jndi - Looping through Shiro LDAP Realm on Authenitcation Failure -


i'm getting odd error. if pass in valid user/password shiro ldap ok if combination not valid throws exception , keeps on looping through shiro realm code. in debugger stays in shiro code except 1 override method:

  public class myjndildaprealm extends jndildaprealm {   public myjndildaprealm () {     super(); }  @override protected authenticationinfo queryforauthenticationinfo(authenticationtoken token,         ldapcontextfactory ldapcontextfactory) throws namingexception {  object principal = token.getprincipal(); object credentials = token.getcredentials();  principal = getldapprincipal(token);  ldapcontext ctx = null; try {      ctx = ldapcontextfactory.getldapcontext(principal, credentials);       //context opened successfully, means credentials valid.  return authenticationinfo:      return createauthenticationinfo(token, principal, credentials, ctx); } {     ldaputils.closecontext(ctx); }   }              <bean id="shirofilter" class="org.apache.shiro.spring.web.shirofilterfactorybean">     <property name="securitymanager" ref="securitymanager"/>     <property name="loginurl" value="/ldaplogin"/>     <property name="unauthorizedurl" value="/ldaplogin"/>     <property name="successurl" value="/ldaplogin"/>           <property name="filterchaindefinitions">         <value>             [urls]             /** = ssl[8443],authc, customauthfilter             [main]             /logout = logout         </value>     </property>    </bean>  <bean id="securitymanager" class="org.apache.shiro.web.mgt.defaultwebsecuritymanager">      <property name="realms">         <list>              <ref bean="authenticateldaprealm"/>              <ref bean="authenticatedbrolesrealm"/>              <ref bean="dbauthorizingrealm"/>         </list>     </property>     <property name="authenticator.authenticationstrategy">         <bean class="org.apache.shiro.authc.pam.allsuccessfulstrategy"/>     </property> </bean>  <bean id="lifecyclebeanpostprocessor" class="org.apache.shiro.spring.lifecyclebeanpostprocessor"/>  <bean id="authenticateldaprealm" class="security.myjndildaprealm">     <property name="contextfactory" ref="contextfactory" />     <property name="userdntemplate" value="cn={0},ou=remote,o=off" />  </bean>  <bean id="contextfactory" class="org.apache.shiro.realm.ldap.jndildapcontextfactory">   <property name="url" value="ldap://172.25.3.91:389"/> </bean>  <bean id="authenticatedbrolesrealm" class="security.dbrolesrealm"> </bean>  <bean id="swidbauthorizingrealm" class="security.dbauthorizingrealm"> </bean>  <bean class="org.springframework.aop.framework.autoproxy.defaultadvisorautoproxycreator" depends-on="lifecyclebeanpostprocessor"/> <bean class="org.apache.shiro.spring.security.interceptor.authorizationattributesourceadvisor">     <property name="securitymanager" ref="securitymanager"/> </bean>

somehow custom filter problem. went passthruauthenticationfilter , problem solved.


Comments

Post a Comment

Popular posts from this blog

android - Get AccessToken using signpost OAuth without opening a browser (Two legged Oauth) -

i using signpost oauth access data magento server. have read various tutorials on same , reach point open browser user can enter credentials. however, per requirement have automate part. hence, user should not browser page. have set-up done on server side ( magento ), hit url , returned call page. same through program in android. i have tried below, consumer = new commonshttpoauthconsumer(key, secret); provider = new commonshttpoauthprovider(oauth_init_url,access_token_url, authorize_url); try { provider.retrieverequesttoken(consumer, oauth.out_of_band); log.d("tokens" , consumer.gettoken() + " -- " + consumer.gettokensecret()); } and request tokens. dont know how bypass next step. tried directly accessing accesstoken (stupid of me) provider.retrieveaccesstoken(consumer, "mycallback://callback"); no luck, ends in oauth.signpost.exception.oauthnotauthorizedexception: authorization failed (server replied 401). ...
Read more

org.mockito.exceptions.misusing.InvalidUseOfMatchersException: mockito -

getting error org.mockito.exceptions.misusing.invaliduseofmatchersexception: invalid use of argument matchers! 1 matchers expected, 2 recorded. exception may occur if matchers combined raw values: //incorrect: somemethod(anyobject(), "raw string"); when using matchers, arguments have provided matchers. example: //correct: somemethod(anyobject(), eq("string matcher")); at when( getprogramservice .callservice(any(getprogramtype.class))) .thenreturn(jaxbresponse); please explain error , possible resolution the code posted looks fine; don't see problem it. code before or above causing exception. key here: invalid use of argument matchers! 1 matchers expected, 2 recorded. any , used above, doesn't return "special kind of null" or "special kind of getprogramtype"; don't exist. instead, returns null , side effect puts matcher on stack. whe...
Read more

google shop client API returns 400 bad request error while adding an item -

i'm working on solution add items in google shopping market java application. following tutorial real mess because of missing classes of laste release, after setting 1.5-beta maven managed make base example typecheck correctly classes. still can make simple task of adding 1 item. instead of posting whole code i'm posting part creates product feed. private product createproduct(string id) { product product = new product(); product.title = "red wool sweater"; product.content = new content( "text", "comfortable , soft, sweater keep warm on " + "cold winter nights. red , blue stripes."); product.appcontrol = new appcontrol(); product.appcontrol.addrequireddestination("productads"); product.externalid = id; product.lang = "it"; product.country = "it"; product.condition = "nuovo"; product.price = new price("eu...
Read more