LDAP Authentication doesn't work
hi,
i'm struggling with the ldap identity store. i'm trying to authenticate against a windows server 03 active directory.
if i call the authenticate method of the ldap store manually, it works (returns true). but when i try to use it in my seam application i get this exception:
2009-07-14 00:00:14,203 DEBUG [org.jboss.seam.security.Identity] Login failed for: Administrator javax.security.auth.login.LoginException: Login Failure: all modules ignored" at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
I have no idea what i'm doing wrong. can anybody help me?
my setup:
jboss 4.2.3 for jdk6
seam 2.1.2
jdk6
windows server 2003 AD
the relevant parts of my components.xml:
<security:identity remember-me="true"/>
<security:ldap-identity-store
server-address="192.168.1.106"
bind-DN="CN=Administrator,CN=Users,DC=localhost"
bind-credentials="admin"
user-context-DN="CN=Users,DC=localhost"
user-DN-prefix="CN="
user-DN-suffix=",CN=Users,DC=localhost"
user-object-classes="user"
role-context-DN="OU=Roles,DC=localhost"
role-DN-prefix="CN="
role-DN-suffix=",OU=Roles,DC=localhost"
role-object-classes="group"
user-name-attribute="cn"
first-name-attribute="givenName"
last-name-attribute="sn"
enabled-attribute="null"
user-role-attribute="description"
role-name-attribute="cn"
role-attribute-is-DN="false"
/>
<security:jpa-permission-store
user-permission-class="entities.Permission"/>
<security:rule-based-permission-resolver security-rules="#{securityRules}"/>
<drools:rule-base name="securityRules">
<drools:rule-files>
<value>/security-rules.drl</value>
</drools:rule-files>
</drools:rule-base>This works as expected (login succeeds):
LdapIdentityStore store = new LdapIdentityStore();
store.setBindDN("CN=Administrator,CN=Users,DC=localhost");
store.setBindCredentials("admin");
store.setServerAddress("192.168.1.106");
store.setUserContextDN("CN=Users,DC=localhost");
store.setUserDNPrefix("CN=");
store.setUserDNSuffix(",CN=Users,DC=localhost");
store.setUserObjectClasses(new String[]{"user"});
store.setEnabledAttribute(null);
store.setUserNameAttribute("cn");
store.setFirstNameAttribute("givenName");
store.setLastNameAttribute("sn");
store.setUserRoleAttribute("description");
store.setRoleAttributeIsDN(false);
store.setRoleContextDN("OU=Roles,DC=localhost");
store.setRoleDNPrefix("CN=");
store.setRoleDNSuffix(",OU=Roles,DC=localhost");
store.setRoleObjectClass(new String[]{"group"});
// manager
IdentityManager manager = new IdentityManager();
manager.setIdentityStore(store);
//returns true
boolean suc = manager.authenticate("James Bond", "Martini123");The full stacktrace:
2009-07-14 00:00:14,203 DEBUG [org.jboss.seam.security.Identity] Login failed for: James Bond javax.security.auth.login.LoginException: Login Failure: all modules ignored" at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703) at javax.security.auth.login.LoginContext.login(LoginContext.java:575) at org.jboss.seam.security.Identity.authenticate(Identity.java:344) at org.jboss.seam.security.Identity.authenticate(Identity.java:332) at org.jboss.seam.security.Identity.login(Identity.java:259) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:335) at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:348) at org.jboss.el.parser.AstPropertySuffix.invoke(AstPropertySuffix.java:58) at org.jboss.el.parser.AstValue.invoke(AstValue.java:96) at org.jboss.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276) at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68) at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88) at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) at javax.faces.component.UICommand.broadcast(UICommand.java:387) at org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:321) at org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:296) at org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:253) at org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:466) at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100) at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at rise.spics.util.httperror.HttpErrorRedirectFilter.doFilter(HttpErrorRedirectFilter.java:37) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) at org.jboss.seam.web.RewriteFilter.doFilter(RewriteFilter.java:63) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:42) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178) at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290) at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:368) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:495) at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.HotDeployFilter.doFilter(HotDeployFilter.java:53) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:619)