Announcement Announcement Module
Collapse
No announcement yet.
Newbie question Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Newbie question

    I am trying to configure Spring Security 2.0.5 to authenticate against LDAP and not having much luck. The security is forcing me to the login page for protected areas. But when I submit the form I get nothing, no debug, no execptions .. just back to the login form again. If I could see some debug I could have something to work with.

    The login form is submitting to j_spring_security_check with j_username and j_password.

    For the record it is a Struts 2, Spring 2.5.6 app.

    I have tried the following configurations:
    Config 1.
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans
        	http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
        	http://www.springframework.org/schema/security
            http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
    
    <ldap-server id="ok_ldap" url="ldap://ldap.mydomain.no:389/"/>
        <ldap-authentication-provider 
                server-ref="ok_ldap"
                group-search-filter="cn={0}" 
                group-search-base="(ou=Auth, dc=mydomain, dc=no)"
                user-search-filter="(employeeNumber={0})"
                user-search-base="ou=People, dc=mydomain, dc=no"
                >
            <password-compare hash="md5"/>
        </ldap-authentication-provider>
    
    
    	<http auto-config="false">
    	
    		<intercept-url pattern="/login.action*" filters="none" />
    		<intercept-url pattern="/**.action" access="ROLE_USER" />
    		
    		<form-login login-page="/login.action" authentication-failure-url="/login.action?login_error=1"
    			default-target-url="/home.action"/>
    			
    	
    		<logout logout-success-url="/login.action" />
    
    	</http>
    </beans:beans>
    Config 2.
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans
        	http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
        	http://www.springframework.org/schema/security
            http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
    
    	<beans:bean id="initialDirContextFactory" class="org.springframework.security.ldap.DefaultInitialDirContextFactory">
    	
    		<beans:constructor-arg value="ldap.mydomain.no:389/ou=people,dc=mydomain,dc=com"/>
    	</beans:bean>
    	<beans:bean id="authenticator" class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator">
    		<beans:constructor-arg ref="initialDirContextFactory" />
    		<beans:property name="userDnPatterns">
    		<beans:list>
    			<beans:value>uid={0},dc=mydomain,dc=com</beans:value>
    		</beans:list>
    		</beans:property>
    		<beans:property name="passwordAttributeName" value="j_password" />
    	</beans:bean>
    	<beans:bean id="populator"
    class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
    <beans:constructor-arg ref="initialDirContextFactory" />
    <beans:constructor-arg value="ou=groups" />
    <beans:property name="groupRoleAttribute" value="ou" />
    </beans:bean>
    	<beans:bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
    		<custom-authentication-provider/>
    		<beans:constructor-arg ref="authenticator" />
    		<beans:constructor-arg ref="populator" />
    	</beans:bean>
    
    	<http auto-config="false">
    	
    		<intercept-url pattern="/login.action*" filters="none" />
    		<intercept-url pattern="/**.action" access="ROLE_USER" />
    		
    		<form-login login-page="/login.action" authentication-failure-url="/login.action?login_error=1"
    			default-target-url="/home.action"/>
    			
    	
    		<logout logout-success-url="/login.action" />
    
    	</http>
    </beans:beans>
    Thanks for any help.

  • #2
    I'd suggest turning on logging and making sure you are getting GrantedAuthority assigned as you expect from the group lookup.

    Comment


    • #3
      I already have the logging set to DEBUG for org.springframework.security and am seeing nothing. That is the problem. I have logging turned up and would expect to see some sort of error that it cannot reach the server or the group search pattern is wrong, something, anything.

      So what I have configured in the XML looks correct and should work? Am I missing something really obvious.

      Comment

      Working...
      X