Announcement Announcement Module
Collapse
No announcement yet.
ldapUserSearch starting from the root does not work Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • ldapUserSearch starting from the root does not work

    I have a few issues about LDAP and acegi Security.

    1. When trying to search for a user the code does not work when starting from the root (leave the parameter 1 for the constructor blank and searchSubtree = true ) When viewing the source code for this, it should work because then normally it would start searching from the root (also according to the documentation) But it doesn't for a reason. The error says:
    Reason: LdapCallback;Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s)
    When you enter a correct value for the constructor instead of leaving it blank. It finds the user and all goes well. For our project it is unacceptable to start searching from a single directory because the users and roles are scattered all over. (not my idea :-) )

    My probable reason for this: When traversing the tree during the search: when a directory is encouterred that contains spaces, the code breaks.


    2. When entering the first parameter for the constructor of initialDirContextFactory. One thing I noticed is that the spaces must be replaced with '%20' in order to work properly.



    Can anyone give me some information? I already looked inside the source code and debugged it but it goes on and on...and I guess it is not desirable for anyone working with LDAP and acegi to rewrite all the code.


    The config file is ( extended from the sample):


    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

    <!--
    - A simple "base bones" Acegi Security configuration.
    -
    - The sample includes the "popular" features that people tend to use.
    - Specifically, form authentication, remember-me, and anonymous processing.
    - Other features aren't setup, as these can be added later by inserting
    - the relevant XML fragments as specified in the Reference Guide.
    -
    - To assist new users, the filters specified in the FilterChainProxy are
    - declared in the application context in the same order. Collaborators
    - required by those filters are placed at the end of the file.
    -
    - $Id: applicationContext-acegi-security.xml 1513 2006-05-29 13:32:12Z benalex $
    -->

    <beans>

    <bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy .BeanNameAutoProxyCreator">
    <property name="interceptorNames">
    <list><value>personSecurity</value></list>
    </property>
    <property name="beanNames">
    <list><value>person</value></list>
    </property>
    <property name="proxyTargetClass" value="true"/>
    </bean>


    <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
    <property name="filterInvocationDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /**=httpSessionContextIntegrationFilter,logoutFilte r,authenticationProcessingFilter,securityContextHo lderAwareRequestFilter,anonymousProcessingFilter,e xceptionTranslationFilter,filterInvocationIntercep tor
    </value>
    </property>
    </bean>

    <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContex tIntegrationFilter"/>

    <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
    <constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
    <constructor-arg>
    <list>
    <bean class="org.acegisecurity.ui.logout.SecurityContext LogoutHandler"/>
    </list>
    </constructor-arg>
    </bean>

    <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1"/>
    <property name="defaultTargetUrl" value="/"/>
    <property name="filterProcessesUrl" value="/j_acegi_security_check"/>
    </bean>

    <bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHo lderAwareRequestFilter"/>



    <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.Anony mousProcessingFilter">
    <property name="key" value="changeThis"/>
    <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
    </bean>

    <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFi lter">
    <property name="authenticationEntryPoint">
    <bean class="org.acegisecurity.ui.webapp.AuthenticationP rocessingFilterEntryPoint">
    <property name="loginFormUrl" value="/acegilogin.jsp"/>
    <property name="forceHttps" value="false"/>
    </bean>
    </property>
    <property name="accessDeniedHandler">
    <bean class="org.acegisecurity.ui.AccessDeniedHandlerImp l">
    <property name="errorPage" value="/accessDenied.jsp"/>
    </bean>
    </property>
    </bean>

    <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecur ityInterceptor">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="accessDecisionManager" ref="accessDecisionManager" />
    <property name="objectDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /secure/extreme/**=ROLE_SUPERVISOR
    /secure/**=IS_AUTHENTICATED_REMEMBERED
    </value>
    </property>
    </bean>

    <bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
    <property name="allowIfAllAbstainDecisions" value="false"/>
    <property name="decisionVoters">
    <list>
    <bean class="org.acegisecurity.vote.RoleVoter"/>
    <bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
    </list>
    </property>
    </bean>

    <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager ">
    <property name="providers">
    <list>
    <ref local="ldapAuthenticationProvider" />
    <bean class="org.acegisecurity.providers.anonymous.Anony mousAuthenticationProvider">
    <property name="key" value="changeThis"/>
    </bean>

    </list>
    </property>
    </bean>

    <bean id="initialDirContextFactory"
    class="org.acegisecurity.ldap.DefaultInitialDirCon textFactory">
    <constructor-arg
    value="ldap://xxxxxxxxxx:389/dc=company,dc=lan" />
    <property name="managerDn">
    <value>cn=testuser,ou=extern,ou=bac,ou=bdc,ou=comp any group,dc=company,dc=lan</value>
    </property>
    <property name="managerPassword">
    <value>company</value>
    </property>

    </bean>

    <bean id="ldapUserSearch"
    class="org.acegisecurity.ldap.search.FilterBasedLd apUserSearch">
    <constructor-arg index="0">
    <value></value>
    </constructor-arg>
    <constructor-arg index="1">
    <value>sAMAccountName={0}</value>
    </constructor-arg>
    <constructor-arg index="2">
    <ref local="initialDirContextFactory" />
    </constructor-arg>
    <property name="searchSubtree">
    <value>true</value>
    </property>
    </bean>

    <bean id="ldapAuthenticationProvider"
    class="org.acegisecurity.providers.ldap.LdapAuthen ticationProvider">
    <constructor-arg>
    <bean
    class="org.acegisecurity.providers.ldap.authentica tor.BindAuthenticator">
    <constructor-arg>
    <ref local="initialDirContextFactory" />
    </constructor-arg>
    <property name="userSearch">
    <ref bean="ldapUserSearch" />
    </property>

    </bean>
    </constructor-arg>
    <constructor-arg>
    <bean
    class="org.acegisecurity.providers.ldap.populator. DefaultLdapAuthoritiesPopulator">
    <constructor-arg>
    <ref local="initialDirContextFactory" />
    </constructor-arg>
    <constructor-arg>
    <value>cn=users</value>
    </constructor-arg>
    <!-- CN is the default
    <property name="groupRoleAttribute">
    <value>cn</value>
    </property>
    -->
    <property name="searchSubtree">
    <value>false</value>
    </property>
    <property name="rolePrefix">
    <value>ROLE_</value>
    </property>
    <property name="convertToUpperCase">
    <value>true</value>
    </property>


    </bean>
    </constructor-arg>
    </bean>

    <bean id="attributes"
    class="org.acegisecurity.annotation.SecurityAnnota tionAttributes" />
    <bean id="objectDefinitionSource"
    class="org.acegisecurity.intercept.method.MethodDe finitionAttributes">
    <property name="attributes">
    <ref local="attributes" />
    </property>
    </bean>

    <bean id="runAsManager"
    class="org.acegisecurity.runas.RunAsManagerImpl">
    <property name="key">
    <value>my_run_as_password</value>
    </property>
    </bean>

    <bean id="personSecurity"
    class="org.acegisecurity.intercept.method.aopallia nce.MethodSecurityInterceptor">
    <property name="validateConfigAttributes">
    <value>false</value>
    </property>
    <property name="authenticationManager">
    <ref bean="authenticationManager" />
    </property>
    <property name="accessDecisionManager">
    <ref bean="accessDecisionManager" />
    </property>
    <property name="runAsManager">
    <ref bean="runAsManager" />
    </property>
    <property name="objectDefinitionSource">
    <ref bean="objectDefinitionSource" />
    </property>
    </bean>


    <!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
    <bean id="loggerListener"
    class="org.acegisecurity.event.authentication.Logg erListener" />

    <bean name="person" class="securitypackage.Person"></bean>

    </beans>



    Greetings

    Timothy
    Last edited by timothy; Oct 17th, 2006, 05:47 AM.

  • #2
    Adding log info

    The logg is:



    [DEBUG,AuthenticationProcessingFilter,http-8080-Processor24] Request is to process authentication
    [DEBUG,AuthenticationProcessingFilter,http-8080-Processor24] Request is to process authentication
    [DEBUG,ProviderManager,http-8080-Processor24] Authentication attempt using org.acegisecurity.providers.ldap.LdapAuthenticatio nProvider
    [DEBUG,ProviderManager,http-8080-Processor24] Authentication attempt using org.acegisecurity.providers.ldap.LdapAuthenticatio nProvider
    [DEBUG,LdapAuthenticationProvider,http-8080-Processor24] Retrieving user tfreyne
    [DEBUG,LdapAuthenticationProvider,http-8080-Processor24] Retrieving user tfreyne
    [DEBUG,DefaultInitialDirContextFactory,http-8080-Processor24] Creating InitialDirContext with environment {java.naming.provider.url=ldap://xxxxxxxxxx:389/dc=company,dc=lan, java.naming.factory.initial=com.sun.jndi.ldap.Ldap CtxFactory, java.naming.security.principal=cn=testuser,ou=exte rn,ou=bac,ou=bdc,ou=company group,dc=company,dc=lan, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.security.credentials=******}
    [DEBUG,DefaultInitialDirContextFactory,http-8080-Processor24] Creating InitialDirContext with environment {java.naming.provider.url=ldap://xxxxxxxxxx:389/dc=company,dc=lan, java.naming.factory.initial=com.sun.jndi.ldap.Ldap CtxFactory, java.naming.security.principal=cn=testuser,ou=exte rn,ou=bac,ou=bdc,ou=company group,dc=company,dc=lan, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.security.credentials=******}
    [DEBUG,FilterBasedLdapUserSearch,http-8080-Processor24] Searching for user 'tfreyne', in context javax.naming.directory.InitialDirContext@b32ed4, with user search [ searchFilter: 'sAMAccountName={0}', searchBase: '', scope: subtreesearchTimeLimit: 0derefLinkFlag: false ]
    [DEBUG,FilterBasedLdapUserSearch,http-8080-Processor24] Searching for user 'tfreyne', in context javax.naming.directory.InitialDirContext@b32ed4, with user search [ searchFilter: 'sAMAccountName={0}', searchBase: '', scope: subtreesearchTimeLimit: 0derefLinkFlag: false ]
    [DEBUG,DefaultInitialDirContextFactory,http-8080-Processor24] Creating InitialDirContext with environment {java.naming.provider.url=ldap://xxxxxxxxxx:389/dc=company,dc=lan, java.naming.factory.initial=com.sun.jndi.ldap.Ldap CtxFactory, java.naming.security.principal=cn=testuser,ou=exte rn,ou=bac,ou=bdc,ou=company group,dc=company,dc=lan, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.security.credentials=******}
    [DEBUG,DefaultInitialDirContextFactory,http-8080-Processor24] Creating InitialDirContext with environment {java.naming.provider.url=ldap://xxxxxxxxxx:389/dc=company,dc=lan, java.naming.factory.initial=com.sun.jndi.ldap.Ldap CtxFactory, java.naming.security.principal=cn=testuser,ou=exte rn,ou=bac,ou=bdc,ou=company group,dc=company,dc=lan, com.sun.jndi.ldap.connect.pool=true, java.naming.security.authentication=simple, java.naming.security.credentials=******}
    [WARN,LoggerListener,http-8080-Processor24] Authentication event AuthenticationFailureServiceExceptionEvent: tfreyne; details: org.acegisecurity.ui.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 1C1CF4F105A7AEC100CA8C911756A02E; exception: LdapCallback;Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s)
    [WARN,LoggerListener,http-8080-Processor24] Authentication event AuthenticationFailureServiceExceptionEvent: tfreyne; details: org.acegisecurity.ui.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 1C1CF4F105A7AEC100CA8C911756A02E; exception: LdapCallback;Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s)
    [DEBUG,AuthenticationProcessingFilter,http-8080-Processor24] Updated SecurityContextHolder to contain null Authentication
    [DEBUG,AuthenticationProcessingFilter,http-8080-Processor24] Updated SecurityContextHolder to contain null Authentication
    [DEBUG,AuthenticationProcessingFilter,http-8080-Processor24] Authentication request failed: org.acegisecurity.AuthenticationServiceException: LdapCallback;Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s)
    [DEBUG,AuthenticationProcessingFilter,http-8080-Processor24] Authentication request failed: org.acegisecurity.AuthenticationServiceException: LdapCallback;Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s)
    [DEBUG,HttpSessionContextIntegrationFilter,http-8080-Processor24] SecurityContextHolder set to new context, as request processing completed
    [DEBUG,HttpSessionContextIntegrationFilter,http-8080-Processor24] SecurityContextHolder set to new context, as request processing completed
    [DEBUG,PathBasedFilterInvocationDefinitionMap,http-8080-Processor24] Converted URL to lowercase, from: '/acegilogin.jsp'; to: '/acegilogin.jsp'
    [DEBUG,PathBasedFilterInvocationDefinitionMap,http-8080-Processor24] Converted URL to lowercase, from: '/acegilogin.jsp'; to: '/acegilogin.jsp'
    [DEBUG,PathBasedFilterInvocationDefinitionMap,http-8080-Processor24] Candidate is: '/acegilogin.jsp'; pattern is /**; matched=true
    [DEBUG,PathBasedFilterInvocationDefinitionMap,http-8080-Processor24] Candidate is: '/acegilogin.jsp'; pattern is /**; matched=true
    [DEBUG,FilterChainProxy,http-8080-Processor24] /acegilogin.jsp?login_error=1 at position 1 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.context.HttpSessionContextInteg rationFilter@ea48be'
    [DEBUG,FilterChainProxy,http-8080-Processor24] /acegilogin.jsp?login_error=1 at position 1 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.context.HttpSessionContextInteg rationFilter@ea48be'
    [DEBUG,HttpSessionContextIntegrationFilter,http-8080-Processor24] Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: 'org.acegisecurity.context.SecurityContextImpl@fff fffff: Null authentication'
    [DEBUG,HttpSessionContextIntegrationFilter,http-8080-Processor24] Obtained from ACEGI_SECURITY_CONTEXT a valid SecurityContext and set to SecurityContextHolder: 'org.acegisecurity.context.SecurityContextImpl@fff fffff: Null authentication'
    [DEBUG,FilterChainProxy,http-8080-Processor24] /acegilogin.jsp?login_error=1 at position 2 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.logout.LogoutFilter@1a0225b'
    [DEBUG,FilterChainProxy,http-8080-Processor24] /acegilogin.jsp?login_error=1 at position 2 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.logout.LogoutFilter@1a0225b'
    [DEBUG,FilterChainProxy,http-8080-Processor24] /acegilogin.jsp?login_error=1 at position 3 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.webapp.AuthenticationProcess ingFilter@2f8b5a'
    [DEBUG,FilterChainProxy,http-8080-Processor24] /acegilogin.jsp?login_error=1 at position 3 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.webapp.AuthenticationProcess ingFilter@2f8b5a'
    [DEBUG,FilterChainProxy,http-8080-Processor24] /acegilogin.jsp?login_error=1 at position 4 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.wrapper.SecurityContextHolderAw areRequestFilter@165c7f6'
    [DEBUG,FilterChainProxy,http-8080-Processor24] /acegilogin.jsp?login_error=1 at position 4 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.wrapper.SecurityContextHolderAw areRequestFilter@165c7f6'
    [DEBUG,SavedRequest,http-8080-Processor24] pathInfo: both null (property equals)
    [DEBUG,SavedRequest,http-8080-Processor24] pathInfo: both null (property equals)
    [DEBUG,SavedRequest,http-8080-Processor24] queryString: arg1=null; arg2=login_error=1 (property not equals)
    [DEBUG,SavedRequest,http-8080-Processor24] queryString: arg1=null; arg2=login_error=1 (property not equals)
    [DEBUG,SavedRequestAwareWrapper,http-8080-Processor24] Wrapper not replaced; SavedRequest was: SavedRequest[http://localhost:8080/acegiSecurity/secure/index.jsp]
    [DEBUG,SavedRequestAwareWrapper,http-8080-Processor24] Wrapper not replaced; SavedRequest was: SavedRequest[http://localhost:8080/acegiSecurity/secure/index.jsp]
    [DEBUG,FilterChainProxy,http-8080-Processor24] /acegilogin.jsp?login_error=1 at position 5 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.providers.anonymous.AnonymousPr ocessingFilter@12aea3e'
    [DEBUG,FilterChainProxy,http-8080-Processor24] /acegilogin.jsp?login_error=1 at position 5 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.providers.anonymous.AnonymousPr ocessingFilter@12aea3e'
    Last edited by timothy; Oct 17th, 2006, 05:43 AM.

    Comment


    • #3
      adding logg info 2

      [DEBUG,AnonymousProcessingFilter,http-8080-Processor24] Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAu thenticationToken@905571d8: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 1C1CF4F105A7AEC100CA8C911756A02E; Granted Authorities: ROLE_ANONYMOUS'
      [DEBUG,AnonymousProcessingFilter,http-8080-Processor24] Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAu thenticationToken@905571d8: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 1C1CF4F105A7AEC100CA8C911756A02E; Granted Authorities: ROLE_ANONYMOUS'
      [DEBUG,FilterChainProxy,http-8080-Processor24] /acegilogin.jsp?login_error=1 at position 6 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@7 8bc3b'
      [DEBUG,FilterChainProxy,http-8080-Processor24] /acegilogin.jsp?login_error=1 at position 6 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@7 8bc3b'
      [DEBUG,FilterChainProxy,http-8080-Processor24] /acegilogin.jsp?login_error=1 at position 7 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInt erceptor@8ddc4c'
      [DEBUG,FilterChainProxy,http-8080-Processor24] /acegilogin.jsp?login_error=1 at position 7 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInt erceptor@8ddc4c'
      [DEBUG,PathBasedFilterInvocationDefinitionMap,http-8080-Processor24] Converted URL to lowercase, from: '/acegilogin.jsp'; to: '/acegilogin.jsp'
      [DEBUG,PathBasedFilterInvocationDefinitionMap,http-8080-Processor24] Converted URL to lowercase, from: '/acegilogin.jsp'; to: '/acegilogin.jsp'
      [DEBUG,PathBasedFilterInvocationDefinitionMap,http-8080-Processor24] Candidate is: '/acegilogin.jsp'; pattern is /secure/extreme/**; matched=false
      [DEBUG,PathBasedFilterInvocationDefinitionMap,http-8080-Processor24] Candidate is: '/acegilogin.jsp'; pattern is /secure/extreme/**; matched=false
      [DEBUG,PathBasedFilterInvocationDefinitionMap,http-8080-Processor24] Candidate is: '/acegilogin.jsp'; pattern is /secure/**; matched=false
      [DEBUG,PathBasedFilterInvocationDefinitionMap,http-8080-Processor24] Candidate is: '/acegilogin.jsp'; pattern is /secure/**; matched=false
      [DEBUG,AbstractSecurityInterceptor,http-8080-Processor24] Public object - authentication not attempted
      [DEBUG,AbstractSecurityInterceptor,http-8080-Processor24] Public object - authentication not attempted
      [DEBUG,FilterChainProxy,http-8080-Processor24] /acegilogin.jsp?login_error=1 reached end of additional filter chain; proceeding with original chain
      [DEBUG,FilterChainProxy,http-8080-Processor24] /acegilogin.jsp?login_error=1 reached end of additional filter chain; proceeding with original chain
      [DEBUG,ExceptionTranslationFilter,http-8080-Processor24] Chain processed normally
      [DEBUG,ExceptionTranslationFilter,http-8080-Processor24] Chain processed normally
      [DEBUG,HttpSessionContextIntegrationFilter,http-8080-Processor24] SecurityContextHolder set to new context, as request processing completed
      [DEBUG,HttpSessionContextIntegrationFilter,http-8080-Processor24] SecurityContextHolder set to new context, as request processing completed

      greetings,

      Timothy
      Last edited by timothy; Oct 17th, 2006, 05:44 AM.

      Comment


      • #4
        Same problem but I do have the base dn set

        Hello,
        I do have a base dn set and inspite if that I cannot obtain the user. The user is not present directly under the base domain.

        He is present in an OU under the base domain. But I have set the search to be sub tree level.

        But I get the same exception as you do.

        Did you ever manage to resolve your issue?

        Comment


        • #5
          Possible Fix

          I was reading some more about the PartialResults exception and when it is thrown.

          http://java.sun.com/docs/books/tutor...xceptions.html


          It states that if the java.naming.referral is set to ignore and we possibly have a referral then the exception will be thrown.

          So I added this to the initialDirContext

          <bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirCon textFactory">
          <constructor-arg value="${ldap.url}"/>
          <property name="managerDn">
          <value>${ldap.managerdn}</value>
          </property>
          <property name="managerPassword">
          <value>${ldap.password}</value>
          </property>
          <property name="extraEnvVars">
          <map>
          <entry key="java.naming.referral" value="follow"/>
          </map>
          </property>

          </bean>

          It doesn't seem to throw that exception, but I am not sure how referrals work.

          Comment


          • #6
            our solution

            Hello,


            After long searches and no replies on any forums, our customer and we were loosing faith in the defulats that Acegi delovers. Our solution was writing our own specific activeDirAuthenticationProvider. Short: use InitialDirContext(); This code should help you a lot.


            CONTEXT:

            <bean id="activeDirAuthenticationProvider" class="security.ActiveDirectoryAuthenticationProvi der">
            <property name="ldapURL" value="ldap://xx.xx.xx.xx:389"/>
            <property name="principleName" value="@use_own.use_own"/>
            </bean>



            BEAN:

            public class ActiveDirectoryAuthenticationProvider extends
            AbstractUserDetailsAuthenticationProvider {

            ...

            public int authenticateUser(String username, String password) {
            String userPrincipleName = username + this.principleName;

            DirContext ctx = null;

            Hashtable<String, String> env = new Hashtable<String, String>();
            try {
            if (password.equals("")) {
            return INVALID_PASSWORD;
            }
            env.put(Context.SECURITY_AUTHENTICATION, "none");
            env.put(Context.INITIAL_CONTEXT_FACTORY,
            "com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.PROVIDER_URL, ldapURL);
            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            env.put(Context.SECURITY_PRINCIPAL, userPrincipleName);
            env.put(Context.SECURITY_CREDENTIALS, password);
            ctx = new InitialDirContext(env);
            if (ctx != null) {
            return AUTHENTICATED_OK;
            }
            return ERROR_AUTHENTICATING;
            } catch (AuthenticationException ae) {
            logger.debug(ae);
            if (ae.getMessage().indexOf("data 525") > 0) {
            // Bad Username
            return INVALID_USERNAME;
            } else if (ae.getMessage().indexOf("data 52e") > 0) {
            // Bad Password
            return INVALID_PASSWORD;
            } else if ((ae.getMessage().indexOf("data 773") > 0)
            || (ae.getMessage().indexOf("data 523") > 0)) {
            // Bad Username
            return INVALID_USERNAME;
            } else {
            return INVALID_USERNAME;
            }
            } catch (Exception e) {
            logger.error(e);
            }
            return INVALID_USERNAME;
            }
            ...
            }


            I hope this helps you on your way.


            T.

            Comment

            Working...
            X