1 Reply Latest reply on Jul 16, 2009 3:00 PM by m.schmidt

    LDAP Authentication doesn't work

    m.schmidt Newbie

      hi,


      i'm struggling with the ldap identity store. i'm trying to authenticate against a windows server 03 active directory.


      if i call the authenticate method of the ldap store manually, it works (returns true). but when i try to use it in my seam application i get this exception:



      2009-07-14 00:00:14,203 DEBUG [org.jboss.seam.security.Identity] Login failed for: Administrator
      javax.security.auth.login.LoginException: Login Failure: all modules ignored"
           at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)



      I have no idea what i'm doing wrong. can anybody help me?



      my setup:

      jboss 4.2.3 for jdk6

      seam 2.1.2

      jdk6

      windows server 2003 AD


      the relevant parts of my components.xml:



      <security:identity remember-me="true"/>
          
          <security:ldap-identity-store
               server-address="192.168.1.106"
               
               bind-DN="CN=Administrator,CN=Users,DC=localhost"
               bind-credentials="admin"
               
               user-context-DN="CN=Users,DC=localhost"
               user-DN-prefix="CN="
               user-DN-suffix=",CN=Users,DC=localhost"
               user-object-classes="user"
               
               role-context-DN="OU=Roles,DC=localhost"
               role-DN-prefix="CN="
               role-DN-suffix=",OU=Roles,DC=localhost"
               role-object-classes="group"
               
               user-name-attribute="cn"
               first-name-attribute="givenName"
               last-name-attribute="sn"
               enabled-attribute="null"
               user-role-attribute="description"
                   
               role-name-attribute="cn"
               role-attribute-is-DN="false"
           />
          
         <security:jpa-permission-store
              user-permission-class="entities.Permission"/>
      
         <security:rule-based-permission-resolver security-rules="#{securityRules}"/>
             
         <drools:rule-base name="securityRules">
              <drools:rule-files>
               <value>/security-rules.drl</value>
              </drools:rule-files>
         </drools:rule-base>




      This works as expected (login succeeds):




                LdapIdentityStore store = new LdapIdentityStore();
                
                store.setBindDN("CN=Administrator,CN=Users,DC=localhost");
                store.setBindCredentials("admin");
                
                store.setServerAddress("192.168.1.106");
                
                store.setUserContextDN("CN=Users,DC=localhost");
                store.setUserDNPrefix("CN=");
                store.setUserDNSuffix(",CN=Users,DC=localhost");
                store.setUserObjectClasses(new String[]{"user"});
                store.setEnabledAttribute(null);
                
                store.setUserNameAttribute("cn");
                store.setFirstNameAttribute("givenName");
                store.setLastNameAttribute("sn");
                store.setUserRoleAttribute("description");
                store.setRoleAttributeIsDN(false);
                
                store.setRoleContextDN("OU=Roles,DC=localhost");
                store.setRoleDNPrefix("CN=");
                store.setRoleDNSuffix(",OU=Roles,DC=localhost");
                store.setRoleObjectClass(new String[]{"group"});
                
                // manager 
                
                IdentityManager manager = new IdentityManager();
                manager.setIdentityStore(store);
                
                      //returns true
                boolean suc = manager.authenticate("James Bond", "Martini123");




      The full stacktrace:




      2009-07-14 00:00:14,203 DEBUG [org.jboss.seam.security.Identity] Login failed for: James Bond
      javax.security.auth.login.LoginException: Login Failure: all modules ignored"
           at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
           at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
           at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
           at java.security.AccessController.doPrivileged(Native Method)
           at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
           at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
           at org.jboss.seam.security.Identity.authenticate(Identity.java:344)
           at org.jboss.seam.security.Identity.authenticate(Identity.java:332)
           at org.jboss.seam.security.Identity.login(Identity.java:259)
           at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
           at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
           at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
           at java.lang.reflect.Method.invoke(Method.java:597)
           at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:335)
           at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:348)
           at org.jboss.el.parser.AstPropertySuffix.invoke(AstPropertySuffix.java:58)
           at org.jboss.el.parser.AstValue.invoke(AstValue.java:96)
           at org.jboss.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
           at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)
           at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
           at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
           at javax.faces.component.UICommand.broadcast(UICommand.java:387)
           at org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:321)
           at org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:296)
           at org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:253)
           at org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:466)
           at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82)
           at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
           at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
           at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
           at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
           at rise.spics.util.httperror.HttpErrorRedirectFilter.doFilter(HttpErrorRedirectFilter.java:37)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
           at org.jboss.seam.web.RewriteFilter.doFilter(RewriteFilter.java:63)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:42)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178)
           at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
           at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:368)
           at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:495)
           at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.HotDeployFilter.doFilter(HotDeployFilter.java:53)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
           at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
           at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
           at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
           at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
           at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
           at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
           at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
           at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
           at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
           at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
           at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
           at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
           at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
           at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
           at java.lang.Thread.run(Thread.java:619)




        • 1. Re: LDAP Authentication doesn't work
          m.schmidt Newbie

          i've found my bug.


          translating this java code:


          store.setEnabledAttribute(null);


          to this xml code:


          enabled-attribute="null"


          was a stupid idea ;)


          unfortunately some active directory properties aren't handles properly by the ldap store. eg. using 'memberOf' as roles attribute doesn't work, because it's a read-only attribute (you have to modify the member property of the role). therefore i've started to write my own active directory store.