Geek Answers Handbook

Spring Security 3 - No authority granted

I try to use ldap for authentication on Weblogic Server, but I always have problems:

Authenticated: true; Details: org.sprin gframework.security.web.authentication.WebAuthenticationDetails@ fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: WhgyMmQddKLfnFjhTLn5Thl421hWZ8sLV732ctYLSLhQpQLW1JFR! -860386732! 1285980317840; No authority granted

More details:

Oct 02 2010 00:45:25 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframew ork.security.authentication.UsernamePasswordAuthenticationToken@ d4d8c77d: Principal: or g.springframework.security.ldap.userdetails.LdapUserDetailsImpl@ 13b1fb5: Username: weblogic; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ; Password: [PROTECTED]; Authenticated: true; Details: org.sprin gframework.security.web.authentication.WebAuthenticationDetails@ fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: WhgyMmQddKLfnFjhTLn5Thl421hWZ8sLV732ctYLSLhQpQLW1JFR!-860386732!1285980317840; Not granted any authorities Oct 02 2010 00:45:25 DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.sp ringframework.security.web.access.expression.WebExpressionVoter@ c00076, returned: -1 Oct 02 2010 00:45:25 DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is not anonymous); delegating to AccessDeniedHandler org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71) [org.springframework.security.core-3.0.0.RELEASE.jar:na] at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:204) [org.springframework.security.core-3.0.0.RELEASE.jar:na] at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:107) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:98) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:95) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:79) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:55) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:36) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:178) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:188) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:106) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:150) [spring-security-web-3.0.0.RELEASE.jar:na] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) [org.springframework.web-3.0.0.RELEASE.jar:3.0.0.RELEASE] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) [org.springframework.web-3.0.0.RELEASE.jar:3.0.0.RELEASE] at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42) [weblogic.jar:9.2.3.0] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) [org.springframework.web-3.0.0.RELEASE.jar:3.0.0.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) [org.springframework.web-3.0.0.RELEASE.jar:3.0.0.RELEASE] at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42) [weblogic.jar:9.2.3.0] at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3242) [weblogic.jar:9.2.3.0] at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) [weblogic.jar:9.2.3.0] at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) [weblogic.jar:9.2.3.0] at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2010) [weblogic.jar:9.2.3.0] at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1916) [weblogic.jar:9.2.3.0] at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1366) [weblogic.jar:9.2.3.0] at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209) [weblogic.jar:9.2.3.0] at weblogic.work.ExecuteThread.run(ExecuteThread.java:181) [weblogic.jar:9.2.3.0]

My security-application-context.xml:

 <ldap-server id="ldapServer" url="ldap://127.0.0.1:7001/DC=base_domain" manager-dn="CN=Admin" manager-password="weblogic" /> <authentication-manager> <ldap-authentication-provider server-ref="ldapServer" user-search-filter="(uid={0})" group-search-base="ou=groups,ou=myrealm" /> </authentication-manager>

I use:

 <spring.version>3.0.0.RELEASE</spring.version> <spring.security.version>3.0.0.RELEASE</spring.version>

Any help would be appreciated

Ths Lot !!!

Vinidog

+4
source share
4 answers

It can be one of:

  • You may not get "LdapAuthorities"
  • You may have defined an access control for the page that does not match the privileges you received.
+2
source

I do not know if you have solved your problem. However, your description helped me solve my problem. I implemented a privilege adjuster almost based on your code, and it works fine. The only thing I can see that can lead to empty privilege fields is a blank field when calling mapper or none of the privileges in the argument map for your AD roles defined as ROLE_USER and ROLE_ADMIN.

+1
source

Your manager DN is cn = Admin, but you should almost certainly provide the full and correct DN to the admin user.

0
source

No, this is just the output of the toString UsernamePasswordAuthenticationToken method, which was used to send the authentication request. You are trying to get username and password information from Active Directory, which prevents you from reading passwords. This is probably why authentication fails, hence the BadCredentials event.

You may have to use LDAP authentication directly.

0
source

More articles:


All Articles