tags:

views:

55

answers:

0
Q: 

How I can do the web application with SPRING-SECURITY 3.0 to authenticate/autorizate (with roles) in a ldap?

Hi I have the application that need to authenticate / authorization (with roles) in a ldap weblogic v3.

I'm using the Spring-Security version 3 .

Next the code that I'm using for the test:

**<http auto-config="true" use-expressions="true">
  <intercept-url pattern="/app/login.html" access="permitAll" />
  <intercept-url pattern="/app/*" access="hasRole('ROLE_USER')" />
  <intercept-url pattern="/*" access="hasRole('ROLE_USER')" />
  <form-login login-page="/app/login.html"
   login-processing-url="/app/j_spring_security_check"
   default-target-url="/app/main.html" authentication-failure-url="/app/login.html?error=true" />
  <logout invalidate-session="true" logout-success-url="/app/login.html"
   logout-url="/j_spring_security_logout" />

 </http>

 <ldap-server id="ldapServer" url="ldap://127.0.0.1:7001/DC=base_domain"
  manager-dn="CN=Admin" manager-password="XXXXXXXX" />

 <authentication-manager>
  <authentication-provider ref='ldapAuthProvider' />
 </authentication-manager>

 <beans:bean id="contextSource"
  class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  <beans:constructor-arg value="ldap://127.0.0.1:7001/DC=base_domain" />
  <beans:property name="userDn" value="CN=Admin,ou=groups,ou=myrealm" />
  <beans:property name="password" value="XXXXXXXX" />
 </beans:bean>

 <beans:bean id="ldapAuthProvider"
  class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
  <beans:constructor-arg>
   <beans:bean
    class="org.springframework.security.ldap.authentication.BindAuthenticator">
    <beans:constructor-arg ref="contextSource" />
    <beans:property name="userDnPatterns">
     <beans:list>
      <beans:value>uid={0},ou=groups</beans:value>
     </beans:list>
    </beans:property>
   </beans:bean>
  </beans:constructor-arg>
  <beans:constructor-arg>
   <beans:bean class="com.utils.MyAuthoritiesPopulator">
   </beans:bean>
  </beans:constructor-arg>
 </beans:bean>
</beans:beans>**

Next the error in application log :

Out 14 2010 09:06:38 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71) [spring-security-core-3.0.0.RELEASE.jar:na] at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:204) [spring-security-core-3.0.0.RELEASE.jar:na] at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:107) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:98) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:95) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:79) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:55) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:36) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:178) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:188) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:106) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:150) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) [org.springframework.web-3.0.0.RELEASE.jar:3.0.0.RELEASE] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) [org.springframework.web-3.0.0.RELEASE.jar:3.0.0.RELEASE] at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42) [weblogic.jar:9.2.3.0] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) [org.springframework.web-3.0.0.RELEASE.jar:3.0.0.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) [org.springframework.web-3.0.0.RELEASE.jar:3.0.0.RELEASE] at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42) [weblogic.jar:9.2.3.0] at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3242) [weblogic.jar:9.2.3.0] at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) [weblogic.jar:9.2.3.0] at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) [weblogic.jar:9.2.3.0] at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2010) [weblogic.jar:9.2.3.0] at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1916) [weblogic.jar:9.2.3.0] at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366) [weblogic.jar:9.2.3.0] at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209) [weblogic.jar:9.2.3.0] at weblogic.work.ExecuteThread.run(ExecuteThread.java:181) [weblogic.jar:9.2.3.0]

related questions

Acegi/Spring Security Grails plug-in not seeing changes to a User instance
different DelegatingFilterProxy and FilterToBeanProxy
How to immediately enable the authority after update user authority in spring security?
springdoclet usage?
Grails Security Problem and Search Engine optimization
Spring Security: Advice needed on how to handle GrantedAuthority
Why is my (Spring Security) servlet filter getting called twice?
Grails Acegi Plugin springsecurity.GrailsDaoImpl - User [admin] has no GrantedAuthority
Spring Security: What is the UserDetailsManager interface used for? And more!
Combining namespace based configuration with different authentication methods in spring-security
Spring Security: Custom Authentication Provider for 'one time password' and 'securit questions'
Spring Security: How to get the initial target url
Permissions checking in server-side API
Cannot locate 'org.springframework.security.annotation.Jsr250MethodDefinitionSource'
How to grant access for all authenticated users?
Spring embedded ldap server in unit tests
What are some good sample applications using Spring and Hibernate?
Problem migrating Spring Web App from tomcat 5.5 to tomcat 6.0
How to throw an informative exception from AccessDecisionManager that uses voters
How can I determine what roles are required to access a URL with Spring Security?
Creating a custom authentication with Acegi/Spring Security
Unit testing with Spring Security
Securing Remote Access over JMXMP with Spring Security
When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?
Spring security: adding "On unsuccessful login event listener"