Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:None
-
HD-Chapter:Security
-
HD-Enabler:AuthZForce
Description
Hi,
A user has a problem with the installation of the AuthZForce GE. When
trying to enable it with the command:
asadmin enable authzforce-4.1
He receives the following error:
remote failure: Exception while loading the app
java.lang.IllegalStateException: ContainerBase.addChild: start:
org.apache.catalina.LifecycleException:
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'jndi_configDir': Invocation of init method failed; nested
exception is javax.naming.NamingException: Lookup failed for
'com.thalesgroup.authzforce.config.dir' in
SerialContext[myEnv=
javax.naming.NameNotFoundException: com.thalesgroup.authzforce.config.dir
not found]
Command enable failed.
He tells he has followed the
https://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Authorization_PDP_-_AuthZForce_-_Installation_and_Administration_Guide_%28R4.1%29
and
https://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/AuthZForce_-_Access_Control_-_Installation_and_Administration_Guide
guides.
He also provided a step by step guide of the steps he followed to install
AuthZForce, but it is in spanish. I cc below just in case it can help.
Una vez instalados los serviciso básicos para el funcionamiento del entorno
web, procedemos a instalar las dependencias relacionadas con el GE
"Authorization PDP - AuthZForce".
Para ello nos basamos en la documentación asociada al GE y alojada en
https://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Authorization_PDP_-_AuthZForce_-_Installation_and_Administration_Guide_%28R4.1%29
Comenzamos con la instalación del repositio que contiene el software que
necesitamos:
$ add-apt-repository ppa:webupd8team/java
$ apt-get install software-properties-common
Actualizamos los repositorios e instalamos la versión de Java que
necesmitamos
$ apt-get update
$ apt-get install oracle-java7-installer
Una vez instalados los paquetes, continuamos con la instalación de
Glassfish:
$ wget
http://download.java.net/glassfish/3.1.2.2/release/glassfish-3.1.2.2-unix.sh
Ahora necesitamos generar una plantilla para la instalación en un entorno
sin DISPLAY. Para eso generamos un fichero con nombre
glassfish-install-template.txt y que contiene:
Domain.Configuration.ADMIN_PASSWORD=changeit
Domain.Configuration.ADMIN_PASSWORD_REENTER=changeit
Domain.Configuration.ADMIN_PORT=4848
Domain.Configuration.ADMIN_USER=admin
Domain.Configuration.DOMAIN_NAME=domain1
Domain.Configuration.HTTP_PORT=8080
InstallHome.directory.INSTALL_HOME=/opt/glassfish3
UpdateTool.Configuration.ALLOW_UPDATE_CHECK=false
UpdateTool.Configuration.BOOTSTRAP_UPDATETOOL=false
UpdateTool.Configuration.PROXY_HOST=
UpdateTool.Configuration.PROXY_PORT=
Una vez creado, ya podemos realizar la instalación automatizada.
$ sh glassfish-3.1.2.2-unix.sh -s -a glassfish-install-template.txt
El parámetro -s nos permitirá evitar errores como la falta de un DISPLAY.
Es importante recordar que nuestro hostname debe estar correctamente
configurado en /etc/hosts o el servicio de glassfish devolverá un error de
puerto ya ocupado.
Ahora creamos un script que ejecute asadmin sin necesidad de usar el path
completo
$ vi /usr/local/bin/asadmin
$ chmod 755 /usr/local/bin/asadmin
Una vez finalizada, probamos a iniciar el servicio mediante:
$ asadmin start-domain
Vemos que todo está correcto si la respuesta del servicio es algo como:
Waiting for screen.ly to start ......
Successfully started the domain : screen.ly
domain Location: /opt/glassfish3/glassfish/domains/screen.ly
Log File: /opt/glassfish3/glassfish/domains/screen.ly/logs/server.log
Admin Port: 4848
Command start-domain executed successfully.
Ahora procedemos a instalar el GE de "Authorization PDP - AuthZForce", para
eso necesitamos instalar previamente un descompresor de paquetes:
$ apt-get install unzip
Ahora procedemos con la descarga e instalación, en este caso de la versión
4.1:
$ wget
http://catalogue.fiware.org/sites/default/files/storage/enablers/authzforce-fiware-bin-dist-4.1.zip
$ unzip authzforce-fiware-bin-dist-4.1.zip
$ export GLASSFISH_DOMAIN_DIR=/opt/glassfish3/glassfish/domains/screen.ly
$ cp -a authzforce-fiware-bin-dist-4.1/conf
$GLASSFISH_DOMAIN_DIR/config/authzforce
$ asadmin deploy --name authzforce-4.1 --contextroot authzforce
--enabled=false
authzforce-fiware-bin-dist-4.1/authzforce-fiware-webapp-4.1.war
Application deployed with name authzforce-4.1.
Command deploy executed successfully.
$ asadmin set-web-env-entry --name="com.thalesgroup.authzforce.config.dir"
--type=java.lang.String
--value="file://$GLASSFISH_DOMAIN_DIR/config/authzforce"
--ignoredescriptoritem=true authzforce-4.1
Command set-web-env-entry executed successfully.
$ asadmin set-web-context-param --name="logbackConfigLocation"
--value="file://$GLASSFISH_DOMAIN_DIR/config/authzforce/logback.xml"
--ignoredescriptoritem=true authzforce-4.1
Command set-web-context-param executed successfully.
$ asadmin enable authzforce-4.1
remote failure: Exception while loading the app
java.lang.IllegalStateException: ContainerBase.addChild: start:
org.apache.catalina.LifecycleException:
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'jndi_configDir': Invocation of init method failed; nested
exception is javax.naming.NamingException: Lookup failed for
'com.thalesgroup.authzforce.config.dir' in
SerialContext[myEnv={java.naming.factory.initial=com.sun.enterprise.naming.impl.SerialInitContextFactory,java.naming.factory.state=com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl,java.naming.factory.url.pkgs=com.sun.enterprise.naming}
[Root exception is
javax.naming.NameNotFoundException: com.thalesgroup.authzforce.config.dir
not found]
Command enable failed.
com.thalesgroup.authzforce.config.dir is prevoulsy defined with:
$ asadmin set-web-env-entry --name="com.thalesgroup.authzforce.config.dir"
--type=java.lang.String
--value="file://$GLASSFISH_DOMAIN_DIR/config/authzforce"
--ignoredescriptoritem=true authzforce-4.1
_______________________________________________
Fiware-creatifi-coaching mailing list
Fiware-creatifi-coaching@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-creatifi-coaching
[Created via e-mail received from: Xavier Carol Rossell <xavier.carol@i2cat.net>]
Issue Links
- clones
-
HELC-556
FIWARE.Request.Coach.CreatiFI.General Support #167: Problems with Authorization PDP - AuthZForce GE
-
- Closed
-
Activity
Hello Leandro,
could you please try with version 4.2.0 that we have released recently?
http://catalogue.fiware.org/enablers/authorization-pdp-authzforce/downloads
The installation is now mostly automated, and therefore less error-prone. We also had complaints about Glassfish complexity, and requests to make it work for Tomcat. So now, the installation uses Tomcat instead. The link to the new installation guide is available on the Documentation section:
http://catalogue.fiware.org/enablers/authorization-pdp-authzforce/documentation
The API and user guide remains mostly the same.
Issue email sent to xavier.carol@i2cat.net (generator of the request).
Leandro, please, whether priority is reflecting your reaction need.