0

I have successfully setup LDAPS container-based authentication, and am now trying to get it working with spring security since I will also need to perform lookups/queries.

In WAS I have all the endpoints using the correct keystore (except for WC_DefaulHost). Additionally, I also setup Dynamic endpoint config for ldaps,host,port.

When i try to log in, I'm just getting "spring_security_login?login_error" and no system.out exceptions.

Am I missing something? Aren't endpoint configurations enough? Any way I can get more info to troubleshoot? 

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <authentication-manager>
        <authentication-provider ref="ldapAuthProvider" />
    </authentication-manager>

    <beans:bean id="contextSource"
        class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <!-- AD authenticator -->       
        <beans:constructor-arg value="ldaps://host:port/DC=" />
        <beans:property name="userDn" value="CN=,OU=,DC=" />
        <beans:property name="password" value="" />
    </beans:bean>

    <beans:bean id="ldapAuthProvider"
        class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
        <beans:constructor-arg>
            <beans:bean id="wimLdapAuthenticator"
                class="org.springframework.security.ldap.authentication.BindAuthenticator">
                <beans:constructor-arg ref="contextSource" />
                <beans:property name="userSearch">
                    <beans:bean id="userSearch"
                        class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">

                        <beans:constructor-arg index="0" value="" />
                        <beans:constructor-arg index="1" value="CN={0}" />
                        <beans:constructor-arg index="2" ref="contextSource" />
                    </beans:bean>
                </beans:property>
            </beans:bean>
        </beans:constructor-arg>
    </beans:bean>

    <http auto-config="true" pattern="/**">
        <!-- Security zones -->
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <intercept-url pattern="/spring_security_login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    </http>

</beans:beans>
miklesw
  • 724
  • 1
  • 9
  • 25

1 Answers1

0

It's working now.. seems like it wasn't an SSL problem... I switched the order of the intercept-url so that /** is the last one and added a custom login form..

<form-login login-page="/login" default-target-url="/viewAllTeams" authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
<form-login default-target-url="/viewAllTeams"/>
<intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/loginfailed" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />

I also found that you can show exceptions using the following:

<div class="errorblock">
    Your login attempt was not successful, try again.<br /> Caused :
    ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</div>
miklesw
  • 724
  • 1
  • 9
  • 25