I have problem with Active Directory authentication in simple Spring web application. I'm using ActiveDirectoryLdapAuthenticationProvider and it seems to work fine for empty login fields and correct credentials. The problem is with invalid credentials (wrong login/pass or both). The application throws exception (error 500) to browser:
Error processing request
Context Path: /MYAPPNAME
Servlet Path: /login_check
Path Info: null
Query String: null
Stack Trace:
org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: JBAS011843: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.MYAPPNAME.war:main" from Service Module Loader [Root exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece]] (...)
The console root error is:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece]
If the credentials are incorrect, shouldn't Spring send user to authentication-failure-url? I don't have any "manager" account to use for ldap BIND, I believe ActiveDirectoryLdapAuthenticationProvider is supposed to bind using credentials from login form. Spring documentation doesn't have anything about binding to AD.
It can probably be solved using custom authentication provider, but I was hoping there is an out-of-the-box solution. There are some similar questions, but none of them very precise or with any useful answer.
How to approach this error?
Is there a way to configure it in XML? Perhaps, to tell AD provider to tread binding error as failed login attempt?
Is custom authentication provider the only solution?
spring-security.xml
<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter">
<property name="rolePrefix" value="" />
</bean>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<constructor-arg name="decisionVoters" ref="roleVoter" />
</bean>
<s:http authentication-manager-ref="ldap-auth" access-decision-manager-ref="accessDecisionManager" use-expressions="false">
<s:intercept-url pattern="/list**" access="ADGROUP-XYZ" />
<s:form-login
login-page="/login"
login-processing-url="/login_check"
username-parameter="username"
password-parameter="password"
default-target-url="/list"
authentication-failure-url="/login?fail" />
<s:logout
invalidate-session="true"
logout-success-url="/login?logout"
logout-url="/logout"
delete-cookies="JSESSIONID" />
<s:csrf />
</s:http>
<s:authentication-manager id="ldap-auth">
<s:authentication-provider ref="adAuthenticationProvider" />
</s:authentication-manager>
<bean id="adAuthenticationProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<constructor-arg value="company.local" />
<constructor-arg value="ldap://server.company.local:389/" />
<property name="useAuthenticationRequestCredentials" value="true"/>
<property name="convertSubErrorCodesToExceptions" value="true"/>
</bean>
EDIT: One ugly fix is to override ActiveDirectoryLdapAuthenticationProvider and change throw LdapUtils.convertLdapException(e); to throw badCredentials(e);.
There is a issue with JBoss EAP initial context.This has been fixed in the latest wildfly versions.check the below links
https://jira.spring.io/browse/SEC-2754
https://issues.jboss.org/browse/WFLY-4149
Related
I am facing few issues while connecting to Advantage Databse through JNDI using spring.
I tried to connect Advantage Database with the below code is working.
<bean id="peopleSoftDataSource" destroy-method="close" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
< property name="driverClassName" value="com.extendedsystems.jdbc.advantage.ADSDriver"/>
< property name="url" value="jdbc:extendedsystems:advantage://localhost:6262/test/test.add;User=testuser;Password=testuser"/>
< /bean>
Where as if am connecting through JNDI, am getting the exception as login failed. I dont know why it is not working through JNDI
applicationcontext.xml configuration
< bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean"><br/>
< property name="jndiName" value="peopleSoftDataSource" /><br/>
< property name="resourceRef" value="true" /><br/>
< /bean>
server.xml configuration
< Resource driverClassName="com.extendedsystems.jdbc.advantage.ADSDriver" maxActive="4" maxIdle="2" maxWait="5000" name="jdbc/PeopleSoft"
removeAbandoned="true" type="javax.sql.DataSource" url="jdbc:extendedsystems:advantage://localhost:6262/test/test.add;User=testuser;Password=testuser;" />
Kindly someone help with the above issue.
I am not familiar with using JNDI, however, I notice that there is a discrepancy in the name of the data source between the two xml configuration files. One has "peopleSoftDataSource" and the other has just "peopleSoft". Could that be the problem?
I found the solution and it is working fine now.
we have to provide the path as below
< Resource driverClassName="com.extendedsystems.jdbc.advantage.ADSDriver" maxActive="4" maxIdle="2" maxWait="5000" name="jdbc/PeopleSoft"
removeAbandoned="true" type="javax.sql.DataSource" url="jdbc:extendedsystems:advantage://localhost:6262;catalog=C:/ProfitMaker/ASIPlays/asipm.add;user=asiadsuser;password=asiadsuser"/>
instead of below
< Resource driverClassName="com.extendedsystems.jdbc.advantage.ADSDriver" maxActive="4" maxIdle="2" maxWait="5000" name="jdbc/PeopleSoft"
removeAbandoned="true" type="javax.sql.DataSource" url="jdbc:extendedsystems:advantage://localhost:6262/test/test.add;User=testuser;Password=testuser;" />
Thanks,
Rishi
I persist with every error I get thrown and mostly always work out the solution. I find a good walk helps. But this one has me stumped, I've been staring at this same error all day. Like Ticcie in Invalid Oracle URL specified: OracleDataSource.makeURL suggests, the error message does nothing to help understand what is wrong.
SEVERE: Exception during lifecycle processing
org.glassfish.deployment.common.DeploymentException: Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.5.0.v20130507-3faac2b): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Invalid Oracle URL specified: OracleDataSource.makeURL
Error Code: 0
at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.deploy(EntityManagerSetupImpl.java:762)
at org.eclipse.persistence.internal.jpa.EntityManagerFactoryDelegate.getAbstractSession(EntityManagerFactoryDelegate.java:204)
I am doing Arquillian Integration Testing for a Java EE 7 EAR application. Its been going well using JPA and the DerbyDb but I now need to test Native Oracle DB (11g) SQL. So I've setup a new testing project to connect to an OracleDB using EclipseLink.
I CAN connect to the database through the Eclipse IDE DataSource explorer and ping it no problems.
I DO connect to a sister Oracle database in Glassfish standalone and ping it no problems.
But the Arquillian Test cannot connect to it with the above ambiguous error. It would be nice if the error said what exactly is the problem.
I use exactly the same URL as I have with the Eclipse IDE DataSource explorer:
jdbc:oracle:thin:#marina.work.com:1521:orcl
The Arquillian setup is the same as I did for DerbyDb (pretty-much same as http://arquillian.org/guides/testing_java_persistence/) with these variations for OracleDB:
src/main/resources-glassfish-embedded/sun-resources.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE resources PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Resource Definitions//EN" "http://glassfish.org/dtds/glassfish-resources_1_5.dtd">
<resources>
<jdbc-resource pool-name="ArquillianOraclePool" jndi-name="jdbc/arquillian" />
<jdbc-connection-pool name="ArquillianOraclePool" res-type="javax.sql.DataSource" datasource-classname="oracle.jdbc.pool.OracleDataSource"
is-isolation-level-guaranteed="false" >
</jdbc-connection-pool>
</resources>
src/main/resources-glassfish-embedded/test-persistence.xml
<?xml version="1.0" encoding="UTF-8"?>
<persistence version="2.0" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://java.sun.com/xml/ns/persistence
http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd">
<persistence-unit name="esaarch01-pu" transaction-type="JTA">
<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>
<jta-data-source>jdbc/arquillian</jta-data-source>
<jar-file>test.jar</jar-file>
<exclude-unlisted-classes>false</exclude-unlisted-classes>
<properties>
<property name="javax.persistence.jdbc.Url" value="jdbc:oracle:thin:#marina.work.com:1521:orcl" />
<property name="javax.persistence.jdbc.Password" value="demo" />
<property name="javax.persistence.jdbc.User" value="test" />
<property name="javax.persistence.jdbc.driver" value="oracle.jdbc.OracleDriver" /> <!-- driver. -->
<property name="javax.persistence.jdbc.platform" value="org.eclipse.persistence.platform.database.oracle.OraclePlatform" />
<property name="eclipselink.ddl-generation" value="drop-and-create-tables" />
<property name="eclipselink.logging.level" value="FINE" />
<property name="eclipselink.logging.level.sql" value="FINE" />
</properties>
</persistence-unit>
</persistence>
I've introduced XML well-formedness errors such as text in the properties element and receive the following error. This shows that this file is being picked up for the correct purposes:
java.io.IOException: org.xml.sax.SAXParseException; lineNumber: 21; columnNumber: 16; Deployment descriptor file META-INF/persistence.xml in archive [test.jar]. cvc-complex-type.2.3: Element 'properties' cannot have character [children], because the ...
I've tried different property names but none change the error message. Which makes me think that the URL property isn't being picked up at all.
I've tried different variations of the URL (with matching mods for name and password):
javax.persistence.jdbc.url URL Url (three variations)
eclipselink.jdbc.url URL Url (three variations)
No variation works. Same error.
It would be really nice if the exception can be more specific about what it can and cannot find.
My question is, can anyone tell me the solution or suggest what's wrong or something I can try and work out what is going wrong?
UPDATE
I've posted this question on the Oracle forums and included the entire stack trace and the sample minimal code plus some instructions. If anyone is keen to look at it I'd be grateful.
https://forums.oracle.com/message/11152777#11152777
driver type is not provided, for my case, I used "thin" xaProperties.driverType="thin", please find similar config for your case.
I'm using thymeleaf 2.0.5 with spring 3 mvc configured as follows in webmvc-config.xml
<bean id="templateResolver"
class="org.thymeleaf.templateresolver.ServletContextTemplateResolver"
p:prefix="/WEB-INF/templates/"
p:suffix=".html"
p:templateMode="HTML5" />
<bean id="templateEngine"
class="org.thymeleaf.spring3.SpringTemplateEngine"
p:templateResolver-ref="templateResolver" />
<bean id="viewResolver"
class="org.thymeleaf.spring3.view.ThymeleafViewResolver"
p:templateEngine-ref="templateEngine" />
The above configuration is working fine. The problem is that when an exception is thrown I see the following cryptic message in the logs:
ERROR org.thymeleaf.TemplateEngine - [THYMELEAF][1] Exception processing template "dataAccessFailure": Error resolving template "dataAccessFailure", template might not exist or might not be accessible by any of the configured Template Resolvers
Is there a way to configure the view resolver to exclude certain patterns?
As per the accepted answer I changed the following bean config in webmvc-config.xml
<bean id="viewResolver"
class="org.thymeleaf.spring3.view.ThymeleafViewResolver"
p:templateEngine-ref="templateEngine"
p:viewNames="index,questionnaires/*" />
You can configure your template resolver to only resolve certain view names by means of the template resolver's viewNames property. In this property you can enter several patterns (separated by commas) and use wildcards like e.g. admin/*.
Disclaimer, due to StackOverflow rules: I am thymeleaf's author.
Could you possibly have an error page mapped to "dataAccessFailure" in your web.xml. Something like:
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/dataAccessFailure</location>
</error-page>
I am novice to portlet development using spring mvc on liferay. I am doing POC for my project.
In my jsp page, i sent the request to the controller as follows:-
<portlet:renderURL var="myRenderURL">
<portlet:param name="action" value="accounts"/>
</portlet:renderURL>
Currently i want to write functionality for only viewing the page using controller i.e. VIEW mode.
Now when i map the controller using the PortletModeHandlerMapping it works perfectly fine and request does goes to the controller as expected. Following is the code snippet :-
**<bean id="portletModeHandlerMapping"
class="org.springframework.web.portlet.handler.PortletModeHandlerMapping">
<property name="portletModeMap">
<map>
<entry key="view" value-ref="partyAccountsSearchController" />
</map>
</property>
</bean>**
But when i want the same functionality using the ParameterHandlerMapping. I am getting following error:-
07:46:16,704 WARN [PageNotFound:1010] No mapping found for current request in DispatcherPortlet with name 'LiferaySpringMVCPortlet', mode 'view', phase 'RENDER_PHASE', session '216338AB54AAF5E16EE373D9B97E640A', user 'null
07:46:16,704 ERROR [DispatcherPortlet:559] Could not complete request
javax.portlet.UnavailableException: No handler found for request
at org.springframework.web.portlet.DispatcherPortlet.noHandlerFound(DispatcherPortlet.java:1017)
at org.springframework.web.portlet.DispatcherPortlet.doRenderService(DispatcherPortlet.java:706)
at org.springframework.web.portlet.FrameworkPortlet.processRequest(FrameworkPortlet.java:522)
at org.springframework.web.portlet.FrameworkPortlet.doDispatch(FrameworkPortlet.java:470)
at javax.portlet.GenericPortlet.render(GenericPortlet.java:233)
at com.liferay.portlet.FilterChainImpl.doFilter(FilterChainImpl.java:101)
at com.liferay.portal.kernel.portlet.PortletFilterUtil.doFilter(PortletFilterUtil.java:64)
at com.liferay.portal.kernel.servlet.PortletServlet.service(PortletServlet.java:92)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:551)
at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:488)
at com.liferay.portlet.InvokerPortletImpl.invoke(InvokerPortletImpl.java:638)
at com.liferay.portlet.InvokerPortletImpl.invokeRender(InvokerPortletImpl.java:723)
at com.liferay.portlet.InvokerPortletImpl.render(InvokerPortletImpl.java:425)
at org.apache.jsp.html.portal.render_005fportlet_jsp._jspService(Unknown Source)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:551)
at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:488)
at com.liferay.portal.util.PortalImpl.renderPortlet(PortalImpl.java:3740)
at com.liferay.portal.util.PortalUtil.renderPortlet(PortalUtil.java:1180)
at com.liferay.portlet.layoutconfiguration.util.RuntimePortletUtil.processPortlet(RuntimePortletUtil.java:160)
at com.liferay.portlet.layoutconfiguration.util.RuntimePortletUtil.processPortlet(RuntimePortletUtil.java:94)
at com.liferay.portlet.layoutconfiguration.util.RuntimePortletUtil.processTemplate(RuntimePortletUtil.java:256)
at com.liferay.portlet.layoutconfiguration.util.RuntimePortletUtil.processTemplate(RuntimePortletUtil.java:181)
Following is the code snippet which i have written for mapping request to ParameterHandlerMapping:-
**<bean id="parameterHandlerMapping"
class="org.springframework.web.portlet.handler.ParameterHandlerMapping">
<property name="parameterMap">
<map>
<entry key="accounts" value-ref="partyAccountsController" />
</map>
</property>
</bean>**
Now there is a special thing happening here, if i map the request to defaultHandler in ParameterHandlerMapping, it works. i.e. adding
**<property name="defaultHandler" value="partyAccountsController"/>**
inside the parameterHandlerMapping bean.
I am not sure if i am missing something while configuring the ParameterHandlerMapping.
Can anyone please let how to what is the issue here while configuring ParameterHandlerMapping.
Any help will be appreicated.
Thanks.
Regards,
-Nayan Parikh
I am using spring 3.0.5 MVC and trying to defined LoginInterceptor for specified path /fx. I looked up and found the way to use is:
<mvc:interceptors>
<!-- Changes the locale when a 'locale' request parameter is sent; e.g. /?locale=de -->
<bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor" />
<mvc:interceptor>
<mapping path="/fx"/>
<bean class="com.fxiapi.auth.LoginInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
I want to use this for any page other than Login page for certain URI. Is their a way to ignore login page URI. Also, using this was I am getting following exception:
2011-02-07 11:04:22,756 ERROR http-0.0.0.0-8680-1 Context initialization failed
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 31 in XML document from ServletContext resource [/WEB-INF/spring/appServlet/servlet-context.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element 'mapping'. One of '{"http://www.springframework.org/schema/mvc":mapping}' is expected.
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:396)
Can someone please help? Whats the alternate if I cant use tag?
The error message tells you what's wrong - you need the namespace prefix on the <mapping> element also:
<mvc:interceptor>
<mvc:mapping path="/fx"/>
...
</mvc:interceptor>