opensso
  1. opensso
  2. OPENSSO-5853

Unable to send mail in HOTP module after sending mail through password reset service

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: current
    • Fix Version/s: build9a
    • Component/s: authentication
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: Macintosh

    • Issuezilla Id:
      5,853

      Description

      Steps to reproduce:
      1. setup password reset service for a user (e.g. testuser)

      • configure SUN DS as datastore
      • create a user and configure email address & password reset
        service questions
        2. setup HOTP authentication module to use email only, creates a chain
        (e.g. "hotp") which contains DataStore & HOTP module as required.
        3. access password reset service :
        http://host:port/opensso/password
        enter user name (e.g. testuser) and password reset question.
        An email will be sent to the configured Email address.
        verify the password by login using datastore module
        4. try authentication using the chain containing the HOTP module:
        http://host:port/opensso/UI/Login?service=hotp
        login to datastore authentication, then click "Request OTP Code",
        following exception shown in Authentication debug:

      amAuthHOTP:12/04/2009 03:40:57:206 PM PST: Thread[http-6060-4,5,main]
      ERROR: DefaultSMSGatewayImpl.sendSMSMessage() : Exception in sending HOTP code :
      java.lang.SecurityException: Access to default session denied
      at javax.mail.Session.getDefaultInstance(Session.java:288)
      at com.iplanet.am.util.AMSendMail.postMail(AMSendMail.java:168)
      at
      com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl.sendSMSMessage(DefaultSMSGatewayImpl.java:91)
      at
      com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl.sendEmail(DefaultSMSGatewayImpl.java:120)
      at com.sun.identity.authentication.modules.hotp.HOTP.sendSMS(HOTP.java:413)
      at com.sun.identity.authentication.modules.hotp.HOTP.sendHOTPCode(HOTP.java:316)
      at com.sun.identity.authentication.modules.hotp.HOTP.process(HOTP.java:245)
      at
      com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:868)
      at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1033)
      at sun.reflect.GeneratedMethodAccessor65.invoke(Unknown Source)
      at
      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:204)
      at com.sun.identity.authentication.jaas.LoginContext.login(LoginContext.java:120)
      at
      com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:528)
      at
      com.sun.identity.authentication.server.AuthContextLocal.submitRequirements(AuthContextLocal.java:696)
      at
      com.sun.identity.authentication.UI.LoginViewBean.processLoginDisplay(LoginViewBean.java:1419)
      at
      com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.java:850)
      at
      com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:517)
      at
      com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
      at
      com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
      at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
      at
      org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
      at
      org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:91)
      at
      org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at
      org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at
      org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
      at
      org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567)
      at
      org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
      at
      org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
      at java.lang.Thread.run(Thread.java:619)

      the exception won't occur if HOTP is run without running the password reset
      service.

      1. CRT_approved:5853
        0.1 kB
        veiming
      2. CRT_submittal:5853
        18 kB
        qcheng

        Activity

        Hide
        qcheng added a comment -

        Created an attachment (id=10265)
        CRT_submittal:5853

        Show
        qcheng added a comment - Created an attachment (id=10265) CRT_submittal:5853
        Hide
        veiming added a comment -

        Created an attachment (id=10266)
        CRT_approved:5853

        Show
        veiming added a comment - Created an attachment (id=10266) CRT_approved:5853
        Hide
        qcheng added a comment -

        fixed in build 9a

        Show
        qcheng added a comment - fixed in build 9a

          People

          • Assignee:
            qcheng
            Reporter:
            qcheng
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: