Autentificacion con LDAP

Hola buenas tardes jovenes ilustres.

Pues yo aquí de nuevo teniendo un pequeño contratiempo, ya le busque hasta el cansancio y nada.

Resulta que acabo de configurar un servicio de autenticacion con OAuth2 con Spring Security y todo de maravilla una chulada esa cosa.

Y le acabo de meter LDAP para la parte de autenticar usuarios.

configuracion
  <beans:bean
   id="activeDirectoryAuthenticationProvider"
   class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
    <beans:constructor-arg value="dominio.net" />
    <beans:constructor-arg value="ldaps://xxx.xxx.xxx.xxx:636" />
    <beans:property name="convertSubErrorCodesToExceptions" value="true" />
  </beans:bean>

  <authentication-manager alias="authenticationManager">
    <authentication-provider ref="activeDirectoryAuthenticationProvider"/>
  </authentication-manager>

Y me funcionan bien los escenarios:

- usuario y contraseña correctos
- usuario y contraseña en blanco

pero si

-usuario es correcto y contraseña incorrecta
-o si no existe el usuario

me lanza la siguiente exception de abajo. Que segun la documentacion es correcto el mensje que me llega (52e) pues indica bad credentials. Sin embargo no lo esta cachango spring security como para que me envie failure de login.

Alguno de uds compañeros se a topado con este problemita?

Espero puedan orientarme, mientras a seguirle buscando.

JBWEB000065: HTTP Status 500 - Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: JBAS011843: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.SsoOauthServiceWebApp-1.0.0.war:main" from Service Module Loader [Root exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]]

JBWEB000309: type JBWEB000066: Exception report

JBWEB000068: message Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: JBAS011843: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.SsoOauthServiceWebApp-1.0.0.war:main" from Service Module Loader [Root exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]]

JBWEB000069: description JBWEB000145: The server encountered an internal error that prevented it from fulfilling this request.

JBWEB000070: exception

org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: JBAS011843: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.SsoOauthServiceWebApp-1.0.0.war:main" from Service Module Loader [Root exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]]
        org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:228)
        org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:211)
        org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.doAuthentication(ActiveDirectoryLdapAuthenticationProvider.java:143)
        org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:82)
        org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
        org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:192)
        org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:93)
        org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:120)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:152)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
        org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
        org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
        org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
JBWEB000071: root cause

javax.naming.NamingException: JBAS011843: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.SsoOauthServiceWebApp-1.0.0.war:main" from Service Module Loader [Root exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]]
        org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:124)
        org.jboss.as.naming.InitialContext.init(InitialContext.java:107)
        javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153)
        org.jboss.as.naming.InitialContext.<init>(InitialContext.java:98)
        org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:44)
        javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
        javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
        javax.naming.InitialContext.init(InitialContext.java:242)
        javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153)
        org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider$ContextFactory.createContext(ActiveDirectoryLdapAuthenticationProvider.java:401)
        org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:202)
        org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.doAuthentication(ActiveDirectoryLdapAuthenticationProvider.java:143)
        org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:82)
        org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
        org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:192)
        org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:93)
        org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:120)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:152)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
        org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
        org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
        org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
JBWEB000071: root cause

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
        com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087)
        com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
        com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)
        com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
        com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
        com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
        com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
        com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
        com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
        org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:122)
        org.jboss.as.naming.InitialContext.init(InitialContext.java:107)
        javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153)
        org.jboss.as.naming.InitialContext.<init>(InitialContext.java:98)
        org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:44)
        javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
        javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
        javax.naming.InitialContext.init(InitialContext.java:242)
        javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153)
        org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider$ContextFactory.createContext(ActiveDirectoryLdapAuthenticationProvider.java:401)
        org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:202)
        org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.doAuthentication(ActiveDirectoryLdapAuthenticationProvider.java:143)
        org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:82)
        org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
        org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:192)
        org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:93)
        org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:120)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:152)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
        org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
        org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
        org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
JBWEB000072: note JBWEB000073: The full stack trace of the root cause is available in the JBoss Web/7.3.2.Final-redhat-1 logs.

JBoss Web/7.3.2.Final-redhat-1

Opciones de visualización de comentarios

Seleccione la forma que prefiera para mostrar los comentarios y haga clic en «Guardar las opciones» para activar los cambios.
Imagen de arterzatij

aa olvidaba

estas son las versiones que uso

<spring.version>4.0.0.RELEASE</spring.version>
<spring.security.version>4.0.0.RELEASE</spring.security.version>
<spring.ldap.version>4.0.0.RELEASE</spring.ldap.version>
<spring.oauth.version>2.0.7.RELEASE</spring.oauth.version>

¿OAuth2 + LDAP?

¿OAuth2 + LDAP? — Respecto al error, quizás falte configurar algo. Aquí hay un ejemplo y acá hay otro que podrían ayudar.

Imagen de arterzatij

Gracias! lo revisare. La

Gracias! lo revisare.

La cuestión de eso es, por que existen varios servicios sin un mecanismo de autenticacion ni el mas mínimo (bueno solo por red), y ahora desean meter autenticacion a los clientes web que están empezando a realizar. Así que, lo único que se me ocurrió fue esto del OAuth para autorizar por token las peticiones a los servicios y para el login de los usuarios (de esta manera el servicio me otorga un token) el LDAP pues ya lo tienen.

Si alguien mas pudiera comentar si ya tuvo o tiene este problemita. Para el que lo tiene ver como resolverlo y el que ya lo tuvo como lo resolvió.

Gracias de nuevo! Buen día.