Ldap namespace issue

[Alan Stewart]

I recently switched to using the namespace configuration but have run into a problem using property placeholders. I have the following line:

Code:

<security:ldap-authentication-provider server-ref="ldapServer" user-search-filter="(sAMAccountName={0})" user-dn-pattern="CN={0},${ldap.base}" group-role-attribute="ou" />

but I get the following error when the container starts up:

Code:

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#1': Error setting property values; nested exception is org.springframework.beans.PropertyBatchUpdateException; nested PropertyAccessExceptions (1) are:
PropertyAccessException 1: org.springframework.beans.MethodInvocationException: Property 'userDnPatterns' threw exception; nested exception is java.lang.IllegalArgumentException: can't parse argument number ldap.base

When I substitute ${ldap.base} with the actual value from the properties file, all works OK. I have successfully used the placeholders in the <security:ldap-server tag.

Is there anything I can do to use a placeholder, rather than the pattern parser taking it literally?
Thanks
Alan

[jleete]

You've probably sorted it out by now, but it sounds like you might do something with a extension to the DefaultSpringSecurityContextSource. We overrode ours to handle a different problem with the LDAP URL. We ended up with something like

Code:

<bean id="myContextSource" class="my.ContextSource">
  <constructor-arg value="... (LDAP URL, or something appropriate)">
  (property tags for userDn, password, same as Spring class)
</bean>

Then pass the bean ref as a constructor arg to your LDAP Authentication Provider's authenticator and authorities populator:

Code:

<bean id="ldapAuthProvider" class="...LdapAuthenticationProvider">
  <sec:custom-authentication-provider/>
  <constructor-arg>
    <bean class="...BindAuthenticator">
      <constructor-arg ref="myContextSource"/>
    </bean>
   </constructor-arg>
  <constructor-arg>
    <bean class="...DefaultLdapAuthoritiesPopulator">
      <constructor-arg ref="myContextSource"/>
      <constructor-arg value="cn=Groups"/>
    </bean>
   </constructor-arg>
</bean>

<bean id="authenticationManager" class="...ProviderManager">
  <property name="providers">
    <list> <ref local="ldapAuthProvider"/> </list>
  </property>
</bean>

This is all put together with Spring Security 2.0.5.

HTH

[Alan Stewart]

Thanks for this information.

I was trying to use the namespace configuration only. I used to use the following:

Code:

	<bean id="ldapAuthenticationProvider" class="au.com.woolworths.pap.security.LdapAuthenticationProvider">
		<constructor-arg>
			<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
				<constructor-arg ref="contextSource" />
				<property name="userDnPatterns">
					<list>
						<value>CN={0},${ldap.base}</value>
					</list>
				</property>
				<property name="userSearch" ref="userSearch" />
			</bean>
		</constructor-arg>
		<constructor-arg>
			<bean class="au.com.woolworths.pap.security.RolePopulator">
				<constructor-arg ref="userFacade" />
			</bean>
		</constructor-arg>
		<property name="userFacade" ref="userFacade" />
		<property name="userDetailsChecker">
			<bean class="org.springframework.security.authentication.AccountStatusUserDetailsChecker" />
		</property>
	</bean>

Cheers
Alan