Spring Security Core Plugin

Pure LDAP authentication failes when Spring Security is not the default namespace in resources.xml

Details

  • Type: Bug Bug
  • Status: Open Open
  • Priority: Major Major
  • Resolution: Unresolved
  • Affects Version/s: None
  • Fix Version/s: None
  • Component/s: None
  • Labels:
    None
  • Environment:
    Windows XP, Grails 1.2-M2, Spring Security 2.0.4, using resources.xml to define Security components

Description

Just went through Spring Security, thinking it was a bug in their system (https://jira.springsource.org/browse/SEC-1244), and confirmed it was not. This is a Grails bug.
===========================================================================================
I coded a pure LDAP authentication/authorization solution (no DAO entities) with the following XML configuration.

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">

<security:http>
<security:intercept-url pattern="/**" access="ROLE_USER" />
<security:form-login />
<security:anonymous />
<security:http-basic />
<security:logout />
</security:http>
<security:ldap-server url="<scrubbed url>"/>
<security:ldap-authentication-provider user-dn-pattern="uid={0},ou=people"/>

</beans:beans>

This generated the error message:

2009-09-10 12:32:42,328 [main] ERROR [localhost].[/<scrub>] - Exception sending context initialized event to listener instance of class org.codehaus.groovy.grails.web.context.GrailsContextLoaderListener org.springframework.beans.factory.access.BootstrapException: Error executing bootstraps; nested exception is org.springframework.security.config.SecurityConfigurationException: No SpringSecurityContextSource instances found. Have you added an <ldap-server /> element to your application context?

I altered resources.xml to make security namespace the default...

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">


<http>
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login />
<anonymous />
<http-basic />
<logout />
</http>
<ldap-server url="<scrubbed>"/>
<ldap-authentication-provider user-dn-pattern="uid={0},ou=people"/>

</beans:beans>

Everything works now!
================================================================
I know this isn't a Spring Security issue, because I just ran a pure Java/Swing application using this configuration:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">

<context:component-scan base-package="<scrubbed packagename>"/>

<bean id="securityAspect" class="<scrubbed classname>" factory-method="aspectOf">
<property name="securityInterceptor"><ref bean="securityInterceptor"/></property>
</bean>

<security:ldap-server url="<scrubbed url>"/>
<security:ldap-authentication-provider user-dn-pattern="uid={0},ou=people"/>
<security:authentication-manager alias="authenticationManager"/>

<context:load-time-weaver/>

</beans>

Activity

Hide
Permalink
Aaron J. Zirbes added a comment -

I believe the preferred solution is to use the spring-security-ldap plugin to do LDAP only authentication and authorization. I've tested this and it works fine for me. ( as long as http://jira.grails.org/browse/GPSPRINGSECURITYCORE-160 ) gets pushed out.

I can successfully use pure LDAP (in an active directory environment) with the spring-security-ldap:1.0.5 and this:

https://github.com/aaronzirbes/grails-spring-security-core/tree/1.2.7.2

version of spring security core.

See: http://jira.grails.org/browse/GPSPRINGSECURITYCORE-160

Show
Aaron J. Zirbes added a comment - I believe the preferred solution is to use the spring-security-ldap plugin to do LDAP only authentication and authorization. I've tested this and it works fine for me. ( as long as http://jira.grails.org/browse/GPSPRINGSECURITYCORE-160 ) gets pushed out. I can successfully use pure LDAP (in an active directory environment) with the spring-security-ldap:1.0.5 and this: https://github.com/aaronzirbes/grails-spring-security-core/tree/1.2.7.2 version of spring security core. See: http://jira.grails.org/browse/GPSPRINGSECURITYCORE-160

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
Atlassian JIRA (v4.4.1#660-r161644) | Report a problem
Powered by a free Atlassian JIRA open source license for Grails project. Try JIRA - bug tracking software for your team.