Announcement Announcement Module
Collapse
No announcement yet.
Ldap authentication- intermittent "socket closed" error Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ldap authentication- intermittent "socket closed" error

    Hi all,



    I'm having an intermittent error when trying to authenticate a user using an ldap template. The error is:

    Code:
    [21/Feb/2011:10:17:39] failure (20441): for host 192.168.143.15 trying to POST /CreditUnion/j_spring_security_check, service-j2ee reports: StandardWrapperValve[default]: PWC1406: Servlet.service() for servlet default threw exception
    
    org.springframework.ldap.ServiceUnavailableException: longford:391; socket closed; nested exception is javax.naming.ServiceUnavailableException: longford:391; socket closed; remaining name '/'
    
           at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:212)
    
           at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)
    
           at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)
    
           at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:624)
    
           at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:535)
    
           at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:462)
    
           at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:483)
    
           at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:503)
    
           at org.springframework.ldap.core.LdapTemplate.authenticate(LdapTemplate.java:1482)
    
           at org.springframework.ldap.core.LdapTemplate.authenticate(LdapTemplate.java:1453)
    
           at website.creditunion.web.login.CreditUnionAuthenticationManager.ldapAuthenticate(CreditUnionAuthenticationManager.java:57)
    
           at website.creditunion.web.login.CreditUnionAuthenticationManager.authenticate(CreditUnionAuthenticationManager.java:32)
    
           at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:97)
    
           at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
    
           at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    
           at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
    
           at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    
           at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
    
           at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    
           at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149)
    
           at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
    
           at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
    
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:217)
    
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
    
           at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
    
           at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:255)
    
           at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
    
           at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
    
           at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
    
           at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:187)
    
           at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
    
           at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
    
           at com.sun.webserver.connector.nsapi.NSAPIProcessor.service(NSAPIProcessor.java:160)
    
     
    
    Caused by: javax.naming.ServiceUnavailableException: longford:391; socket closed; remaining name '/'
    
           at com.sun.jndi.ldap.Connection.readReply(Connection.java:419)
    
           at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611)
    
           at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)
    
           at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1962)
    
           at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1824)
    
           at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
    
           at com.sun.jndi.toolkit.ctx.Compone

  • #2
    Which reads to me like the socket is closed so I can't authenticate- get a default error page. If I ctrl+f5 this then it authenticates properly, this error only seems to arrive if there has been no traffic (i.e. login attempts) for some time. Very difficult to trouble shoot as once it's happened it won't occur again for hours, maybe even a full day. I know the socket on the ldap is open (can telnet no prob), and if it was closed why does a second attempt work with no problems?



    My security xml is as follows:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    
     
    
    <beans xmlns="http://www.springframework.org/schema/beans"
    
    xmlns:context="http://www.springframework.org/schema/context"
    
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
    
    xmlns:security="http://www.springframework.org/schema/security"
    
    xmlns:tx="http://www.springframework.org/schema/tx"
    
    xmlns:util="http://www.springframework.org/schema/util"
    
    xsi:schemaLocation="
    
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
    
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
    
    http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
    
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd
    
    http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
    
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    
     
    
     
    
                <security:global-method-security pre-post-annotations="enabled" /> 
    
     
    
    <security:http entry-point-ref="LoginUrlAuthenticationEntryPoint">
    
     
    
                            <security:intercept-url pattern="/CreditUnionLogin.jsp" filters="none"/>
    
                            
    
                            <security:intercept-url pattern="/CreditUnion/CreditUnionLoginFail.jsp" filters="none"/>
    
                            <security:intercept-url pattern="/CreditUnionLoginFail.jsp" filters="none"/>
    
                            <security:intercept-url pattern="/creditunionforgotpassword.jsp" filters="none"/>
    
                            <security:intercept-url pattern="/creditunionregister.jsp" filters="none"/>     
    
                            <security:intercept-url pattern="/**" access="ROLE_USER"/>
    
                            
    
                
    
                
    
      
    
                            <security:logout invalidate-session="true" logout-success-url="/CreditUnionLogin.jsp" />
    
                
    
                            <security:custom-filter before="FORM_LOGIN_FILTER" ref="customisedFormLoginFilter"/>
    
    </security:http>
    
     
    
      
    
        <bean id="customisedFormLoginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" >
    
     
    
                            <property name="authenticationManager" ref="myAuthenticationManager"/> 
    
                            <property name="allowSessionCreation" value="true" /> 
    
                            <property name="authenticationFailureHandler" ref="myFailureHandler" /> 
    
                            <property name="authenticationSuccessHandler" ref="mySuccessHandler" /> 
    
                            <property name="postOnly" value="true"/>
    
    </bean>
    
     
    
     
    
    <bean id="myAuthenticationManager" class="website.creditunion.web.login.CreditUnionAuthenticationManager">
    
                            <property name="ldapTemplate" ref="ldapTemplate" /> 
    
                            <property name="errorResolver" ref="loginErrorResolver" />  
    
                            <property name="dataBaseDAO" ref="dbDao"/>
    
                            
    
    </bean>
    
     
    
     <bean id="mySuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
    
                            <property name="defaultTargetUrl" value="/CreditUnion/CreditUnion.htm?page=creditunionmarketupdate" /> 
    
    </bean>
    
     
    
    <bean id="myFailureHandler" class="website.creditunion.web.login.MyFailureHandler">
    
                            <property name="defaultFailureUrl" value="/CreditUnion/CreditUnionLoginFail.jsp" />
    
                            <property name="loginFailureUrl" value="/CreditUnion/CreditUnionLoginFail.jsp" />
    
                            <property name="logoutUrl" value="/CreditUnion/CreditUnionLogin.jsp" />
    
    </bean>
    
     
    
     
    
     
    
     <security:authentication-manager alias="authenticationManager" />
    
     <bean id="contextSource"
    
            class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    
      <constructor-arg value="ldap://longford:391/ou=CreditUnion,o=website.ie"/>
    
      <property name="base" value="ou=CreditUnion,o=website.ie" />
    
                <property name="userDn" value="ou=CreditUnion,o=website.ie" />
    
                <property name="anonymousReadOnly" value="true" />
    
     
    
    </bean> 
    
     
    
                                                                                                    
    
        <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">    
    
            <constructor-arg ref="contextSource" />
    
        </bean>
    
     
    
                
    
                <bean id="LoginUrlAuthenticationEntryPoint"
    
      class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    
      <property name="loginFormUrl" value="/CreditUnionLogin.jsp" />
    
    </bean>
    
     
    
      
    
     
    
    <bean id="accessDeniedHandler"
    
         class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
    
      <property name="errorPage" value="/creditunionaccessdenied"/>
    
    </bean> 
    
     
    
                <bean id="loginErrorResolver" class="website.creditunion.web.login.ErrorResolver">
    
                                        <property name="errorMap">
    
                                                    <util:map>
    
                                                                <entry key="49" value="error message"/>
    
                                                                <entry key="19" value="error message"/>                                                            
    
                                                                <entry key="999" value="Unknown failure reason"/>
    
                                                                <entry key="1" value="error message"/>
    
                                                    </util:map>
    
                                        </property>                   
    
                
    
    </beans>


    And my custom authentication code is:

    Code:
    private boolean ldapAuthenticate(String username, String password) {
    
                            AndFilter filter = new AndFilter();
    
            filter.and(new EqualsFilter("uid",username));  
    
                CollectingAuthenticationErrorCallback errorCallback = new CollectingAuthenticationErrorCallback();                            
    
            boolean isAuthenticated = ldapTemplate.authenticate(DistinguishedName.EMPTY_PATH, filter.toString(), password, errorCallback);
    
            if (!isAuthenticated){
    
                Exception e = errorCallback.getError();
    
                if (e instanceof InvalidAttributeValueException) {
    
                            if (e.getMessage().contains("error code 49")){
    
                                        AuthenticationException ex = new AuthenticationException(errorResolver.getErrorMessage("49")) {
    
                                                    };
    
                                                    throw ex;
    
                            }
    
                                                    
    
                            else if(e.getMessage().contains("error code 19")){
    
                                        AuthenticationException ex = new AuthenticationException(errorResolver.getErrorMessage("19")) {
    
                                                    };
    
                                                    throw ex;
    
                            }
    
                            
    
                                        }
    
            
    
                else if (e instanceof AuthenticationException){
    
                            AuthenticationException ex = new AuthenticationException(errorResolver.getErrorMessage("49")) {
    
                                                    };
    
                            throw ex;
    
                }
    
                            
    
                else {
    
                            AuthenticationException ex = new AuthenticationException(errorResolver.getErrorMessage("49")) {
    
                                                    };
    
                            throw ex;                       
    
                }
    
            }


    Was wondering if anyone knows anything about this?

    I am using the most recent ldap jar (1.3.1- it's the only one that has the ldapTemplate.authenticate() method which takes an CollectingAuthenticationErrorCallback object, so moving to an older version isn't really an option).

    Any help would be hugely appreciated!

    Thanks.

    Comment


    • #3
      This problem persisted and I have eventually solved it, did both of the below so not exactly sure which fixed it:

      1/ Changed the ldap settings to force it to close inactive connections (thought it was doing that anyway and not a problem for other systems connecting to the same ldap so not sure if this solved the issue)
      2/ Removed virtually all custom code and went with a more generic configuration solution.

      Haven't seen the problem in days now so think it's gone

      Comment

      Working...
      X