[jboss-jira] [JBoss JIRA] (AS7-2085) Error with ldap ( also happens with spring ldap)

Michael Grove (Commented) (JIRA) jira-events at lists.jboss.org
Wed Dec 21 10:43:09 EST 2011 

    [ https://issues.jboss.org/browse/AS7-2085?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12652592#comment-12652592 ] 

Michael Grove commented on AS7-2085:
------------------------------------

i have the same problem with 7.0.2.Final.

i found i could avoid the error by passing in a null groupSearchBase to DefaultLdapAuthoritiesPopulator:

	class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
		<beans:constructor-arg ref="ldapContextSource" />
		<beans:constructor-arg><beans:null/></beans:constructor-arg>
		<beans:property name="groupRoleAttribute" value="cn" />
		<beans:property name="searchSubtree" value="false" />
		<beans:property name="convertToUpperCase" value="true" />
		<beans:property name="defaultRole" value="ROLE_ADMIN" />
	</beans:bean>

but since i need role information extracted from LDAP, this isn't a change i could make permanent.

since it was reported that the sample app worked against 7.1.0.Beta1 i tested my own app against 7.1.0.Beta1b.  against that jboss version, i get the following error when trying to login (instead of the Binding did not contain any object error with 7.0.2.Final):

java.lang.ClassCastException: com.sun.jndi.ldap.LdapCtx cannot be cast to org.springframework.ldap.core.DirContextAdapter
	org.springframework.security.ldap.SpringSecurityLdapTemplate$2.mapFromContext(SpringSecurityLdapTemplate.java:158)
	org.springframework.ldap.core.ContextMapperCallbackHandler.getObjectFromNameClassPair(ContextMapperCallbackHandler.java:67)
	org.springframework.ldap.core.CollectingNameClassPairCallbackHandler.handleNameClassPair(CollectingNameClassPairCallbackHandler.java:50)
	org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:297)
	org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:259)
	org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:606)
	org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:524)
	org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleAttributeValues(SpringSecurityLdapTemplate.java:173)
	org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:212)
	org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:182)
	org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:276)
	org.springframework.security.ldap.authentication.LdapAuthenticationProvider.authenticate(LdapAuthenticationProvider.java:254)
	org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:130)
	org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:48)
	org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:148)
	org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:48)
	org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:97)
	org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
	org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381)
	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168)
	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

i found that the DefaultLdapAuthoritiesPopulator change that worked for 7.0.2.Final also worked for 7.1.0.Beta1b.  but again, not a change i could live with.

in case it's relevant, the ldap server i'm testing against uses ldaps (SSL) and is openldap based.  i'm using spring security 3.0.7 and spring 3.0.6, with spring ldap 1.3.1.  java 6.

let me know if it's worth me opening a separate issue against 7.1.0.Beta1b if you think it's a different problem.

for the 7.0.2.Final issue, any ETA on a fix?

thanks.

-mike
                
> Error with ldap ( also happens with spring ldap)
> ------------------------------------------------
>
>                 Key: AS7-2085
>                 URL: https://issues.jboss.org/browse/AS7-2085
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Naming
>    Affects Versions: 7.0.2.Final
>         Environment: Linux (mint) / Windows 7 , with sun jdk 1.6
>            Reporter: jygnash ra
>            Assignee: John Bailey
>              Labels: jboss7, ldap, spring, springldap
>         Attachments: springldap-jbossas7.tgz
>
>
> The code works fine on jboss5.1, but porting to jboss7 causes ObjectRetreivalException
> The problem started with SpringLdap 1.3
> Using the same configuration and code source available at ( (http://static.springsource.org/spring-ldap/docs/1.3.x/reference/html/introduction.html ) 
> gives following exception.
>  org.springframework.ldap.core.ObjectRetrievalException: Binding did not contain any object.
> ---------------------------------------
> Without Springldap it gives the following exception 
> Root exception is javax.naming.NotContextException: Cannot create context for: ldap://ForestDnsZones
> I am using the TraditionalPersonDAOImpl available on SpringLdap 
> (http://static.springsource.org/spring-ldap/docs/1.3.x/reference/html/introduction.html ) 
> If i run the code as standalone java application it works fine.  Also it works in jboss5.1

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list