000014238 - java.lang.NoClassDefFoundError: org/hibernate/HibernateException

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014238
Applies ToRSA Authentication Manager 7.1 SDK
Sun Solaris 10
Redhat Advanced Server 4.0
Microsoft Windows 2003 Server
Issuedn.CN=John Doe,CN=Users,DC=rsa,DC=netcom.rsa.common.SystemException: weblogic.utils.NestedException: java.lang.NoClassDefFoundError: org/hibernate/HibernateException
 at com.rsa.command.EJBRemoteTargetBase.executeCommand(EJBRemoteTargetBase.java:167)
 at com.rsa.command.ConnectionFactory$AuthenticatedTarget$1.run(ConnectionFactory.java:570)
 at com.rsa.command.ConnectionFactory$AuthenticatedTarget$1.run(ConnectionFactory.java:568)
 at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:91)
 at com.rsa.security.SecurityContext.doAs(SecurityContext.java:408)
 at com.rsa.command.ConnectionFactory$AuthenticatedTarget.executeCommand(ConnectionFactory.java:575)
 at com.rsa.command.TargetableCommand.execute(TargetableCommand.java:239)
 at com.rsa.command.TargetableCommand.execute(TargetableCommand.java:204)
java.lang.NoClassDefFoundError: org/hibernate/HibernateException
CauseThis exception is thrown when the LookupAMPrincipalCommand class is used to attempt to retrieve a user who does not yet exist within Authentication Manager.
Resolution

When dealing with user identities it is important to remember two distinct categories of LDAP users that can be managed within the system.

  • Users who exist in LDAP and have no SecurID token authenticator assigned to them
  • Users who exist in LDAP and do have a SecurID authenticator assigned to them

The breakdown is not entirely this simple (for example a user in LDAP assigned an Authentication Manager administration role is known to the system) but is suitable for this example. 

This error is generated with the following (wrong) sequence of code which fails to trap that the LookupAMPrincipalCommand() class should only be used against registered users.

     try { 
       SearchPrincipalsCommand searchPrincipalCmd = new SearchPrincipalsCommand(); 
       PrincipalDTO userObj = null; 
       searchPrincipalCmd.setFilter(Filter.equal(PrincipalDTO.LOGINUID, username)); 
       searchPrincipalCmd.setSystemFilter(Filter.empty()); 
       searchPrincipalCmd.setLimit(1); 
       searchPrincipalCmd.setIdentitySourceGuid(idSource.getGuid()); 
       searchPrincipalCmd.setSecurityDomainGuid(domain.getGuid()); 
       searchPrincipalCmd.setGroupGuid(null); 
       searchPrincipalCmd.setAttributeMask(attrMask); 
       searchPrincipalCmd.execute(); 
       userObj = searchPrincipalCmd.getPrincipals()[0]; 
       userGUID = userObj.getGuid(); 
     } 
     catch (Exception ex) { 
       ex.printStackTrace(); 
       return; 
     } 
   
     try { 
       LookupAMPrincipalCommand lookupAMPrincipal = new LookupAMPrincipalCommand(); 
       lookupAMPrincipal.setGuid(userGUID); 
       lookupAMPrincipal.execute(); 
       amUser = lookupAMPrincipal.getAmp();                                     //  This can throw the exception !! 
     } 
     catch (Exception ex) { 
       ex.printStackTrace(); 
       return; 
     } 
   
  To ensure the code runs correctly you should ensure that on 'registered' user details are passed into the LookupAMPrincipalCommand; there are a variety of ways that you can make sure of this - here is one single way where we limit the initial search to look for registered users.  

   try {

     SearchPrincipalsCommand searchPrincipalCmd = new SearchPrincipalsCommand();

     PrincipalDTO userObj = null;

     searchPrincipalCmd.setFilter(Filter.equal(PrincipalDTO.LOGINUID, username));

     searchPrincipalCmd.setSystemFilter(Filter.empty());

     searchPrincipalCmd.setLimit(1);

     searchPrincipalCmd.setIdentitySourceGuid(idSource.getGuid());

     searchPrincipalCmd.setSecurityDomainGuid(domain.getGuid());

      searchPrincipalCmd.setOnlyRegistered(true);

     searchPrincipalCmd.setGroupGuid(null);

     searchPrincipalCmd.setAttributeMask(attrMask);

     searchPrincipalCmd.execute();

     userObj = searchPrincipalCmd.getPrincipals()[0];

     userGUID = userObj.getGuid();

   }

   catch (java.lang.ArrayIndexOutOfBoundsException ex) {

     System.out.println("No registered user with that loginID was found");

     return;

   }

   catch (Exception ex) {

     ex.printStackTrace();

     return;

   }

  try {

       LookupAMPrincipalCommand lookupAMPrincipal = new LookupAMPrincipalCommand(); 
       lookupAMPrincipal.setGuid(userGUID); 
       lookupAMPrincipal.execute(); 
       amUser = lookupAMPrincipal.getAmp();                                      
     } 
     catch (Exception ex) { 
       ex.printStackTrace(); 
       return; 
     } 
   
    
Legacy Article IDa45388

Attachments

    Outcomes