property>
    </bean>

    <!-- ============================== Form-based authentication ============================ -->

    <import resource="security-auth-form-common.xml"/>

    <bean id="_logoutSuccessHandler" class="com.novell.teaming.oauth2.web.LogoutSuccessHandler">
                <constructor-arg value="/ssf/redirect/vibe?user.logout=true"/>
    </bean>

    <bean id="_logoutFilter" class="org.kablink.teaming.spring.security.LogoutFilter" depends-on="sPropsUtil">
        <constructor-arg ref="_logoutSuccessHandler"/>
                <constructor-arg>
                        <list>
                                <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
                        </list>
                </constructor-arg>
                <property name="filterProcessesUrl" value="/s/portalLogout"/>
    </bean>

    <security:http realm="Novell" entry-point-ref="authenticationProcessingFilterEntryPoint" authentication-manager-ref="_authenticationManager">
        <security:custom-filter position="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter"/>
                <security:custom-filter before="FORM_LOGIN_FILTER" ref="basicProcessingFilter"/>
                <security:custom-filter after="FORM_LOGIN_FILTER" ref="openidProcessingFilter"/>
                <security:custom-filter position="LOGOUT_FILTER" ref="_logoutFilter"/>

        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED,ROLE_ANONYMOUS" />
        <security:intercept-url pattern="/rest/admin/**" access="ROLE_ADMIN" />
        <security:intercept-url pattern="/rest/**" access="IS_AUTHENTICATED_FULLY" />

        <security:anonymous granted-authority="ROLE_ANONYMOUS" username="guest"  />

        <!-- OAuth 2.0 Resource Server Filter -->
        <security:custom-filter before="PRE_AUTH_FILTER" ref="OAuth2ResourceServerFilter"/>

        <!-- Token based authentication preauth Filter -->
        <security:custom-filter after="PRE_AUTH_FILTER" ref="TokenBasedPreAuthenticatedProcessingFilter"/>

        <!-- KeyShield SSO Authentication Filter -->
        <security:custom-filter position="PRE_AUTH_FILTER" ref="kshieldAuthenticationFilter"/>

    </security:http>

</beans>