I'm trying to secure parts of my Spring 3 MVC web application by authenticating against my organization's LDAP server. I'm new to LDAP so I'm learning as I go. I've been following the documentation here and the example here but I can't seem to get it right.
Here is my security-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
<!-- Security Configuration -->
<s:http>
<s:intercept-url pattern="/page/tosecure/*" access="ROLE_USER" />
<s:http-basic />
</s:http>
<s:ldap-server root="dc=ldap,dc=sub,dc=myorg,dc=org" url="ldap.sub.myorg.org" port="636" />
<s:authentication-manager>
<s:ldap-authentication-provider user-dn-pattern="uid={0},cn=users" />
<s:authentication-provider ref="ldapAuthProvider" />
</s:authentication-manager>
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldaps://ldap.sub.myorg.org:636/dc=ldap,dc=sub,dc=myorg,dc=org" />
</bean>
<bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userDnPatterns">
<list>
<value>uid={0},cn=users</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource" />
<constructor-arg value="cn=groups" />
<property name="groupRoleAttribute" value="cn" />
</bean>
</constructor-arg>
</bean>
</beans>
And here is the error I am getting (the last few causes listed in the stack trace)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.securityContextSource': Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.ldap.DefaultSpringSecurityContextSource]: Constructor threw exception; nested exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 5. Encountered: "." (46), after : ""
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:288)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1035)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:939)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:323)
... 106 more
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.ldap.DefaultSpringSecurityContextSource]: Constructor threw exception; nested exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 5. Encountered: "." (46), after : ""
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:162)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:121)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:280)
... 115 more
Caused by: org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 5. Encountered: "." (46), after : ""
at org.springframework.ldap.core.DistinguishedName.parse(DistinguishedName.java:224)
at org.springframework.ldap.core.DistinguishedName.<init>(DistinguishedName.java:174)
at org.springframework.ldap.core.support.AbstractContextSource.setBase(AbstractContextSource.java:207)
at org.springframework.security.ldap.DefaultSpringSecurityContextSource.<init>(DefaultSpringSecurityContextSource.java:67)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:147)
... 117 more
Caused by: org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 5. Encountered: "." (46), after : ""
at org.springframework.ldap.core.DnParserImplTokenManager.getNextToken(DnParserImplTokenManager.java:678)
at org.springframework.ldap.core.DnParserImpl.jj_consume_token(DnParserImpl.java:231)
at org.springframework.ldap.core.DnParserImpl.SpacedEquals(DnParserImpl.java:114)
at org.springframework.ldap.core.DnParserImpl.attributeTypeAndValue(DnParserImpl.java:94)
at org.springframework.ldap.core.DnParserImpl.rdn(DnParserImpl.java:58)
at org.springframework.ldap.core.DnParserImpl.dn(DnParserImpl.java:23)
at org.springframework.ldap.core.DistinguishedName.parse(DistinguishedName.java:218)
It appears that it doesn't like the URL that is listed in the the constructor-arg for the contextSource bean although I'm not sure why.
Also, I have a suspicion that other parts of this configuration are incorrect. For instance, I have the ldap server URL defined in the ldap-server tag and in the contextSource bean. That seems like unneeded duplication but it's how it is done in the examples. Could someone take a good look at the configuration to make sure it is sane?
In addition, in case it's necessary, I'll talk a little about our LDAP server layout since it seems to be a little non-standard. A user's DN is constructed by uid={the_user_name},cn=users,dc=ldap,dc=sub,dc=myorg,dc=org. Group DNs are cn={group_name},cn=groups,dc=ldap,dc=sub,dc=myorg,dc=org and the members of a group are defined by a memberUid attribute. I say this is non-standard because, from what I've read, groups should be defined by an ou instead. But hopefully spring security can handle this setup. Does this configuration properly fetch the roles (groups) a user belongs to?
Have you tried removing the ldap-server element? You shouldn't need it and you haven't configured it with a proper URL (it should probably start with ldap:// or ldaps://).
The example you've linked to uses an embedded server and is illustrating both namespace and bean configurations for the same thing.
The group attribute defaults to cn, so that should be correct for your setup. The Javadoc for DefaultLdapAuthoritiesPopulator gives quite a good description of how it works.
Related
<bean id="ABC" someAttribute="DEF">
<property name="A" value="A"/>
<property name="B" ref="a"/>
</bean>
in this xml bean file,
How do I get someAttribute?
plz
I searched things about that on the internet, But I couldn't find answer
I want to add spring social facebook (spring social 1.1.4 and spring social facebook 1.1.1) with spring security 4.0.3 using XML configuration,
I'm unable to add SocialAuthenticationFilter :
<b:bean id="socialAuthenticationFilter" class="org.springframework.social.security.SocialAuthenticationFilter">
<b:constructor-arg index="0" ref="authenticationManager" />
<b:constructor-arg index="1" ref="userIdSource" />
<b:constructor-arg index="2" ref="usersConnectionRepository" />
<b:constructor-arg index="3" ref="socialAuthenticationServiceLocator" />
</b:bean>
the execution fails due to this error message :
GRAVE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#1' while setting bean property 'sourceList' with key [1]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#1': Cannot resolve reference to bean 'socialAuthenticationFilter' while setting constructor argument with key [4]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'socialAuthenticationFilter' defined in ServletContext resource [/WEB-INF/spring/security-context.xml]: Cannot resolve reference to bean 'socialAuthenticationServiceLocator' while setting constructor argument; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'socialAuthenticationServiceLocator' is defined
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:382)
You need a proper socialAuthenticationServiceLocator defined in your context.
<bean id="socialAuthenticationServiceLocator" class="org.springframework.social.security.SocialAuthenticationServiceRegistry">
<property name="authenticationServices">
<list>
<bean class="org.springframework.social.twitter.security.TwitterAuthenticationService">
<constructor-arg value="${twitter.apiKey}" />
<constructor-arg value="${twitter.appSecret}" />
</bean>
</list>
</property>
</bean>
I'm getting a NullPointerException in a class which I can't explain why. It uses Spring Framework version 2.5.6, it's a Spring bean. The line of code at 70 is
userPreferenceService = (UserPreferenceService) MyAppContext.getApplicationContext().getBean("userPreferenceService");
The application context has this
<bean id="userPreferenceService" class="com.service.PreferenceServiceImpl">
<constructor-arg ref="displayFieldsDAO" />
<constructor-arg ref="displayPrefDAO" />
<constructor-arg ref="savedQueryDAO" />
<constructor-arg ref="userDAO" />
</bean>
I can't figure out where the null pointer is coming from. Is it because it can't access the ApplicationContext? If not, this is the only spring bean that it can't access, the many other beans are fine.
Or maybe it's one of the constructor-args that's returning null?
2015-06-15 16:01:39,184 ERROR (com.ui.util.CreateUserSSOFilter:74) -
java.lang.NullPointerException
at com.ui.util.CreateUserSSOFilter.init(CreateUserSSOFilter.java
:70)
at weblogic.servlet.internal.FilterManager$FilterInitAction.run(FilterManager.java:
343)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.ja
va:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.FilterManager.loadFilter(FilterManager.java:96)
at weblogic.servlet.internal.FilterManager.preloadFilters(FilterManager.java:57)
at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletCon
text.java:1872)
at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3
154)
at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1518)
at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:484)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.ja
va:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:
52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.jav
a:119)
at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.j
ava:200)
at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInv
oker.java:247)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.ja
va:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:
52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.jav
a:119)
at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.ja
va:27)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:
52)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChe
cker.java:161)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerI
nvoker.java:79)
at weblogic.deploy.internal.targetserver.operations.AbstractOperation.activate(Abst
ractOperation.java:569)
at weblogic.deploy.internal.targetserver.operations.ActivateOperation.activateDeplo
yment(ActivateOperation.java:150)
at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doCommit(Acti
vateOperation.java:116)
at weblogic.deploy.internal.targetserver.operations.AbstractOperation.commit(Abstra
ctOperation.java:323)
at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentCommit(D
eploymentManager.java:844)
at weblogic.deploy.internal.targetserver.DeploymentManager.activateDeploymentList(D
eploymentManager.java:1253)
at weblogic.deploy.internal.targetserver.DeploymentManager.handleCommit(DeploymentM
anager.java:440)
at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.commit(Deploym
entServiceDispatcher.java:163)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDelivere
r.doCommitCallback(DeploymentReceiverCallbackDeliverer.java:195)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDelivere
r.access$100(DeploymentReceiverCallbackDeliverer.java:13)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDelivere
r$2.run(DeploymentReceiverCallbackDeliverer.java:68)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManage
rImpl.java:545)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
How can one set the connection pool size for a DBCP datasource? Also, is the default datasource pooled?
I tried to set maxTotal (http://commons.apache.org/proper/commons-dbcp/configuration.html), but it returns an invalid property error.
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="${db.driver}"/>
<property name="url" value="${db.url}"/>
<property name="username" value="${db.username}"/>
<property name="password" value="${db.password}"/>
<property name="poolPreparedStatements" value="false"/>
<property name="testWhileIdle" value="true"/>
<property name="testOnBorrow" value="true"/>
<property name="validationQuery" value="SELECT 1 FROM DUAL"/>
<property name="timeBetweenEvictionRunsMillis" value="30000"/>
<property name="maxTotal" value="1"/>
</bean>
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dataSource' defined in class pat
h resource [META-INF/spring/base-gateway.xml]: Error setting property values; nested exception is org.springframework.be
ans.NotWritablePropertyException: Invalid property 'maxTotal' of bean class [org.apache.commons.dbcp.BasicDataSource]: B
ean property 'maxTotal' is not writable or has an invalid setter method. Does the parameter type of the setter match the
return type of the getter?
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCap
ableBeanFactory.java:1361)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBea
nFactory.java:1086)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBea
nFactory.java:517)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanF
actory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.jav
a:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFac
tory.java:580)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationCo
ntext.java:895)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:139)
at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:83)
at sf.av.core.gateway.GenericGateway.main(GenericGateway.java:23)
Caused by: org.springframework.beans.NotWritablePropertyException: Invalid property 'maxTotal' of bean class [org.apache
.commons.dbcp.BasicDataSource]: Bean property 'maxTotal' is not writable or has an invalid setter method. Does the param
eter type of the setter match the return type of the getter?
at org.springframework.beans.BeanWrapperImpl.setPropertyValue(BeanWrapperImpl.java:1024)
at org.springframework.beans.BeanWrapperImpl.setPropertyValue(BeanWrapperImpl.java:900)
at org.springframework.beans.AbstractPropertyAccessor.setPropertyValues(AbstractPropertyAccessor.java:76)
at org.springframework.beans.AbstractPropertyAccessor.setPropertyValues(AbstractPropertyAccessor.java:58)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCap
ableBeanFactory.java:1358)
... 13 more
You most likely have a mismatch between the version of the DBCP jar you are using and the configuration documentation, for example:
Users should also be aware that some configuration options (e.g. maxActive to maxTotal) have been renamed to align them with the new names used by Commons Pool 2.
Does the BasicDataSource class from the jar you are using have the maxTotal setter on it or not?
I'm trying to implement jpa idempotent repository just as described here http://camel.apache.org/file2.html, but i'm getting a Mbean export error.
On my application-context.xml i've the following section.
<bean id="mvStore" class="org.apache.camel.processor.idempotent.jpa.JpaMessageIdRepository" lazy-init="false">
<!-- Here we refer to the spring jpaTemplate -->
<constructor-arg index="0" ref="jpaTemplate" />
<!-- This 2nd parameter is the name (= a cateogry name). You can have different repositories with different names -->
<constructor-arg index="1" value="FileConsumer" />
</bean>
<context:mbean-server id="mbeanServer" />
<context:mbean-export server="mbeanServer" registration="replaceExisting" default-domain="br.com.touchtec"/>
If I remove the above section than the server (tomcat) starts just fine. Can anybody help me on this?
Here's the stack:
Caused by: org.springframework.jmx.export.UnableToRegisterMBeanException: Unable to register MBean [org.apache.camel.processor.idempotent.jpa.JpaMessageIdRepository#6df960c4] with key 'mvStore'; nested exception is javax.management.MalformedObjectNameException: Key properties cannot be empty
at org.springframework.jmx.export.MBeanExporter.registerBeanNameOrInstance(MBeanExporter.java:602)
at org.springframework.jmx.export.MBeanExporter.registerBeans(MBeanExporter.java:527)
at org.springframework.jmx.export.MBeanExporter.afterPropertiesSet(MBeanExporter.java:413)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1477)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1417)
... 50 more
Caused by: javax.management.MalformedObjectNameException: Key properties cannot be empty
at javax.management.ObjectName.construct(ObjectName.java:467)
at javax.management.ObjectName.<init>(ObjectName.java:1403)
at javax.management.ObjectName.getInstance(ObjectName.java:1285)
at org.springframework.jmx.support.ObjectNameManager.getInstance(ObjectNameManager.java:62)
at org.springframework.jmx.export.naming.MetadataNamingStrategy.getObjectName(MetadataNamingStrategy.java:114)
at org.springframework.jmx.export.MBeanExporter.getObjectName(MBeanExporter.java:728)
at org.springframework.jmx.export.MBeanExporter.registerBeanInstance(MBeanExporter.java:631)
at org.springframework.jmx.export.MBeanExporter.registerBeanNameOrInstance(MBeanExporter.java:592)
... 54 more
First of all, I hope you're clear on the fact the jmx part is not necessary to make the Idempotent Repository work. Your error is a pure JMX/Spring error, not linked to Camel.
If you want to use an MBeanExporter, you should read the official documentation on Spring JMX to have a better understaking of this matter.
Your MBeanExporter definition might look like
<bean id="exporter" class="org.springframework.jmx.export.MBeanExporter">
<property name="beans">
<map>
<entry key="bean:name=mvStore" value-ref="mvStore"/>
</map>
</property>
<property name="server" ref="mbeanServer"/>
</bean>