Results 1 to 3 of 3

Thread: Newbie question

  1. Dec 23rd, 2009, 03:16 AM #1
    diddle
    diddle is offline Junior Member
    Join Date
    Dec 2009
    Posts
    2

    Default Newbie question

    I am trying to configure Spring Security 2.0.5 to authenticate against LDAP and not having much luck. The security is forcing me to the login page for protected areas. But when I submit the form I get nothing, no debug, no execptions .. just back to the login form again. If I could see some debug I could have something to work with.

    The login form is submitting to j_spring_security_check with j_username and j_password.

    For the record it is a Struts 2, Spring 2.5.6 app.

    I have tried the following configurations:
    Config 1.
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
    	http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
    	http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">

<ldap-server id="ok_ldap" url="ldap://ldap.mydomain.no:389/"/>
    <ldap-authentication-provider 
            server-ref="ok_ldap"
            group-search-filter="cn={0}" 
            group-search-base="(ou=Auth, dc=mydomain, dc=no)"
            user-search-filter="(employeeNumber={0})"
            user-search-base="ou=People, dc=mydomain, dc=no"
            >
        <password-compare hash="md5"/>
    </ldap-authentication-provider>


	<http auto-config="false">
	
		<intercept-url pattern="/login.action*" filters="none" />
		<intercept-url pattern="/**.action" access="ROLE_USER" />
		
		<form-login login-page="/login.action" authentication-failure-url="/login.action?login_error=1"
			default-target-url="/home.action"/>
			
	
		<logout logout-success-url="/login.action" />

	</http>
</beans:beans>
    Config 2.
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
    	http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
    	http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">

	<beans:bean id="initialDirContextFactory" class="org.springframework.security.ldap.DefaultInitialDirContextFactory">
	
		<beans:constructor-arg value="ldap.mydomain.no:389/ou=people,dc=mydomain,dc=com"/>
	</beans:bean>
	<beans:bean id="authenticator" class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator">
		<beans:constructor-arg ref="initialDirContextFactory" />
		<beans:property name="userDnPatterns">
		<beans:list>
			<beans:value>uid={0},dc=mydomain,dc=com</beans:value>
		</beans:list>
		</beans:property>
		<beans:property name="passwordAttributeName" value="j_password" />
	</beans:bean>
	<beans:bean id="populator"
class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="initialDirContextFactory" />
<beans:constructor-arg value="ou=groups" />
<beans:property name="groupRoleAttribute" value="ou" />
</beans:bean>
	<beans:bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
		<custom-authentication-provider/>
		<beans:constructor-arg ref="authenticator" />
		<beans:constructor-arg ref="populator" />
	</beans:bean>

	<http auto-config="false">
	
		<intercept-url pattern="/login.action*" filters="none" />
		<intercept-url pattern="/**.action" access="ROLE_USER" />
		
		<form-login login-page="/login.action" authentication-failure-url="/login.action?login_error=1"
			default-target-url="/home.action"/>
			
	
		<logout logout-success-url="/login.action" />

	</http>
</beans:beans>
    Thanks for any help.
  2. Dec 23rd, 2009, 06:12 AM #2
    pmularien
    pmularien is offline Senior Member
    Join Date
    Sep 2004
    Location
    Manchester, NH
    Posts
    1,236

    Default

    I'd suggest turning on logging and making sure you are getting GrantedAuthority assigned as you expect from the group lookup.
    Peter Mularien | Blog
    Author, Spring Security 3 (Book) - Packt Publishing, Available in print and eBook form
    SCJP 5, Oracle DBA
    Any postings are my own opinion, and should not be attributed to my employer or clients.
  3. Dec 24th, 2009, 02:23 AM #3
    diddle
    diddle is offline Junior Member
    Join Date
    Dec 2009
    Posts
    2

    Default

    I already have the logging set to DEBUG for org.springframework.security and am seeing nothing. That is the problem. I have logging turned up and would expect to see some sort of error that it cannot reach the server or the group search pattern is wrong, something, anything.

    So what I have configured in the XML looks correct and should work? Am I missing something really obvious.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules