https://answers.axonivy.com/questions/asked-by/625/qtdan93/?type=rssQuestions asked by <a href="/users/625/qtdan93" >qtdan93</a>enMon, 25 Jul 2016 12:19:38 -0400https://answers.axonivy.com/questions/1914/custom-servlet-filter<p>Hello all, I have a question : Can I create a custom servlet filter (interceptor) and register it to Ivy Engine Server, so whenever a request is sent to the server, it must pass this custom filter (interceptor) first? And I also see that Ivy has some filter classes in package "ch.ivyteam.ivy.webserver.internal". So if I can register my custom filter, when does it intercept the request (before or after filter in the package above) ?.</p> <p>A little bit about my problem : We have one case that whenever the admin changes the LDAP directory, if the user already logged in the application now no more exist in the new LDAP directory, the exception "PersistentObjectDeletedException" will be thrown. This exception happen when the filter in the package "ch.ivyteam.ivy.webserver.internal" start filtering the request!!</p>qtdan93Mon, 25 Jul 2016 12:19:38 -0400https://answers.axonivy.com/questions/1914/custom-servlet-filtererror-handlinghttps://answers.axonivy.com/questions/1801/issue-when-apply-sso-with-iis-8-and-ivy-server<p>Hi all, Our project requires SSO as an authentication method. I have integrated it with IIS 8 and Ivy Server. But I have 1 issues, when the user accesses our application and his/her account is not in the LDAP directory which I have configured on Ivy Admin, the exception occurs. It seems like the authentication process occurs at IIS layer, then the authorization process occurs later, so the user able to access the "index.jsp" page, but not other page(which require user must be in the LDAP directory) . So my questions are :</p> <ol> <li>How does IIS authenticate user? Which LDAP directory it uses to authenticate user?</li> <li>If those things above is true, (authentication first authorization later) how can I handle when account (which does not exist in the LDAP directory of our app ) access my app? For example, redirect to custom error page.</li> </ol> <p>This is the stack traces when the exception occurs: </p> <pre><code>ch.ivyteam.ivy.persistence.PersistencyException: javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'CN=hcmc-4axonivy,OU=AAVN_HCM,DC=aavn,DC=local' at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem.executeWithCachedContext(JndiSecuritySystem.java:641) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem.synchronizeUser(JndiSecuritySystem.java:1053) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem.findUser(JndiSecuritySystem.java:519) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem.findUser(JndiSecuritySystem.java:1) at ch.ivyteam.ivy.security.internal.SecurityContext$7.execute(SecurityContext.java:439) at ch.ivyteam.ivy.security.internal.SecurityContext$7.execute(SecurityContext.java:1) at ch.ivyteam.ivy.persistence.base.AbstractPersistencyService.execute(AbstractPersistencyService.java:169) at ch.ivyteam.ivy.persistence.base.ClassPersistencyService.execute(ClassPersistencyService.java:648) at ch.ivyteam.ivy.persistence.client.PersistentClientObjectChildren.execute(PersistentClientObjectChildren.java:543) at ch.ivyteam.ivy.security.internal.SecurityContext.execute(SecurityContext.java:1331) at ch.ivyteam.ivy.security.internal.SecurityContext.findUser_aroundBody14(SecurityContext.java:433) at ch.ivyteam.ivy.security.internal.SecurityContext.findUser_aroundBody15$advice(SecurityContext.java:34) at ch.ivyteam.ivy.security.internal.SecurityContext.findUser(SecurityContext.java:1) at ch.ivyteam.ivy.security.internal.WebContainerApprovedUserAuthenticator.findUser(WebContainerApprovedUserAuthenticator.java:83) at ch.ivyteam.ivy.security.internal.WebContainerApprovedUserAuthenticator.authenticate(WebContainerApprovedUserAuthenticator.java:46) at ch.ivyteam.ivy.security.internal.Session.authenticateWebContainerApprovedUser(Session.java:1193) at ch.ivyteam.ivy.webserver.internal.IvySession.authenticateSessionUser(IvySession.java:228) at ch.ivyteam.ivy.webserver.internal.IvySession.getSecuritySession(IvySession.java:142) at ch.ivyteam.ivy.webserver.internal.IvySession.getSession(IvySession.java:127) at ch.ivyteam.ivy.webserver.internal.AbstractServlet.setSession(AbstractServlet.java:489) at ch.ivyteam.ivy.webserver.internal.process.IvyProcessServlet.doRespondAsSystem(IvyProcessServlet.java:51) at ch.ivyteam.ivy.webserver.internal.AbstractServlet.prepareRespondAsSystem(AbstractServlet.java:231) at ch.ivyteam.ivy.webserver.internal.AbstractServlet.access$3(AbstractServlet.java:213) at ch.ivyteam.ivy.webserver.internal.AbstractServlet$2.call(AbstractServlet.java:191) at ch.ivyteam.ivy.security.internal.SecurityManager.executeAsSystem(SecurityManager.java:1467) at ch.ivyteam.ivy.webserver.internal.AbstractServlet.doService(AbstractServlet.java:185) at ch.ivyteam.ivy.webserver.internal.AbstractServlet.doGet(AbstractServlet.java:169) at javax.servlet.http.HttpServlet.service(HttpServlet.java:624) at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) at sun.reflect.GeneratedMethodAccessor123.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:297) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:186) at ch.ivyteam.ivy.webserver.internal.exception.IvyExceptionFilter.doFilter(IvyExceptionFilter.java:49) at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:186) at ch.ivyteam.ivy.webserver.internal.IvyFilter.doFilterInternal(IvyFilter.java:267) at ch.ivyteam.ivy.webserver.internal.IvyFilter.doFilter(IvyFilter.java:172) at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:186) at ch.ivyteam.ivy.webserver.internal.IvyExecuteAsSystemFilter$1.call(IvyExecuteAsSystemFilter.java:45) at ch.ivyteam.ivy.webserver.internal.IvyExecuteAsSystemFilter$1.call(IvyExecuteAsSystemFilter.java:1) at ch.ivyteam.ivy.security.internal.SecurityManager.executeAsSystem(SecurityManager.java:1467) at ch.ivyteam.ivy.webserver.internal.IvyExecuteAsSystemFilter.doFilter(IvyExecuteAsSystemFilter.java:39) at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:186) at ch.ivyteam.ivy.webserver.internal.duplicate.IvyDuplicateRequestFilter.doFilter(IvyDuplicateRequestFilter.java:74) at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:186) at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:89) at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:119) at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:133) at com.google.inject.servlet.GuiceFilter$1.call(GuiceFilter.java:130) at com.google.inject.servlet.GuiceFilter$Context.call(GuiceFilter.java:203) at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:130) at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:549) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:191) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:187) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:186) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at ch.ivyteam.ivy.webserver.internal.PerformanceLogValve.invoke(PerformanceLogValve.java:55) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:190) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'CN=hcmc-4axonivy,OU=AAVN_HCM,DC=aavn,DC=local' at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:330) at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:146) at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:741) at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657) at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104) at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:548) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:276) at ch.ivyteam.ivy.security.internal.jndi.dircontext.LazyBindingDirContextAccess.search(LazyBindingDirContextAccess.java:47) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem$3$1.execute(JndiSecuritySystem.java:1063) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem$3$1.execute(JndiSecuritySystem.java:1) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem.execute(JndiSecuritySystem.java:613) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem$3.call(JndiSecuritySystem.java:1058) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem$3.call(JndiSecuritySystem.java:1) at ch.ivyteam.ivy.security.internal.jndi.JndiSecuritySystem.executeWithCachedContext(JndiSecuritySystem.java:637) </code></pre>qtdan93Mon, 13 Jun 2016 13:03:28 -0400https://answers.axonivy.com/questions/1801/issue-when-apply-sso-with-iis-8-and-ivy-serversso