Announcement Announcement Module
Collapse
No announcement yet.
Spring Security 3 and CAS login Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    your XML file give me the following error


    2012-06-26 09:22:02,562 [main] ERROR org.springframework.web.context.ContextLoader - Context initialization failed
    org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityF ilterChain#0' while setting bean property 'sourceList' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'org.springframework.security.web.DefaultSecurityF ilterChain#0': Cannot resolve reference to bean 'casFilter' while setting constructor argument with key [2]; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'casFilter' defined in ServletContext resource [/WEB-INF/security-CAS.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.NoSuchBeanDefini tionException: No bean named 'authenticationManager' is defined
    at org.springframework.beans.factory.support.BeanDefi nitionValueResolver.resolveReference(BeanDefinitio nValueResolver.java:328)

    Comment


    • #17
      Hi,

      My XML sample configuration file works fine.
      But you replace :

      Code:
          <sec:authentication-manager alias="authenticationManager">
              <sec:authentication-provider ref="casAuthenticationProvider" />
          </sec:authentication-manager>
      by :

      Code:
      	<authentication-manager alias="authManager">
      		<authentication-provider ref="casAuthProvider" />
      	</authentication-manager>
      That's why you get the error telling you the bean "authenticationManager" is not defined.
      Best regards,
      Jérôme

      Comment


      • #18
        old information

        that must of been old information. my xml looks like

        Code:
        <beans xmlns:sec="http://www.springframework.org/schema/security" xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
                http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
                http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
        
            <sec:http entry-point-ref="casEntryPoint">
                <sec:intercept-url pattern="/sso/**" access="IS_AUTHENTICATED_FULLY" />
                <sec:intercept-url pattern="/rme/**" access="IS_AUTHENTICATED_REMEMBERED" />
                <sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
                <sec:logout />
                <sec:custom-filter position="CAS_FILTER" ref="casFilter" />
            </sec:http>
        
            <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
                <property name="service" value="https://wcmisdlin07.uftmasterad.org:8443/MemberInquiry/j_spring_cas_security_check" />
                <property name="sendRenew" value="false" />
            </bean>
        
            <bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
                <property name="authenticationManager" ref="authenticationManager" />
            </bean>
        
            <bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
                <property name="loginUrl" value="https://wcmisdlin07.uftmasterad.org:8443/cas-server-webapp/login" />
                <property name="serviceProperties" ref="serviceProperties" />
            </bean>
        
           <sec:authentication-manager alias="authenticationManager">
                <sec:authentication-provider ref="casAuthenticationProvider" />
            </sec:authentication-manager>
            
                 <bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
                <property name="authenticationUserDetailsService" ref="casUserDetailsService" />
                <property name="serviceProperties" ref="serviceProperties" />
                <property name="ticketValidator">
                    <bean class="org.jasig.cas.client.validation.Saml11TicketValidator">
                        <constructor-arg index="0" value="https://wcmisdlin07.uftmasterad.org:8443/cas-server-webapp" />
                    </bean>
                </property>
                <property name="key" value="121969" />
            </bean> 
        
            <bean id="casUserDetailsService" class="org.uftwf.ss.cas.userdetails.DefaultRoleUserDetailsService" />
        but I am still getting this error:
        [CODE]
        2012-06-26 13:39:14,396 [main] ERROR org.springframework.web.context.ContextLoader - Context initialization failed
        org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityF ilterChain#0' while setting bean property 'sourceList' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'org.springframework.security.web.DefaultSecurityF ilterChain#0': Cannot resolve reference to bean 'casFilter' while setting constructor argument with key [2]; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'casFilter' defined in ServletContext resource [/WEB-INF/security-CAS.xml]: Cannot resolve reference to bean 'authenticationManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'org.springframework.security.authenticationManage r': Cannot resolve reference to bean 'casAuthenticationProvider' while setting constructor argument with key [0]; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'casAuthenticationProvider' defined in ServletContext resource [/WEB-INF/security-CAS.xml]: Cannot resolve reference to bean 'casUserDetailsService' while setting bean property 'authenticationUserDetailsService'; nested exception is org.springframework.beans.factory.CannotLoadBeanCl assException: Cannot find class [org.uftwf.ss.cas.userdetails.DefaultRoleUserDetail sService] for bean with name 'casUserDetailsService' defined in ServletContext resource [/WEB-INF/security-CAS.xml]; nested exception is java.lang.ClassNotFoundException:

        Comment


        • #19
          Spring Security with LDAP, I think I am searching the wrong base

          Spring Security with LDAP, I think I am searching the wrong base.... I have a Spring-MVC project that has been working for months with Spring Secuiry and LDAP but my firm just want to CAS and I had to change some of the change settings.. It looks like I am in importing the roles from LDAP anymore. Below is the output:

          Code:
           2012-06-27 10:12:01,151 [http-8443-6] DEBUG org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl - Returned ProxyGrantingTicket of [TGT-2-xNQAgr6agi5MbdyMlIVaXFLuaOyX1Iu4sLSTQhkiZVeR0QET1o-cas]
              2012-06-27 10:12:01,153 [http-8443-6] DEBUG org.springframework.security.ldap.search.FilterBasedLdapUserSearch - Searching for user '[email protected]', with user search [ searchFilter: '(uid={0})', searchBase: 'ou=webusers', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
              2012-06-27 10:12:01,201 [http-8443-6] DEBUG org.springframework.ldap.core.support.AbstractContextSource - Got Ldap context on server 'ldaps://dvldap01.uftwf.dev:636/dc=uftwf,dc=dev'
              2012-06-27 10:12:01,246 [http-8443-6] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Searching for entry under DN 'dc=uftwf,dc=dev', base = 'ou=webusers', filter = '(uid={0})'
              2012-06-27 10:12:01,271 [http-8443-6] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Found DN: uid=[email protected],ou=webusers
              2012-06-27 10:12:01,281 [http-8443-6] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Getting authorities for user uid=[email protected],ou=webusers,dc=uftwf,dc=dev
              2012-06-27 10:12:01,281 [http-8443-6] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Searching for roles for user '[email protected]', DN = 'uid=[email protected],ou=webusers,dc=uftwf,dc=dev', with filter (member={0}) in search base 'ou=groups'
              2012-06-27 10:12:01,282 [http-8443-6] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Using filter: (member=uid=[email protected],ou=webusers,dc=uftwf,dc=dev)
              2012-06-27 10:12:01,284 [http-8443-6] INFO  org.springframework.ldap.core.LdapTemplate - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
              2012-06-27 10:12:01,344 [http-8443-6] DEBUG org.springframework.ldap.core.support.AbstractContextSource - Got Ldap context on server 'ldaps://dvldap01.uftwf.dev:636/dc=uftwf,dc=dev'
              2012-06-27 10:12:01,386 [http-8443-6] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Roles from search: []
              2012-06-27 10:12:01,387 [http-8443-6] DEBUG org.springframework.security.ldap.userdetails.LdapUserDetailsMapper - Mapping user details from context with DN: uid=[email protected],ou=webusers,dc=uftwf,dc=dev
              2012-06-27 10:12:01,389 [http-8443-6] DEBUG org.springframework.security.cas.web.CasAuthenticationFilter - serviceTicketRequest = true
              2012-06-27 10:12:01,389 [http-8443-6] DEBUG org.springframework.security.cas.web.CasAuthenticationFilter - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.cas.authentication.CasAuthenticationToken@38fb8f75: Principal: or[email protected]a2ee91: Dn: uid=[email protected],ou=webusers,dc=uftwf,dc=dev; Username: [email protected]; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.cas.web.authentication.DefaultServiceAuthenticationDetails@d01a720: RemoteIpAddress: 10.52.208.226; SessionId: 4D5ABD25243666461E284E3A2CB51F80ServiceUrl: https://wcmisdlin07.uftmasterad.org:8443/MemberInquiry/j_spring_cas_security_check; Not granted any authorities Assertion: org.jasig.cas.client.validation.AssertionImpl@36125b4f Credentials (Service/Proxy Ticket): ST-1-KRpe5Q3OAQbzW56HPVCa-cas
              2012-06-27 10:12:01,389 [http-8443-6] DEBUG org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler - Redirecting to DefaultS
          This is the OLD LDAP XML file that was working:

          Code:
          <authentication-manager>
              
              		<ldap-authentication-provider
              			user-search-base="ou=webusers" user-search-filter="(uid={0})">
              
              			<password-compare>
              
              				<password-encoder ref="passwordEncoder">
              				</password-encoder>
              			</password-compare>
              		</ldap-authentication-provider>
              	</authentication-manager>
              
              	<beans:bean id="passwordEncoder"
              		class="org.springframework.security.authentication.encoding.Md5PasswordEncoder">
              	</beans:bean>
              
              	<beans:bean id="contextSource"
              		class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
              
              		<beans:constructor-arg
              			value="ldaps://dvldap01.uftwf.dev:636/dc=uftwf,dc=dev" />
              
              		<beans:property name="userDn" value="cn=Manager,dc=uftwf,dc=dev" />
              
              		<beans:property name="password" value="uftwf" />
              	</beans:bean>
              
              	<beans:bean id="ldapAuthProvider"
              		class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
              
              		<beans:constructor-arg>
              
              			<beans:bean
              				class="org.springframework.security.ldap.authentication.BindAuthenticator">
              				<beans:constructor-arg ref="contextSource" />
              				<beans:property name="userDnPatterns">
              					<beans:list>
              						<beans:value>
              							uid={0},ou=webusers
              						</beans:value>
              					</beans:list>
              				</beans:property>
              			</beans:bean>
              		</beans:constructor-arg>
              		<beans:constructor-arg>
              			<beans:bean
              				class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
              				<beans:constructor-arg ref="contextSource" />
              				<beans:constructor-arg value="ou=groups" />
              				<beans:property name="groupRoleAttribute" value="ou" />
              			</beans:bean>
              		</beans:constructor-arg>
              	</beans:bean>
              	<ldap-server url="ldaps://dvldap01.uftwf.dev:636/dc=uftwf,dc=dev" />
          This is my new LDAP settings with CAS in the XML:

          Code:
           <ldap-server id="ldapServer"
                           url="ldaps://dvldap01.uftwf.dev:636/dc=uftwf,dc=dev"
                           manager-dn="cn=Manager,dc=uftwf,dc=dev"
                           manager-password="uftwf" />
                 
                 <ldap-user-service id="userServiceLDAP" 
              		    server-ref="ldapServer" 
                  		user-search-base="ou=webusers"
                  		user-search-filter="(uid={0})"
                  		group-search-base="ou=groups"
                  		group-role-attribute="cn"
                  		group-search-filter="(member={0})"
                  		role-prefix="ROLE_" />
          I really feel that I am just not searching the right base anymore... can someone please help me out.

          Comment


          • #20
            The first thing that jumps out at me is that the working configuration is using groupRoleAttribute=ou but the broken one is using group-role-attribute="cn". I would try changing the configuration to be group-role-attribute="ou".

            If that does not help and I were troubleshooting this I would enable the debug logging for when the query for roles works (i.e. when using LDAP before CAS) and save that off in a file. Then I would enable logs for when querying for roles does not work (i.e. after CAS and LDAP) and save off that file. Then I would compare the logs to see that ldap is querying correctly. You might also be interested in the FAQ which lists a few techniques for troubleshooting LDAP issues.

            Cheers,

            Comment


            • #21
              Also, please stop posting lots of versions of the same question everywhere - i.e. here and all over stackoverflow.

              Comment

              Working...
              X