Basic LDAP & DefaultSecurityFilterChain Problem

[ANewSpring]

I'm new to Spring and Spring Security. I've been working my way through the docs on authentication. I've successfully made a small xml file based authentication with Spring 3.1 and Spring 3.1 security. I'm now trying to implement LDAP authentication.

I've been running into an error I haven't been able to figure out how to fix yet.

Here is my web.xml:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<web-app  id="WebApp_ID" version="3.0"
   xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">


  <display-name>Spring Web MVC Application</display-name>

  <servlet>
    <servlet-name>spring3mvcdemo</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
  </servlet>

  <servlet-mapping>
    <servlet-name>spring3mvcdemo</servlet-name>
    <url-pattern>/</url-pattern>
  </servlet-mapping>


  <!-- Help Find The Spring Config Files -->
  <listener>
    <listener-class>
                  org.springframework.web.context.ContextLoaderListener
    </listener-class>
  </listener>

  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
			/WEB-INF/spring3mvcdemo-servlet.xml,
			/WEB-INF/spring3mvcdemo-security.xml
    </param-value>
  </context-param>


  <!-- Spring Security -->
  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
 

  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
 

  <!-- Integrate A Legacy Screen Done With A Servlet -->

  <servlet>
    <servlet-name>HelloWorldServlet</servlet-name>
    <servlet-class>
			com.legacy.HelloWorldServlet
    </servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>HelloWorldServlet</servlet-name>
    <url-pattern>/helloworldservlet</url-pattern>
  </servlet-mapping>

</web-app>

Here is my *-servlet.xml:

Code:

<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:context="http://www.springframework.org/schema/context"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:mvc="http://www.springframework.org/schema/mvc"
  xsi:schemaLocation="http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context-3.0.xsd">


    <context:component-scan base-package="com.controllers" />


    <mvc:resources mapping = "/**" location = "/"/>
    <mvc:annotation-driven/>

    <bean
      class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name = "prefix" value = "/jsp/"/>
        <property name = "suffix" value = ".jsp"/>
    </bean>

    
</beans>

Here is my *-security.xml:

Code:

<beans:beans xmlns="http://www.springframework.org/schema/security"
  xmlns:beans="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 


  <http auto-config="true">
    <intercept-url pattern="/welcome*" access="ROLE_USER" />
    <form-login login-page="/login" default-target-url="/welcome"
      authentication-failure-url="/loginfailed" />
    <logout logout-success-url="/logout" />
  </http>
 
  <ldap-server url = "ldap://ldap-east.blah.blah.org:636/o=blah.org" />

    <authentication-manager>
      <ldap-authentication-provider user-dn-pattern="uid={0},ou=people"/>
    </authentication-manager>

The error message I got:

Code:

org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 
'org.springframework.security.filterChains': 
Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#0'

The full stack:

Code:

org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 
'org.springframework.security.filterChains': 
Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#0'
 
while setting bean property 'sourceList' with key [0]; 
nested exception is org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#0': 
Cannot resolve reference to bean 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0' 
while setting constructor argument with key [2]; 
nested exception is org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0':
Cannot resolve reference to bean 'org.springframework.security.authentication.ProviderManager#0' 
while setting bean property 'authenticationManager'; 
nested exception is org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 'org.springframework.security.authentication.ProviderManager#0': 
Cannot resolve reference to bean 
'org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0' 
while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 'org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0': 
FactoryBean threw exception on object creation; nested exception is org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 'org.springframework.security.authenticationManager': 
Cannot resolve reference to bean 'org.springframework.security.ldap.authentication.LdapAuthenticationProvider#0' 
while setting constructor argument with key [0]; 
nested exception is org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 'org.springframework.security.ldap.authentication.LdapAuthenticationProvider#0': 
Cannot create inner bean '(inner bean)' of type 
[org.springframework.security.ldap.authentication.BindAuthenticator] while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#17': Cannot resolve reference to bean 'org.springframework.security.securityContextSource' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.securityContextSource': Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.ldap.DefaultSpringSecurityContextSource]: Constructor threw exception; nested exception is java.lang.NoClassDefFoundError: org/apache/commons/lang/StringUtils

As an experiment in my war/WEB-INF/lib I installed the full Spring 3.1 dist, the full Spring 1.3.1 LDAP and the full Spring Security 3.1.1. Whatever the problem is, I can't be missing a jar.

Any ideas of what this may be about and what I can try?

Thanks

[radhaspencer]

I have been facing the same issue. I am connecting with a mysql database with spring rel 3.1.1 and I am getting the exact same error.

Did you get this resolved by any chance? Anyone out there have any ideas?

Thanks for any assistance!

[ANewSpring]

Hi radhaspencer;

I started developing my project using ANT. I found a message in my logs at one point saying that a needed LDAP jar for Spring was missing. I put that jar in and then all hell broke loose with that error message above. I heard that Maven manages dependencies for you, even finding and downloading what you need. I took some time out to learn a minimal amount of Maven and I converted my project file layout to use it. That got rid of that error message. I got a few others but resolved them.

Here is a list of the jars in my WEB-INF/lib:

aopalliance-1.0.jar
commons-lang-2.5.jar
commons-logging-1.1.1.jar
jstl-api-1.2-rev-1.jar
jstl-impl-1.2.jar
log4j-1.2.16.jar
spring-aop-3.0.6.RELEASE.jar
spring-asm-3.1.1.RELEASE.jar
spring-beans-3.1.1.RELEASE.jar
spring-context-3.1.1.RELEASE.jar
spring-context-support-3.1.1.RELEASE.jar
spring-core-3.1.1.RELEASE.jar
spring-expression-3.1.1.RELEASE.jar
spring-jdbc-3.0.6.RELEASE.jar
spring-ldap-core-1.3.1.RELEASE.jar
spring-security-acl-3.1.0.RELEASE.jar
spring-security-config-3.1.0.RELEASE.jar
spring-security-core-3.1.0.RELEASE.jar
spring-security-crypto-3.1.0.RELEASE.jar
spring-security-ldap-3.1.0.RELEASE.jar
spring-security-taglibs-3.1.0.RELEASE.jar
spring-security-web-3.1.0.RELEASE.jar
spring-tx-3.0.6.RELEASE.jar
spring-web-3.1.1.RELEASE.jar
spring-webmvc-3.1.1.RELEASE.jar
stax-1.2.0.jar
stax-api-1.0.1.jar

Here is my POM.xml file that Maven uses:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.mycompany.spring3mvcdemo</groupId>
<artifactId>spring3mvcdemo</artifactId>
<packaging>war</packaging>
<version>1.0-SNAPSHOT</version>
<name>spring3mvcdemo webapp</name>
<url>http://maven.apache.org</url>



<dependencies>

<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.16</version>
</dependency>

<dependency>
<groupId>javax.servlet.jsp.jstl</groupId>
<artifactId>jstl-api</artifactId>
<version>1.2-rev-1</version>
<exclusions>
<exclusion>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
</exclusion>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
</exclusions>
</dependency>

<dependency>
<groupId>org.glassfish.web</groupId>
<artifactId>jstl-impl</artifactId>
<version>1.2</version>
<exclusions>
<exclusion>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
</exclusion>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
</exclusion>
</exclusions>
</dependency>


<!-- Spring 3.1.1 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>3.1.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>3.1.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>3.1.1.RELEASE</version>
</dependency>

<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.1.0.RELEASE</version>
</dependency>

<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>3.1.0.RELEASE</version>
</dependency>

</dependencies>



<build>
<finalName>spring3mvcdemo</finalName>

<plugins>

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.3.2</version>
<configuration>
<source>1.5</source>
<target>1.5</target>
</configuration>
</plugin>

</plugins>

</build>
</project>

Here is my *-security.xml file:

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schem...-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">



<s:http auto-config="true">
<s:intercept-url pattern="/welcome*" access="ROLE_USER" />
<s:form-login login-page="/login" default-target-url="/welcome"
authentication-failure-url="/loginfailed" />
<s:logout logout-success-url="/logout" />
</s:http>

<s:ldap-server url = "ldap://ldap-myorg.org:636/o=myorg.org" />

<s:authentication-manager>
<s:ldap-authentication-provider user-dn-pattern="uid={0},ou=people"/>
</s:authentication-manager>

</beans>

Here is my *-servlet.xml:

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/mvc
http://www.springframework.org/schem...ng-mvc-3.0.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schem...-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">


<context:component-scan base-package="com.controllers" />


<mvc:resources mapping = "/**" location = "/"/>
<mvc:annotation-driven/>

<bean
class="org.springframework.web.servlet.view.Intern alResourceViewResolver">
<property name = "prefix" value = "/jsp/"/>
<property name = "suffix" value = ".jsp"/>
</bean>


</beans>

Here is my web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">


<display-name>Spring Web MVC Application</display-name>

<servlet>
<servlet-name>spring3mvcdemo</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherSe rvlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>spring3mvcdemo</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>


<!-- Help Find The Spring Config Files -->
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListe ner
</listener-class>
</listener>

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring3mvcdemo-servlet.xml,
/WEB-INF/spring3mvcdemo-security.xml
</param-value>
</context-param>


<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFil terProxy</filter-class>
</filter>


<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>


<!-- Integrate A Legacy Screen Done With A Servlet -->

<servlet>
<servlet-name>HelloWorldServlet</servlet-name>
<servlet-class>
com.legacy.HelloWorldServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>HelloWorldServlet</servlet-name>
<url-pattern>/helloworldservlet</url-pattern>
</servlet-mapping>

</web-app>

Good luck!