I am trying to learn ldap + spring security. I have setup a Local Dev with an Apache DS.
I got to the point that it will compile and run without errors but when i try to log in it doesn't do anything and I don't have any error messages to go by. I can't even tell if DS is getting the request.
If anyone has advice on de-bugging this or can see the issue that would be great.
JSP:
<form action="/j_spring_security_check.action" method="POST">
<span><label for="username">User Name:</label>
<input id="username" name="j_username" type="text"/></span>
<span><label for="password">Password:</label>
<input id="password" name="j_password" type="password"/></span>
<span><input type="submit" value="Log In"/></span>
</form>
Application context:
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://localhost:389/dc=example,dc=com"/>
<property name="userDn" value="cn=system,dc=example,dc=com"/>
<property name="password" value="password"/>
</bean>
<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource"/>
<property name="userDnPatterns"><list><value>uid={0},ou=system</value></list></property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource"/>
<constructor-arg value="ou=system"/>
<property name="groupRoleAttribute" value="ou"/>
<property name="defaultRole" value="ROLE_ADMIN"/>
</bean>
</constructor-arg>
</bean>
spring-secuirty:
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/noSecurityJSP/**" access="permitAll()"/>
<intercept-url pattern="/login*" access="permitAll()"/>
<intercept-url pattern="/resources/**" access="permitAll()"/>
<intercept-url pattern="/**" access="isAuthenticated()"/>
<form-login
login-page="/login.htm"
login-processing-url="/j_spring_security_check.action"
authentication-failure-url="/splash_page.htm?error=true"
default-target-url="/welcomePage.htm"
always-use-default-target="true"/>
</http>
<authentication-manager>
<authentication-provider ref='ldapAuthProvider'/>
</authentication-manager>
Spring Maven dependancies:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.2.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.2.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.2.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>3.0.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
<version>1.3.2.RELEASE</version>
Pic of LDAP
Your question seems to be "How do I debug this". Ideally you should provide some more information on what you mean by "it doesn't do anything", but for debugging, Spring Security's standard debug output should tell you what's happening, and ApacheDS should also indicate whether it receives a request or not. Both use standard Java logging mechanisms. You can use the logback configuration file from the Spring Security LDAP sample as an example (you can change it to DEBUG level if needed). In fact modifying that sample to work with your directory structure would probably be a good idea, first making sure that you can run it as it stands.
I always suggest writing a test class for something like this before trying to deploy an app - see the FAQ for an example - you can debug that in your IDE.
If you really want to work out what is being sent to the directory, you can monitor the network traffic directly using a utility like tcpdump
. Something like:
sudo tcpdump -A -i lo0 tcp port 389
will log TCP traffic to port 389 to the console.
One thing that does appear to be wrong with your build configuration is that you have a different version for the spring-security-ldap
dependency than for the other spring-security jars. These should all be the same. Use a maven property to prevent errors like this and check your classpath (lib directory) to make sure you don't have any duplicate jars or inconsistent versions.