I am developing a web app by using Grails and using Grails LDAP as my Authentication mechanism. However, i always get following error:
{Error 500: Cannot pass null or empty values to constructor
Servlet: default
URI: /ldap-app/j_spring_security_check
Exception Message: Cannot pass null or empty values to constructor
Caused by: Cannot pass null or empty values to constructor
Class: GrailsAuthenticationProcessingFilter }
My SecurityConfig.groovy file is :
security {
// see DefaultSecurityConfig.groovy for all settable/overridable properties
active = true
loginUserDomainClass = "User"
authorityDomainClass = "Role"
requestMapClass = "Requestmap"
useLdap = true
ldapRetrieveDatabaseRoles = false
ldapRetrieveGroupRoles = false
ldapServer = 'ldap://worf-mi.dapc.kao.au:389'
ldapManagerDn = 'CN=sa-ldap-its,OU=Unix Servers for Kerberos,OU=Information Technology Services,OU=Special Accounts,DC=nexus,DC=dpac,DC=cn'
ldapManagerPassword = 'Asdf1234'
ldapSearchBase = 'OU=People,DC=nexus,DC=dpac,DC=cn'
ldapSearchFilter = '(&(cn={0})(objectClass=user))'
}
I had the same problem, read the solution above and did something else. Instead of modifying GrailsUserImpl.java I simply switched the password in the user table from NULL to '' (empty String). Since the password is not used for LDAP, the emptry string will be transmitted (instead of the NULL value) which has the same effect as
super(username, "", enabled, accountNonExpired,
credentialsNonExpired, accountNonLocked, authorities);
but it doesnt affect the source code. This worked for my project, hope it helped too.
Steven
i had the same problem and found a solution.
This error occurs, because the Acegi-Plugin tries to store the Ldap-users password into the User-object.
In fact depending on settings of the LDAP-Server it is not allowed to retrieve the password, so an empty value is given to the constructor, as the errormessage tells.
The fix i found is not really nice, but helps to get the plugin up and running. You have to change one field in the following file:
~/.grails//projects//plugins/acegi-0.5.3/src/java/org/codehaus/groovy/grails/plugins/springsecurity/GrailsUserImpl.java
or on windows:
C:/Users//.grails//projects//plugins/acegi-0.5.3/src/java/org/codehaus/groovy/grails/plugins/springsecurity/GrailsUserImpl.java
Constructor GrailsUserImpl() has the following body:
super(username, password, enabled, accountNonExpired,
credentialsNonExpired, accountNonLocked, authorities);
which has to be changed to:
super(username, "", enabled, accountNonExpired,
credentialsNonExpired, accountNonLocked, authorities);
Unfortunately this has to be done for every developer-client and every new project.. But it gets the ldap auth to run finally.
As i read they are working on this bug and try to fix it with version 0.6 of the plugin.
Hope i could help.
br,
Tim
Just add "ldapUsePassword = false " in your securityconfig file:
Setting ldapUsePassword to false is
important too. What we’re telling the
Acegi plugin is not to extract the
users password from Active Directory.
If you don’t set this to false, you’ll
get a lovely exception which isn’t
particularly useful,
java.lang.IllegalArgumentException:
Cannot pass null or empty values to
constructor. What this is trying to
tell you is that the users password is
null, which is correct since the
default setting for the Acegi plugin
is to try to extract the users
password from Active Directory, and we
haven’t told Acegi what attribute
Active Directory stores the password
in. By setting ldapUsePassword to
false, the plugin provides a bogus
password for the user details, and
we’re able to proceed without incident
Related
Using a kentico 10 website with claims based authentication. We have the facility to update their email address in the external system. So what I want to do is update the user's email address and username by looking up based on the external userid from our sso platform.
var existingUser = UserInfoProvider.GetUsers().Where("ExternalGuid", QueryOperator.Equals, userId).FirstOrDefault();
if (existingUser.IsInSite(SiteContext.CurrentSiteName))
UserInfoProvider.RemoveUserFromSite(existingUser.UserName, SiteContext.CurrentSiteName);
loggingInUser = UserInfoProvider.GetUserInfo(existingUser.UserID);
loggingInUser.UserName = e.UserName;
UserInfoProvider.SetUserInfo(loggingInUser);
I'm getting the error:
The user with code name 'ac.aa#test.com' already exists.
This is happening on that SetUserInfo line. So I'm thinking there must be another way to update the username properly.
You need to do a few things:
Check if the user exists already:
UserInfo ui = UserInfoProvider.GetUserInfo(newUserName);
if (ui != null)
{
// user exists with new username so don't continue
}
Check if the username can be used as a username (no spaces, special characters, etc):
if (!ValidationHelper.IsUserName(newUserName))
{
// username cannot be used as a username
}
Check if the username is reserved or not:
if (UserInfoProvider.NameIsReserved(siteName, newUserName))
{
// reserved username so cannot use it
}
I'm willing to bet the username is reserved or not valid which is why it is not saving. The assignment you have done should work without issue.
It also looks like you're performing this update in a global handler so this could cause problems with a few things. So you may have to perform that username update later on or simply write a record to a custom table and then update it from there based on the event of creating those records in the custom table.
So I'd debug through your code and verify it is working properly by removing it from the global event handler, if it works, then it's an issue with having too many things happen at one time.
Try using SetValue(string columnName, value) method, I just tested this one and it worked fine:
UserInfo updateUser = UserInfoProvider.GetUserInfo("NewUser");
if (updateUser != null)
{
// Updates the user's properties
updateUser.SetValue("UserName", "NewUserName");
// Saves the changes to the database
UserInfoProvider.SetUserInfo(updateUser);
}
For some properties/columns, which are acting like "read only", you need to use the SetValue method like it was a custom field (API examples)
I get the error "Exception occurred calling method NotesDatabase.createDocument() null" for the following:
var db:NotesDatabase = session.getDatabase("", viewScope.targetDb);
if (db != null) {
if(db.isOpen()){
}else{
db.open();
}
} else {
}
var doc:NotesDocument = db.createDocument();
Comments:
The database db is available and "open".
The user has enough rights in the targetDb to create documents.
What is wrong?
I changed db.isOpen to db.isOpen(), according to Paul Stephen Withers tips.
And now db.open() gives the error "Exception occurred calling method NotesDatabase.open() null" although that I can get, in viewScope variables, the server, FilePath, etc.
Change
var db:NotesDatabase = session.getDatabase("", viewScope.targetDb);
to
var db:NotesDatabase = session.getDatabase(currentDatabase.getServer(), viewScope.targetDb);
This works on the web as well as XPinC.
XPages isn't the same as formula, it doesn't like the empty string definition for the server name, which is contrary to the documentation which states (for the server parameter of NotesSession.getDatabase - javascript):]
The name of the server on which the database resides. Use null to
indicate the session's environment, for example, the current computer
Using null or "" gives error 500, it would appear.
The code from the question will work, if :
the if block is removed entirely
the viewScope.targetDb variable has a properly specified notes database file path, which exists on the same server as the current database
the current user has access to the target database ( by the ACL ), with the Create Database right
the target database has a Maximum Internet name and password above Reader as per #Paul
I suspect the cause is you're checking db.isOpen. You should check db.isOpen().
Worth bearing in mind is session.getDatabase(String, String) doesn't return null (unless you're using OpenNTF Domino API). It returns a Database object that is not open. So that if statement is irrelevant. Also best practice is to pass a server name to session.getDatabase() - you'll get a different outcome if the application is ever used in XPiNC with your current code.
Regardless of individuals' user access, "Maximum Internet name and password" on the Advanced tab of the ACL will override that. If maximum internet access is No Access, no one will be able to create documents. But I suspect that's not a factor here.
Pro Tip -- Get the Debug Toolbar and use that to print out messages to the XPage debug toolbar to see what is going on and if your viewScope variable is being set. Also, learn to use the try catch block to catch your exceptions and print out the error message to the debug toolbar. You will find your issue that way.
https://www.openntf.org/main.nsf/project.xsp?r=project/XPage%20Debug%20Toolbar
I'm not sure if this is an issue, or just a matter of me not knowing how the OrmLiteAuthRepository should work. I'm trying to make an admin screen that allows admins to update users information. I'm using the OrmLiteAuthRepository.UpdateUserAuth method and passing in a null password to update everything but the password. However, validation is ran as if I'm creating a new user and ValidateNewUser requires me to have a password that is not null even though further in the method there are checks to avoid updating the password if a null password is used. I'm I missing something?
Here is a link to the method call
https://github.com/ServiceStack/ServiceStack/blob/master/src/ServiceStack.ServiceInterface/Auth/OrmLiteAuthRepository.cs#L105
Use SaveUserAuth, I believe UpdateUserAuth is for updating password, though could be wrong.
UserAuth user = this.AuthRepository.GetUserAuth("bob")
if (user.Meta == null)
{
user.Meta = new Dictionary<string, string>();
}
user.Meta.Add("message", "hi bob");
this.AuthRepository.SaveUserAuth(user);
I'm new to javascript and xpages here. I'm upgrading an old notes application to xpages. In my xpage I have a field, a save button, and an error messages control. The field is used to save the value of a nsf path/name that the user typed in to be used later on (e.g: //SAS/address.nsf). How do I validate if that path/database exist? The previous lotusscript is like this(it uses 2 field, one to get the server path, the other to get the db path. but for current xpage, the requirement is to use one field only):
svr$= source.FieldGetText("ServerPath")
dbsvr$= source.FieldGetText("DBPath")
Dim db1 As New NotesDatabase(svr$ , dbsvr$)
If Not db1.IsOpen Then
Messagebox "Cannot find the database."
Call source.GotoField("DBPath")
continue = False
Exit Sub
End If
In the field in the xpage, I've added a validateExpression validator. In the expression property, I compute the following SSJS:
var dbdir:NotesDbDirectory = session.getDbDirectory(null);
var db:NotesDatabase = dbdir.openDatabase(document1.getItemValue("dbpath"));
return db.isOpen();
In the validator's message property, I put "Cannot find database".
The error I'm keep getting is:
Expression is invalid.
Expression did not return a boolean value.
Any way to fix this? Is it the wrong use of validator? I've already test with local database and database on other server. None seems to work. All those database I tried I had access rights to them.
You should probably use sessionAsSigner in order to open the database as the signer of the XPage - instead of as anonymous (if you are not logged in). Also, consider adding try/catch around your dbdir.OpenDatabase() in order to catch errors opening a database with an invalid path.
Also, notice that the validateExpression validator must return a boolean true or false. In your case dbdir.openDatabase() will return null if the database can not be opened - which means that db.isOpen() will fail to work since it can not operate on a null object.
You could consider using the customValidator validator which must return an error message (and not a boolean true or false).
I hope this can help you complete the validation.
Use try/catch block for attempt to open database. If everything is OK, just return true in try block. Catch block will return false, what will handle most of the possible fails: wrong server, broken connection, invalid path, no access, and so on.
try {
// open database here and touch some property, doc count, for example
return true;
} catch (e) {
return false; // failed to open database
}
For a school project we have to create an evaluation website that requires a login.
For the database connection I chose LINQ, because it's new and is supposed to be easier/better in use.
I managed to create a login check with the following:
public static Boolean Controle(int id, string wachtwoord)
{
DataClassesDataContext context = new DataClassesDataContext();
var loginGebruiker =
from p in dc.Gebruikers
where p.GebruikerID == id
where p.GebruikerWachtwoord == wachtwoord
select p;
return true;
}
Now I'm trying to create a "forgot password" option, where you enter your id and the password gets returned (later it would be emailed to you, don't know how I would do this either, suggestions?)
I tried with the following code:
public static string Forgot(int id)
{
var context = new DataClassesDataContext();
var wachtwoordLogin = (
from p in dc.Gebruikers
where p.GebruikerID == id
select p.GebruikerWachtwoord);
return wachtwoordLogin.ToString();
}
Code behind the button on the page:
lbl1.Text = Class1.Forgot(Convert.ToInt32(txt1.Text));
Now when I enter the an id of the first user (1), lbl1 becomes this:
SELECT [t0].[GebruikerWachtwoord] FROM
[dbo].[Gebruiker] AS [t0] WHERE
[t0].[GebruikerID] = #p0
I don't know how to solve this and I have been looking everywhere, I hope somebody can help me.
Thanks,
Thomas
LINQ uses delayed execution, so your 'wachtwoordLogin' is really just "how to get your data." Its not until you apply an operator that LINQ will actually attempt to retrieve your data.
Your first statement:
var loginGebruiker = (
from p in dc.Gebruikers
where p.GebruikerID == id
where p.GebruikerWachtwoord == wachtwoord
select p).FirstOrDefault()
if (loginGeruiker != null) {
//Valid login
} else {
// invalid
}
FirstOrDefault means, take the first item in the list, or return none.
In you other case you need the same thing:
user = wachtwoordLogin.FirstOrDefault();
Further reading: MSDN 101 LINQ Samples
For your question about emailing a forgotten password, have you ever thought about implementing the golden questions algorithm instead? Its simplified, and does the same thing.
Basically, at the time of registering just get them to answer some questions, and if they can verify them, allow them to reset the password.
you enter your id and the password gets returned
What, then, is the point of having a password if anybody who knows a username can see it? I know this isn't what you're asking, but for someone getting started in programming I feel a duty to point this out. What you're creating here is essentially a completely broken login model. Nobody should ever use a system like this.
You should never ever display a password. Not on the screen, not in an email, never.
Passwords, if they even need to be stored at all (CodingHorror has had a couple of good posts on this lately, advocating things like OpenID), should be stored in hashed form and essentially unable to be retrieved. When a user logs in, similarly hash the password they provide (immediately upon reaching the application code, before transporting it anywhere else in the system) and compare that to the stored hashed version.
If the user asks for his password, you don't have it. You can't give it to him. This is for his protection. Instead of providing the user with his password, if it's forgotten then you provide the user with a means to reset his password (sending an email to the address on file with a temporarily available URL, a set of "security questions" to verify his identity, etc.) so that he can enter a new one to overwrite the old one. But you shouldn't be able to "show" the user his password because even you as the administrator of the system shouldn't be able to see it in any usable form.
wachwoordLogin will be an IQueryable so you can get this by using FirstOrDefault() which will return null if not found:
(from p in dc.Gebruikers
where p.GebruikerID == id
select p.GebruikerWachtwoord).FirstOrDefault();