-Updated with pics of request header and params.
Can anyone tell me why WSo2 API Manager does not authenticate?
I have set up two WSo2 API Manager 1.6.0 instances. One that is distributed and a stand alone instance. I also have created a version of the CDYNE sample API that requires authorization and another version that does not. It does not appear that the API is published correctly because it does not matter what level I set the api security to when creating the api.
Here is the api on the gateway:
<?xml version="1.0" encoding="UTF-8"?><api xmlns="http://ws.apache.org/ns/synapse" name="Creator1--APIPhoneVerify" context="/APIPhoneVerify" version="2.0.0" version-type="url">
<resource methods="POST GET OPTIONS DELETE PUT" url-mapping="/CheckPhoneNumber">
<inSequence>
<property name="POST_TO_URI" value="true" scope="axis2"/>
<filter source="$ctx:AM_KEY_TYPE" regex="PRODUCTION">
<then>
<send>
<endpoint name="Creator1--APIPhoneVerify_APIproductionEndpoint_0">
<http uri-template="http://ws.cdyne.com/phoneverify/phoneverify.asmx">
<timeout>
<duration>30000</duration>
<responseAction>fault</responseAction>
</timeout>
<suspendOnFailure>
<errorCodes>-1</errorCodes>
<initialDuration>0</initialDuration>
<progressionFactor>1.0</progressionFactor>
<maximumDuration>0</maximumDuration>
</suspendOnFailure>
<markForSuspension>
<errorCodes>-1</errorCodes>
</markForSuspension>
</http>
</endpoint>
</send>
</then>
<else>
<send>
<endpoint name="Creator1--APIPhoneVerify_APIsandboxEndpoint_0">
<http uri-template="http://ws.cdyne.com/phoneverify/phoneverify.asmx">
<timeout>
<duration>30000</duration>
<responseAction>fault</responseAction>
</timeout>
<suspendOnFailure>
<errorCodes>-1</errorCodes>
<initialDuration>0</initialDuration>
<progressionFactor>1.0</progressionFactor>
<maximumDuration>0</maximumDuration>
</suspendOnFailure>
<markForSuspension>
<errorCodes>-1</errorCodes>
</markForSuspension>
</http>
</endpoint>
</send>
</else>
</filter>
</inSequence>
<outSequence>
<send/>
</outSequence>
</resource>
<handlers>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.throttling.APIThrottleHandler">
<property name="id" value="A"/>
<property name="policyKey" value="gov:/apimgt/applicationdata/tiers.xml"/>
</handler>
<handler class="org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageHandler"/>
<handler class="org.wso2.carbon.apimgt.usage.publisher.APIMgtGoogleAnalyticsTrackingHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler"/>
</handlers>
</api>
When I use the 'try it' feature it appears that the key is not passed and I get an error.
Here is the key:
Here is the response:
Here is the wso2carbon.log:
TID: [0] [AM] [2014-02-05 14:25:02,513] ERROR {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} - API authentication failure {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler}
org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException: Access failure for API: /APIPhoneVerify, version: 2.0.0 with key: null
at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.java:139)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:92)
at org.apache.synapse.rest.API.process(API.java:285)
at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:76)
at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:63)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:220)
at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:83)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:336)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:168)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
TID: [0] [AM] [2014-02-05 14:25:02,516] INFO {org.wso2.carbon.bam.message.tracer.handler.util.HandlerUtils} - Massage Info: Transaction id=115815524651347724395990 Message direction=OUT Server name=7.40.2.26:9765 Timestamp=1391631902516 Service name=__SynapseService Operation Name=mediate {org.wso2.carbon.bam.message.tracer.handler.util.HandlerUtils}
I then tried from an external source in case it was a 'tryit' problem. In this case the key was at least passed.
Here is the request and reply:
Here is the wso2carbon.log:
TID: [0] [AM] [2014-02-05 14:26:24,053] ERROR {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} - API authentication failure {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler}
org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException: Access failure for API: /APIPhoneVerify, version: 2.0.0 with key: CgtcOiDinAKo4hKbtDV_fr6JIVAa
at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.java:139)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:92)
at org.apache.synapse.rest.API.process(API.java:285)
at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:76)
at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:63)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:220)
at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:83)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:336)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:168)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
TID: [0] [AM] [2014-02-05 14:26:24,056] INFO {org.wso2.carbon.bam.message.tracer.handler.util.HandlerUtils} - Massage Info: Transaction id=115823714657361932967093 Message direction=OUT Server name=7.40.2.26:9765 Timestamp=1391631984056 Service name=__SynapseService Operation Name=mediate {org.wso2.carbon.bam.message.tracer.handler.util.HandlerUtils}
Can you please try this API
http://api.openweathermap.org/data/2.5/weather
with parameter q=London
The final request should look like the following
http://localhost:8280/yourAPI/1.0?q=London
I have added 2 versions of the same api. 1.6.0 (which doesn't work) and 1.6.1 (which does work).
The error message regarding API authenication failure led me to believe it was a auth problem.
However, since your worked with the /* url pattern I tried that, instead of a pattern of /CheckPhoneNumber and it worked. I guess having a url pattern of /CheckPhoneNumber and updating the swagger doc to have the definition include /CheckPhoneNumber are NOT the same thing.
Related
The Problem:
I'm setting up hazelcast AutoDiscovery feature to be used in Azure Environments. I am following the github document for the same: https://github.com/hazelcast/hazelcast-azure
But I am getting the following error:
Exception in thread "main" com.hazelcast.config.InvalidConfigurationException: Invalid configuration
at com.hazelcast.spi.discovery.impl.DefaultDiscoveryService.loadDiscoveryStrategies(DefaultDiscoveryService.java:147)
.....
com.hazelcast.core.server.StartServer.main(StartServer.java:46)
Caused by: com.hazelcast.config.properties.ValidationException: There is no discovery strategy factory to create 'DiscoveryStrategyConfig{properties={group-name=****, client-secret=****, subscription-id=****, client-id=****, tenant-id=****, cluster-id=****}, className='com.hazelcast.azure.AzureDiscoveryStrategy', discoveryStrategyFactory=null}' Is it a typo in a strategy classname? Perhaps you forgot to include implementation on a classpath?
at com.hazelcast.spi.discovery.impl.DefaultDiscoveryService.buildDiscoveryStrategy(DefaultDiscoveryService.java:186)
...
I have tried the following properties:
<azure enabled="true">
<client-id>****</client-id>
<client-secret>****</client-secret>
<tenant-id>****</tenant-id>
<subscription-id>****</subscription-id>
<cluster-id>****</cluster-id>
<group-name>****</group-name>
</azure>
Since This was not working I even tried using discovery strategy with the following code snipppet:
<discovery-strategies>
<!-- class equals to the DiscoveryStrategy not the factory! -->
<discovery-strategy enabled="true" class="com.hazelcast.azure.AzureDiscoveryStrategy">
<properties>
<property name="client-id">****</property>
<property name="client-secret">****</property>
<property name="tenant-id">****</property>
<property name="subscription-id">****</property>
<property name="cluster-id">****</property>
<property name="group-name">****</property>
</properties>
</discovery-strategy>
</discovery-strategies>
Even switched the value of class from:
class="com.hazelcast.azure.AzureDiscoveryStrategy"
to
class="com.hazelcast.azure.AzureDiscoveryStrategyFactory"
I have tried the above with hazelcast versions 3.12.2, 3.12.1, 3.12 and 3.11.4 and all are giving same result.
Please suggest what I am doing incorrectly and what else is required.
I am attempting to fix a problem I have with restoring nuget packages for a .net core 2.0 webapi that has a custom package source.
Basically when including the nuget.config any microsoft packages fail to install because it seems to ignore my nuget reference.
I have found a workaround, that is to remove my custom nuget.config, let the build fail, once it fails it will have downloaded the proper things from nuget.org and then by adding the custom file back in, it will restore those microsoft packages from disk and then reachout to get my custom nuget package.
My nuget Package config looks like this:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
<add key="ASPNET Team" value="https://dotnet.myget.org/F/aspnetcore-ci-dev/api/v3/index.json" />
<add key="OTL" value="https://www.myget.org/F/{redacted}/api/v3/index.json" />
</packageSources>
<packageRestore>
<add key="enabled" value="True" />
<add key="automatic" value="True" />
</packageRestore>
<bindingRedirects>
<add key="skip" value="False" />
</bindingRedirects>
<packageManagement>
<add key="format" value="0" />
<add key="disabled" value="False" />
</packageManagement>
<disabledPackageSources />
</configuration>
The Errors from Kudu are:
An error occurred while sending the request.
A connection with the server could not be established
Retrying 'FindPackagesByIdAsync' for source 'https://www.myget.org/F/{redacted}/api/v3/flatcontainer/microsoft.extensions.caching.sqlserver/index.json'.
An error occurred while sending the request.
A connection with the server could not be established
Retrying 'FindPackagesByIdAsync' for source 'https://dotnetmyget.blob.core.windows.net/artifacts/aspnetcore-ci-dev/nuget/v3/flatcontainer/microsoft.extensions.hosting.abstractions/index.json'.
An error occurred while sending the request.
A connection with the server could not be established
Retrying 'FindPackagesByIdAsync' for source 'https://dotnetmyget.blob.core.windows.net/artifacts/aspnetcore-ci-dev/nuget/v3/flatcontainer/microsoft.extensions.caching.sqlserver/index.json'.
An error occurred while sending the request.
A connection with the server could not be established
Retrying 'FindPackagesByIdAsync' for source 'https://dotnetmyget.blob.core.windows.net/artifacts/aspnetcore-ci-dev/nuget/v3/flatcontainer/microsoft.entityframeworkcore.tools/index.json'.
An error occurred while sending the request.
A connection with the server could not be established
Retrying 'FindPackagesByIdAsync' for source 'https://www.myget.org/F/{redacted}/api/v3/flatcontainer/microsoft.extensions.dependencyinjection.abstractions/index.json'.
An error occurred while sending the request.
A connection with the server could not be established
Retrying 'FindPackagesByIdAsync' for source 'https://dotnetmyget.blob.core.windows.net/artifacts/aspnetcore-ci-dev/nuget/v3/flatcontainer/microsoft.extensions.dependencyinjection.abstractions/index.json'.
An error occurred while sending the request.
A connection with the server could not be established
Retrying 'FindPackagesByIdAsync' for source 'https://www.myget.org/F/{redacted}/api/v3/flatcontainer/microsoft.extensions.caching.sqlserver/index.json'.
Doing a dotnet restore directly from Kudu console yields the same results. I have pulled the NuGet.config from my development machine which i know successfully restores both microsoft packages and custom packages and attempted to use that and it still failed.
I'm beginning to think its an outbound port blocking firewall thing within azure but some googling of outbound firewall or proxy on webapp was not fruitful.
So after researching and dealing with the Kudu team and Nuget team we found that Azure WebApps has a limited amount of threads in basic and free tiers and when nuget restores happen it does so in a parallel asynchronous way and it hits the thread limit and fails.
To fix, you have to deploy a custom deployment script with --disable-parallel on the dotnet restore.
As the title, if I config "require_ssl_reuse=NO" for vsftpd, the following configuration works well.
Is that possible and how to config Spring Integration FTP to connect the vsftpd that without config "require_ssl_reuse=NO"?
Exception:
Caused by: org.springframework.messaging.MessagingException: Failed to write to '/ftp/upload/test.txt.writing' while uploading the file; nested exception is java.io.IOException: Failed to write to '/ftp/upload/test.txt.writing'. Server replied with: 522 SSL connection failed; session reuse required: see require_ssl_reuse option in vsftpd.conf man page
Here is my configuration:
<beans:bean id="ftpSessionFactory" class="org.springframework.integration.ftp.session.DefaultFtpsSessionFactory">
<beans:property name="host" value="202.101.1.106"/>
<beans:property name="port" value="21"/>
<beans:property name="username" value="tom"/>
<beans:property name="password" value="tom"/>
<beans:property name='clientMode' value='2'/>
<beans:property name='protocols' value='TLSv1, SSLv3'/>
</beans:bean>
See the answer to this question for work-around.
Subclass the session factory and override the createClientInstance method.
Feel free to open an 'improvement' JIRA Issue and we can look at adding it as a feature to the framework. Even better, consider contributing.
I work with Mule and I have some problem.
My mainflow.xml:
<?xml version="1.0" encoding="UTF-8"?><mule xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:vm="http://www.mulesoft.org/schema/mule/vm"
xmlns:file="http://www.mulesoft.org/schema/mule/file" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:spring="http://www.springframework.org/schema/beans" xmlns:core="http://www.mulesoft.org/schema/mule/core"
xmlns:http="http://www.mulesoft.org/schema/mule/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:management="http://www.mulesoft.org/schema/mule/management"
version="CE-3.3.0"
xsi:schemaLocation="http://www.mulesoft.org/schema/mule/vm http://www.mulesoft.org/schema/mule/vm/current/mule-vm.xsd http://www.mulesoft.org/schema/mule/file http://www.mulesoft.org/schema/mule/file/current/mule-file.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd http://www.mulesoft.org/schema/mule/management http://www.mulesoft.org/schema/mule/management/current/mule-management.xsd">
<!-- For show MX4J -->
<management:jmx-default-config port="1098"
registerMx4jAdapter="true">
</management:jmx-default-config>
<management:jmx-mx4j-adaptor jmxAdaptorUrl="http://localhost:9999"
login="admin" password="admin">
</management:jmx-mx4j-adaptor>
<management:jmx-server enableStatistics="true">
<management:connector-server
url="service:jmx:rmi:///jndi/rmi://localhost:1099/server" rebind="false" />
</management:jmx-server>
<management:rmi-server createRegistry="true" />
<!-- For get statistics -->
<notifications>
<notification event="EXCEPTION" />
<notification event="ENDPOINT-MESSAGE" />
<notification-listener ref="endpointNotificationLogger" />
<notification-listener ref="statesModuleExceptionNotificationListener" />
</notifications>
<spring:beans>
<!-- For show MX4J -->
<spring:bean id="exporter"
class="org.springframework.jmx.export.MBeanExporter" lazy-init="false">
<spring:property name="beans">
<spring:map>
<spring:entry key="bean:name=MBean1"
value-ref="MBean1" />
<spring:entry key="bean:name=MBean2"
value-ref="MBean2" />
</spring:map>
</spring:property>
</spring:bean>
<spring:bean id="MBean1" name="MBean1"
class="MBean1"></spring:bean>
<spring:bean id="MBean2" name="MBean2"
class="MBean2"></spring:bean>
<!-- For get statistics -->
<spring:bean name="endpointNotificationLogger"
class="MyEndpointNotificationListener" />
<spring:bean name="myExceptionNotificationListener"
class="MyExceptionNotificationListener" />
<spring:bean id="MyBean" name="MyBean"
class="MyBean">
</spring:bean>
</spring:beans>
<!-- <file:connector name="input" autoDelete="true" doc:name="File" />-->
<file:connector name="inputFileConnector" autoDelete="true" doc:name="File" >
<service-overrides messageReceiver="myFileMessageReceiver"/>
</file:connector>
<flow name="UnpackHandler" doc:name="UnpackHandler">
...
</flow>
<flow name="XmlToCsvTransformHandler" doc:name="XmlToCsvTransformHandler">
...
</flow>
Everything works OK in Tomcat. But after that I commit changes to SVN, checkout everything, package without changes and deploy app in Tomcat my application do not work!
The latest text in logs of Tomcat for my application:
DEBUG 18.12.2014 15:12:08 997 - DisposableBeanAdapter.invokeCustomDestroyMethod - Invoking destroy method 'dispose' on bean with name '_muleSystemModel'
INFO 18.12.2014 15:12:08 997 - ModelLifecycleManager.fireDisposePhase - Disposing model: _muleSystemModel
And there are no any logs about errors...
When application works OK, after this lines I see
DEBUG 18.12.2014 10:59:53 765 - MuleXmlBuilderContextListener.initialize - Mule config file(s): WEB-INF/classes/mainflow.xml
If I have this error and delete from mainflow.xml parts for mx4j and notifications everything works again:
<?xml version="1.0" encoding="UTF-8"?><mule xmlns="http://www.mulesoft.org/schema/mule/core" mlns:vm="http://www.mulesoft.org/schema/mule/vm" xmlns:file="http://www.mulesoft.org/schema/mule/file" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation" xmlns:spring="http://www.springframework.org/schema/beans" xmlns:core="http://www.mulesoft.org/schema/mule/core" xmlns:http="http://www.mulesoft.org/schema/mule/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="CE-3.3.0" xsi:schemaLocation="http://www.mulesoft.org/schema/mule/vm http://www.mulesoft.org/schema/mule/vm/current/mule-vm.xsd http://www.mulesoft.org/schema/mule/file http://www.mulesoft.org/schema/mule/file/current/mule-file.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd ">
</spring:beans>
<file:connector name="input" autoDelete="true" doc:name="File" />
<flow name="UnpackHandler" doc:name="UnpackHandler">
...
</flow>
<flow name="XmlToCsvTransformHandler" doc:name="XmlToCsvTransformHandler">
...
</flow>
After I write parts for mx4j and notifications step by step, do not paste all text of file what I take from SVN, it works again! So there is no difference between mainflow.xml when application works and doesn't work.
This behavior is in Linux server. In the Windows server and in my local machine everything is OK. I thought about differences between slashes, but I don't write slashes...
Why application behaves so strangely?
With the information you provide I can only guess that you have some logic in the notifications that hangs them if something on which they are dependedant is not already initializated somehow.
The fact that later it does work would somehow indicate this. I can suggest you to use in the beans the attribute depends-on to make sure it's initialized after your bean dependencies in case there are.
My web application uses Spring Security for authentication and authorisation.
The authentication is pre-authenticated via a corporate SSO. However, as a fallback, the application uses a form based login for authentication otherwise. This too is achieved using Spring Security by having a list of Authentication Providers configured in the deployment descriptor. Consider a typical scenario as described by a sequence as follows.
If the corporate SSO pre-authentication fails, the login page is presented to the user.
The entered credentials are submitted and since the SSOPreAuthentication Provider cannot find the principal (assuming SSO failure), the request is forwarded to the next Authentication Provider which is LdapAuthenticationProvider.
Here, what I have accidentally come across is that the LdapAuthenticationProvider that uses a BindAuthenticator, binds a username to the LDAP even if the password is partially correct (Only first 8 characters of the password are matched. The remaining are ignored).
Following is the configuration in my deployment descriptor, relevant to the discussion
<?xml version="1.0" encoding="UTF-8"?>
<!-- DO NOT EDIT FILE GENERATED BY BUILD SCRIPT (edit the config template version) -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd"><security:http auto-config="false" access-denied-page="/accessDenied.htm" access-decision-manager-ref="accessDecisionManager">
<security:form-login login-page="/login.htm" authentication-failure-url="/login.htm?error=true" />
<security:logout logout-success-url="/login.htm" />
<security:intercept-url pattern="/**/*" access="ROLE_DENIED" />
</security:http>
<bean id="preauthSSOFilter" class="MySSOProcessingFilter">
<security:custom-filter position="PRE_AUTH_FILTER" />
<property name="principalRequestHeader" value="XX1" />
<property name="credentialsRequestHeader" value="XX2" />
<property name="ldapUserIdRequestHeader" value="XX3" />
<property name="ldapDNRequestHeader" value="XX4" />
<property name="ldapAuthenticator" ref="ldapBindAuthenticator" />
<property name="anonymousUserIfPrincipalRequestHeaderMissing" value="[none]" />
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<bean id="ldapContextValidator" class="org.springframework.ldap.pool.validation.DefaultDirContextValidator" />
<bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://myLDAP.com:983/o=something.com"/>
</bean>
<bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
<security:custom-authentication-provider />
<constructor-arg ref="ldapBindAuthenticator" />
<constructor-arg ref="ldapAuthoritiesPopulator" />
</bean>
<bean id="ldapBindAuthenticator" class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<constructor-arg ref="ldapContextSource"/>
<property name="userSearch" ref="ldapUserSearch" />
</bean>
<bean id="ldapUserSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value=""/>
<constructor-arg index="1" value="(uid={0})"/>
<constructor-arg index="2" ref="ldapContextSource" />
</bean>
<bean id="ldapAuthoritiesPopulator" class="org.springframework.security.ldap.populator.UserDetailsServiceLdapAuthoritiesPopulator">
<constructor-arg ref="userDetailsService" />
</bean>
And here is a trace of the logs for two scenarios:
When the password is completely wrong (All characters wrong)
18:34:13,599 DEBUG [FilterChainProxy] /j_spring_security_check at
position 4 of 8 in additional filter chain; firing Filter:
'org.springframework.security.ui.webapp.AuthenticationProcessingFilter[
order=700; ]' 18:34:13,599 DEBUG [AuthenticationProcessingFilter]
Request is to process authentication 18:34:13,599 DEBUG
[ProviderManager] Authentication attempt using
org.springframework.security.providers.ldap.LdapAuthenticationProvider
18:34:13,599 DEBUG [FilterBasedLdapUserSearch] Searching for user
'#username#', with user search [ searchFilter: '(uid={0})',
searchBase: '', scope: subtree, searchTimeLimit: 0, derefLinkFlag:
false ] 18:34:13,599 DEBUG [AbstractContextSource] Principal: ''
18:34:13,943 DEBUG [AbstractContextSource] Got Ldap context on server
'ldap://myLDAP.com:983/o=something.com' 18:34:14,130 DEBUG
[DefaultSpringSecurityContextSource] Creating context with principal:
'uid=#username#, ou=people, l=AP, o=somthing.com' 18:34:14,458 DEBUG
[BindAuthenticator] Failed to bind as uid=#username#, ou=people, l=AP:
org.springframework.ldap.AuthenticationException: [LDAP: error code 49
- Invalid Credentials]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
When the password is correct or partially(only first 8 characters match) correct
18:30:11,849 DEBUG [FilterChainProxy] /j_spring_security_check at
position 4 of 8 in additional filter chain; firing Filter:
'org.springframework.security.ui.webapp.AuthenticationProcessingFilter[
order=700; ]' 18:30:11,849 DEBUG [AuthenticationProcessingFilter]
Request is to process authentication 18:30:11,849 DEBUG
[ProviderManager] Authentication attempt using
org.springframework.security.providers.ldap.LdapAuthenticationProvider
18:30:11,849 DEBUG [FilterBasedLdapUserSearch] Searching for user
'#username#', with user search [ searchFilter: '(uid={0})',
searchBase: '', scope: subtree, searchTimeLimit: 0, derefLinkFlag:
false ] 18:30:11,849 DEBUG [AbstractContextSource] Principal: ''
18:30:12,193 DEBUG [AbstractContextSource] Got Ldap context on server
'ldap://myLDAP.com:983/o=something.com' 18:30:12,365 DEBUG
[DefaultSpringSecurityContextSource] Creating context with principal:
'uid=#username#, ou=people, l=AP, o=something.com' 18:30:12,708 DEBUG
[AbstractContextSource] Got Ldap context on server
'ldap://myLDAP.com:983/o=something.com'
Can someone explain this mysterious behavior ?