stackoom
  简体   繁体   中英

Uncategorized exception for using correct credentials in LDAP authentication

 原文  2016-04-20 15:31:35       java/ authentication/ spring-security/ ldap

Question

I would like to implement LDAP authentication for a web application using Spring Boot. Here is my WebSecurityConfig class: 

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .anyRequest()
                .authenticated()
                .and()
            .formLogin();
    }

    @Configuration
    protected static class AuthenticationConfiguration extends
            GlobalAuthenticationConfigurerAdapter {

        @Override
        public void init(AuthenticationManagerBuilder auth) throws Exception {
            auth
                .ldapAuthentication()
                    .userDnPatterns("cn={0},ou=institution,ou=people")
                    .contextSource()
                    .url("ldap://ldap.mdanderson.edu:389/dc=mdanderson,dc=edu");
        }
    }   
}

I tested it with my credentials. Here is the screenshot of my user information from LDAP server:

在此处输入图片说明

On login page, if I type in djiao as my username and a wrong password, it will say Bad credentials . However if I give the correct password, I would get 500: 

There was an unexpected error (type=Internal Server Error, status=500).
Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name ''

It seems binding to ldap server is successful otherwise it would not distinguish correct password from bad password. But why am I getting this exception?

EDIT:

From the output of IDE console, I see a lot of messages like Rejected bean and Unable to locate LocaleResolver , etc. They do not appear to be errors, but I don't know if they are causing the error. Below is the stack trace: 

210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'springBootLoggingSystem': no URL paths identified
[2m2016-04-20 11:34:53.876[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'environment': no URL paths identified
[2m2016-04-20 11:34:53.876[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'systemProperties': no URL paths identified
[2m2016-04-20 11:34:53.876[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'systemEnvironment': no URL paths identified
[2m2016-04-20 11:34:53.876[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'org.springframework.context.annotation.ConfigurationClassPostProcessor.importRegistry': no URL paths identified
[2m2016-04-20 11:34:53.878[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'messageSource': no URL paths identified
[2m2016-04-20 11:34:53.878[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'servletContext': no URL paths identified
[2m2016-04-20 11:34:53.878[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'contextParameters': no URL paths identified
[2m2016-04-20 11:34:53.878[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'contextAttributes': no URL paths identified
[2m2016-04-20 11:34:53.889[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
[2m2016-04-20 11:34:53.889[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
[2m2016-04-20 11:34:53.906[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36m.m.m.a.ExceptionHandlerExceptionResolver[0;39m [2m:[0;39m Looking for exception mappings: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@2dfbba12: startup date [Wed Apr 20 11:34:48 CDT 2016]; root of context hierarchy
[2m2016-04-20 11:34:53.940[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
[2m2016-04-20 11:34:54.344[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.j.e.a.AnnotationMBeanExporter       [0;39m [2m:[0;39m Registering beans for JMX exposure on startup
[2m2016-04-20 11:34:54.370[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.resource.ResourceUrlProvider    [0;39m [2m:[0;39m Looking for resource handler mappings
[2m2016-04-20 11:34:54.371[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.resource.ResourceUrlProvider    [0;39m [2m:[0;39m Found resource handler mapping: URL pattern="/**/favicon.ico", locations=[class path resource [META-INF/resources/], class path resource [resources/], class path resource [static/], class path resource [public/], class path resource []], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@3ba74ae5]
[2m2016-04-20 11:34:54.371[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.resource.ResourceUrlProvider    [0;39m [2m:[0;39m Found resource handler mapping: URL pattern="/webjars/**", locations=[class path resource [META-INF/resources/webjars/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@64261efb]
[2m2016-04-20 11:34:54.371[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.resource.ResourceUrlProvider    [0;39m [2m:[0;39m Found resource handler mapping: URL pattern="/**", locations=[ServletContext resource [/], class path resource [META-INF/resources/], class path resource [resources/], class path resource [static/], class path resource [public/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@2bc241b]
[2m2016-04-20 11:34:54.435[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36ms.b.c.e.t.TomcatEmbeddedServletContainer[0;39m [2m:[0;39m Tomcat started on port(s): 8080 (http)
[2m2016-04-20 11:34:54.436[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.c.s.StandardServletEnvironment    [0;39m [2m:[0;39m Adding [server.ports] PropertySource with highest search precedence
[2m2016-04-20 11:34:54.442[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.m.r.ristore.ws.RistoreWebApplication  [0;39m [2m:[0;39m Started RistoreWebApplication in 6.32 seconds (JVM running for 6.784)
[2m2016-04-20 11:35:04.459[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Initializing servlet 'dispatcherServlet'
[2m2016-04-20 11:35:04.460[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.a.c.c.C.[Tomcat].[localhost].[/]      [0;39m [2m:[0;39m Initializing Spring FrameworkServlet 'dispatcherServlet'
[2m2016-04-20 11:35:04.460[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m FrameworkServlet 'dispatcherServlet': initialization started
[2m2016-04-20 11:35:04.460[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Using MultipartResolver [org.springframework.web.multipart.support.StandardServletMultipartResolver@3f7834e2]
[2m2016-04-20 11:35:04.464[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Unable to locate LocaleResolver with name 'localeResolver': using default [org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver@7488cec1]
[2m2016-04-20 11:35:04.494[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Unable to locate ThemeResolver with name 'themeResolver': using default [org.springframework.web.servlet.theme.FixedThemeResolver@63934d10]
[2m2016-04-20 11:35:04.499[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Unable to locate RequestToViewNameTranslator with name 'viewNameTranslator': using default [org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator@47fce61b]
[2m2016-04-20 11:35:04.504[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Unable to locate FlashMapManager with name 'flashMapManager': using default [org.springframework.web.servlet.support.SessionFlashMapManager@3cab6c9d]
[2m2016-04-20 11:35:04.505[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Published WebApplicationContext of servlet 'dispatcherServlet' as ServletContext attribute with name [org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcherServlet]
[2m2016-04-20 11:35:04.505[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m FrameworkServlet 'dispatcherServlet': initialization completed in 45 ms
[2m2016-04-20 11:35:04.505[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Servlet 'dispatcherServlet' configured successfully
[2m2016-04-20 11:35:09.671[0;39m [31mERROR[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.a.c.c.C.[.[.[/].[dispatcherServlet]   [0;39m [2m:[0;39m Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception

org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090748, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]; remaining name ''
    at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:228) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:397) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:328) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:629) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:570) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForMultipleAttributeValues(SpringSecurityLdapTemplate.java:241) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleAttributeValues(SpringSecurityLdapTemplate.java:166) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:238) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:207) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:215) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:87) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:192) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:93) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:120) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:87) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_80]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_80]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at java.lang.Thread.run(Thread.java:745) [na:1.7.0_80]
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090748, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3127) ~[na:1.7.0_80]
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) ~[na:1.7.0_80]
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840) ~[na:1.7.0_80]
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1849) ~[na:1.7.0_80]
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772) ~[na:1.7.0_80]
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) ~[na:1.7.0_80]
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) ~[na:1.7.0_80]
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) ~[na:1.7.0_80]
    at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) ~[na:1.7.0_80]
    at org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:322) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:363) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    ... 64 common frames omitted

[2m2016-04-20 11:35:09.675[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m DispatcherServlet with name 'dispatcherServlet' processing POST request for [/error]
[2m2016-04-20 11:35:09.676[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Looking up handler method for path /error
[2m2016-04-20 11:35:09.679[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Returning handler method [public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)]
[2m2016-04-20 11:35:09.745[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.w.s.v.ContentNegotiatingViewResolver[0;39m [2m:[0;39m Requested media types are [text/html, text/html;q=0.8] based on Accept header types and producible media types [text/html])
[2m2016-04-20 11:35:09.747[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.w.s.v.ContentNegotiatingViewResolver[0;39m [2m:[0;39m Returning [org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$SpelView@c5860a] based on requested media type 'text/html'
[2m2016-04-20 11:35:09.747[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Rendering view [org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$SpelView@c5860a] in DispatcherServlet with name 'dispatcherServlet'
[2m2016-04-20 11:35:09.752[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Successfully completed request

EDIT #2: Here is the contextSource config from another project within the same institution. 

<beans:bean id="contextSource"
            class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <beans:constructor-arg value="ldap://ldap.mdanderson.edu:389/DC=mdanderson,DC=edu" />
    <beans:property name="userDn" value="ou=institution,ou=people" />
    <beans:property name="password" value="password" />
</beans:bean>

2 answers

solution1
 1 ACCPTED  2016-04-20 17:19:36

So the issue is really what I expected. I have basically no explanation why you are getting a wrong credentials error back when you give a wrong password but the problem why you see this exception is easy. You need to configure a user that is allowed to read the LDAP server. In your AuthenticationConfiguration you are just defining the URL of the LDAP server but no user which would be allowed to execute a search and read from there. LDAP authentication works in a two step approach:

  1. Your app will try to find a DN matching your criteria given in the userSearchFilter . For this it will need a manager connection which you can define using managerDN() and managerPassword() methods of your contextSource() definition. If this search is successful...
  2. it will execute a second bind operation using the DN and the given password and if successful read out your node (as well as linked groups) to populate your Principal or UserDetails object.

Look at the answer in the other post which is defining the manager connection like 

.contextSource()
        .url("ldaps://<ap-ldap-server>")
        .port(639)
        .managerDn("cn=binduser,ou=users,dc=ap,dc=domain,dc=com")
        .managerPassword("some pass")

solution2
 0  2016-04-20 16:38:25

LDAP authentication is usually simple. What you need is a simple POJO client to test whether the binding is happening or not.

In my project, we connect to LDAP using a super id for binding and then use the user id and password to test again if the password is correct or not.

You can try that approach.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Unable to authenticate LDAP account using Spring 3.1 with correct credentials Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException What is the correct format for SECURITY_PRINCIPAL in LDAP authentication using "com.sun.jndi.ldap.LdapCtxFactory" nullpointer exception in createSuccessfulAuthentication with Ldap Authentication LDAP Authentication using Java Spring Security - Authentication not working even the credentials are correct Spring LDAP authentication bad credentials password in Salted SHA type JSch PAM authentication - “Auth fail” - credentials are correct Basic Authentication on Glassfish using Ldap Simple LDAP authentication using Java
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM