4 Replies Latest reply on Jun 16, 2010 4:35 AM by Heri Bender

    Active directory with seam

    vasuki hn Newbie
      Hi All,

      I used seam-gen to generate the seam application for me. It created basic Authenticator.java to authenticate. Now i need to configure Ldap Identity-store and authenticate with Active directory users.

      I followed the security chapter in seam reference book and configured the Ldap properties in components.xml file. Thats all. I didn't add anything anywhere in my code-base, then tried lo-gin to application i get following message


      "[SeamLoginModule] Error invoking lo-gin method".

      Please guide me what i have to do so that i can authenticate users with active directory?
      Do i need to create any java file like Authenticator.java and write authenticate function?

        • 1. Re: Active directory with seam
          Heri Bender Newbie
          This settings worked for me:

          authenticator.java:

          @Name("authenticator")
          public class Authenticator
          {
              ...
             
              @In("#{credentials}")
              Credentials     credentials;
              @In("#{identityManager}")
              IdentityManager identMgr;

              public boolean authenticate()
              {
                  return identMgr.authenticate( credentials.getUsername(), credentials.getPassword() );
              }
             

          components.xml:

             <security:identity authenticate-method="#{authenticator.authenticate}"/>

              <security:ldap-identity-store
                    name="ldapIdentityStore"
                    server-address="localhost"
                    server-port="389"
                    ...
                    />

              <security:identity-manager name="identityManager" identity-store="#{ldapIdentityStore}"/>


          Heri
          • 2. Re: Active directory with seam
            vasuki hn Newbie

            Hi Heri,


            I followed your method but i get the following error




            javax.el.ELException: org.jboss.seam.security.management.IdentityManagementException: Authentication error
                    at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:339)
                    at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:348)
                    at org.jboss.el.parser.AstPropertySuffix.invoke(AstPropertySuffix.java:58)
                    at org.jboss.el.parser.AstValue.invoke(AstValue.java:96)
                    at org.jboss.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
                    at org.jboss.seam.core.Expressions$2.invoke(Expressions.java:175)
                    at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.java:109)
                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                    at java.lang.reflect.Method.invoke(Unknown Source)
                    at javax.security.auth.login.LoginContext.invoke(Unknown Source)
                    at javax.security.auth.login.LoginContext.access$000(Unknown Source)
                    at javax.security.auth.login.LoginContext$5.run(Unknown Source)
                    at java.security.AccessController.doPrivileged(Native Method)
                    at javax.security.auth.login.LoginContext.invokeCreatorPriv(Unknown Source)
                    at javax.security.auth.login.LoginContext.login(Unknown Source)
                    at org.jboss.seam.security.Identity.authenticate(Identity.java:344)
                    at org.jboss.seam.security.Identity.authenticate(Identity.java:332)
                    at org.jboss.seam.security.Identity.login(Identity.java:259)
                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                    at java.lang.reflect.Method.invoke(Unknown Source)
                    at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:335)
                    at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:348)
                    at org.jboss.el.parser.AstPropertySuffix.invoke(AstPropertySuffix.java:58)
                    at org.jboss.el.parser.AstValue.invoke(AstValue.java:96)
                    at org.jboss.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
                    at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)
                    at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:77)
                    at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:91)
                    at javax.faces.component.UICommand.broadcast(UICommand.java:383)
                    at org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:321)
                    at org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:296)
                    at org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:253)
                    at org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:466)
                    at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:97)
                    at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:251)
                    at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:117)
                    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:244)
                    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                    at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
                    at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
                    at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                    at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
                    at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                    at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
                    at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                    at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
                    at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                    at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178)
                    at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
                    at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:368)
                    at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:495)
                    at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
                    at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                    at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60)
                    at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                    at org.jboss.seam.web.HotDeployFilter.doFilter(HotDeployFilter.java:53)
                    at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                    at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
                    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                    at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
                    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
                    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
                    at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
                    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
                    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
                    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
                    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
                    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
                    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
                    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
                    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
                    at java.lang.Thread.run(Unknown Source)
            Caused by: org.jboss.seam.security.management.IdentityManagementException: Authentication error
                    at org.jboss.seam.security.management.LdapIdentityStore.authenticate(LdapIdentityStore.java:442)
                    at org.domain.user.session.Authenticator.authenticate(Authenticator.java:28)
                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                    at java.lang.reflect.Method.invoke(Unknown Source)
                    at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
                    at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)
                    at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
                    at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)
                    at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
                    at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:77)
                    at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
                    at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)
                    at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
                    at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
                    at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185)
                    at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103)
                    at org.domain.user.session.Authenticator$$javassistseam2.authenticate(Authenticator$$javassistseam2.java)
                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                    at java.lang.reflect.Method.invoke(Unknown Source)
                    at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:335)
                    ... 81 more
            Caused by: javax.naming.AuthenticationException: LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0

            • 3. Re: Active directory with seam
              vasuki hn Newbie

              Hi Heri,


              I wil attach my components.xml and aythenticator.java file. Please correct me where i am missing.



              @Name("authenticator")
              public class Authenticator {
                   @Logger
                   private Log log;
              
                   @In
                   Identity identity;
                   @In
                   Credentials credentials;
                   @In("#{identityManager}")
                   IdentityManager idm;
              
                   public boolean authenticate() {
                        log.info("authenticating {0}", credentials.getUsername());
                        
                        return idm.authenticate(credentials.getUsername(),credentials.getPassword());
              }
              }




              components.xml



              <security:identity authenticate-method="#{authenticator.authenticate}"/>
                 
                 <security:identity-manager name="identityManager"  identity-store="#{ldapIdentityStore}" /> 
                 
                 <security:ldap-identity-store name="ldapIdentityStore" 
                        server-address="10.28.254.181"
                        server-port="389"
                        bind-DN="CN=Administrator,CN=Users,DC=intra,DC=cogitate-it,DC=com"
                        bind-credentials="W3lc0m3234" 
                        user-DN-prefix="sAMAccountName="
                        user-DN-suffix=",OU=person,DC=intra,DC=cogitate-it,DC=com"
                          user-context-DN="OU=person,DC=intra,DC=cogitate-it,DC=com"
                        user-object-classes="person, user, organizationalPerson, top"
              />





              • 4. Re: Active directory with seam
                Heri Bender Newbie

                vasuki


                I'm not an expert. I just dropped you what worked in my experiments.


                I would search further the LDAP error at the bottom of your stack trace:


                LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0


                The ldapIdentityStore configuration with all this prefixes, suffixes, classes etc. must match the actual structure of your LDAP/AD. There are many many possibilities how an LDAP can be structured.


                Heri