Spring Security 2.0.5 and LDAP

[xinyingho]

Hi there,

I'm currently using Spring 2.5.6 with Spring Security 2.0.5.
I'm trying to connect to an AD through a SSL encrypted ldap connection with a X.509 client certificate.

I'm lost because there are obviously some dependencies to Spring-LDAP but I don't know which version I should use. I can see version 1.2, 1.2.1, 1.3.0, 3.0.0, 3.0.1 and 3.0.2.

I think that I should use 1.3.0 as 3.0.x should be synchronized versions with the latest Spring Security 3. But I'm not sure as in another thread somebody said that 1.3.0 has broken changes that make it not compatible with Spring Security 2.0.5...
If it's true, then 1.3.0 is meant to be used with which version of Spring Security?

Moreover, I saw that to enable SSL connection I cannot use the ldap-ser and ldap-authentication-provider tags, but I should instead make it through regular bean tags instantiating LDAP Context Source, LDAP Authentication, etc. Is is true?

[xinyingho]

Eventually, I was able to use Spring LDAP 1.3.0.
I made it using the ldap-server tag shortcuts and the regular bean tags through a Context Source and so on.

However with both solutions I get the same error each time:
- I'm using a ldap connection with SSL, a server-side X.509 certificate and simple user authentication.
- The server certificate is in the default Java trustStore.
- My app can connect to AD, certificate are trusted, a session is opened, AD send back user information but then the connection is closed unexpectedly without even doing user autehentication.

When I run the app with -Djavax.net.debug=all, I can see those lines at the end of the trace, just after the user information decryption trame:

Code:

Padded plaintext before ENCRYPTION:  len = 52
0000: 30 22 02 01 03 42 00 A0   1B 30 19 04 17 32 2E 31  0"...B...0...2.1
0010: 36 2E 38 34 30 2E 31 2E   31 31 33 37 33 30 2E 33  6.840.1.113730.3
0020: 2E 34 2E 32 45 40 D3 0C   56 69 A2 FD 80 DA 3F 3A  .4.2E@..Vi....?:
0030: 0B 7F 40 3C                                        ..@<
25292190@qtp-5442802-0, WRITE: TLSv1 Application Data, length = 52
[Raw write]: length = 57
0000: 17 03 01 00 34 AC 61 93   8C 29 2B 18 43 B3 25 85  ....4.a..)+.C.%.
0010: 3F 64 31 85 1D E9 C7 0B   0D F0 50 BE 45 CD 89 62  ?d1.......P.E..b
0020: 2E E8 1A 41 F0 FF E8 1F   AE 62 C3 34 EA 50 F3 4D  ...A.....b.4.P.M
0030: F5 5A 8D 73 E6 DB 72 38   A1                       .Z.s..r8.
25292190@qtp-5442802-0, called close()
25292190@qtp-5442802-0, called closeInternal(true)
25292190@qtp-5442802-0, SEND TLSv1 ALERT:  warning, description = close_notify
Padded plaintext before ENCRYPTION:  len = 18
0000: 01 00 75 10 9D 53 25 A2   0C 18 FD A7 B0 45 86 1D  ..u..S%......E..
0010: 2D 71                                              -q
25292190@qtp-5442802-0, WRITE: TLSv1 Alert, length = 18
[Raw write]: length = 23
0000: 15 03 01 00 12 7F D8 B8   2E BA 9D C6 5D 6D 74 F6  ............]mt.
0010: F5 B0 47 AC 5A 61 BE                               ..G.Za.
Thread-15, handling exception: java.net.SocketException: socket closed
%% Invalidated:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
Thread-15, SEND TLSv1 ALERT:  fatal, description = unexpected_message
Padded plaintext before ENCRYPTION:  len = 18
0000: 02 0A C0 76 2C E5 62 83   74 D8 AE 55 AD 8C 76 CC  ...v,.b.t..U..v.
0010: 8D 25                                              .%
Thread-15, WRITE: TLSv1 Alert, length = 18
Thread-15, Exception sending alert: java.net.SocketException: Socket closed
Thread-15, called closeSocket()

It seems like my app is sending back the password to the socket for user authentication but then immediately close the connection...Somebody has any idea?

[xinyingho]

Ok it seems I'll do this thread all by myself...

Well, the socket exception is actually normal, it does happen with each connection closed.
Then I didn't provided any RoleFiltering to the authentication class, it's actually mandatory to make it works.
And then for my tests, I put some dummy roles to check stuff where I should have put IS_AUTHENTICATED_xx as an access name for every http intercept-url to simplify the test...