CODEWITHSUNDEEP
springspring-security
vr3w3c9
vr3w3c9

Reputation: 1178

Spring Security Authentication Issue

We need help with regard to Authentication using Spring Security. When we try to key in the login credentials for our application and click on submit, We are getting an invalid credentials error.

we have checked the database and the authentication details that we are using to login seems to be correct. But still getting the below exception

[DEBUG,LdapAuthenticationProvider,http-localhost%2F127.0.0.1-8080-1] Processing         authentication request for user: admin
[DEBUG,FilterBasedLdapUserSearch,http-localhost%2F127.0.0.1-8080-1] Searching for user    'admin', with user search [ searchFilter: 'sAMAccountName={0}', searchBase:    'DC=ad,DC=infosys,DC=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: true ]
[INFO,SpringSecurityLdapTemplate,http-localhost%2F127.0.0.1-8080-1] Ignoring PartialResultException
[WARN,LoggerListener,http-localhost%2F127.0.0.1-8080-1] Authentication event AuthenticationFailureBadCredentialsEvent: admin; details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: DEC9042719AA53736897C4383DCF8FE8; exception: Bad credentials
[DEBUG,UsernamePasswordAuthenticationFilter,http-localhost%2F127.0.0.1-8080-1] Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials

Im trying to connect to the sqlserver2008 database and trying to login.Below is the security.xml file that we are using 

<http auto-config='false' realm="MaskIT Realm" access-denied-page="/403.jsp">
        <intercept-url pattern="/*.htm" access="ROLE_ADMIN,ROLE_REQUESTOR,ROLE_APPROVER" />
        <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <form-login login-page="/login.jsp"
              authentication-failure-url="/login.jsp?login_error=1"
              default-target-url="/redirect.jsp" />
        <http-basic />
        <intercept-url pattern="/securityService" access="IS_AUTHENTICATED_ANONYMOUSLY"
              requires-channel="http" />
        <logout logout-success-url="/login.jsp" />
  </http>
  <b:bean id="myAuthenticationProvider"
      class="com.infosys.setl.himi.maskit.security.SwitchingAuthenticationProvider">
    <b:constructor-arg ref="paramManager" />
    <b:property name="providers">
        <b:list>
            <b:ref local="daoAuthenticationProvider" />
            <b:ref local="ldapProvider" />

        </b:list>
    </b:property>
</b:bean>


<b:bean id="daoAuthenticationProvider"
        class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <b:property name="userDetailsService" ref="userDetailsService" />
        <!--  <b:property name="passwordEncoder" ref="passwordEncoder" /> -->
  </b:bean>


  <b:bean id="userDetailsService"
        class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
        <b:property name="dataSource" ref="dataSourceMSSQL" />
        <b:property name="usersByUsernameQuery">
              <b:value>SELECT user_id ,password,active FROM sec_users
                    WHERE
                    user_id=?</b:value>
        </b:property>
        <b:property name="authoritiesByUsernameQuery">
          <b:value>SELECT a.user_id AS user_id,b.roleName AS roleName FROM
                    sec_users a, emaskit_roles b
                    WHERE a.roleID = b.roleID AND
                    a.user_id=?</b:value>
        </b:property>
  </b:bean>

I would like to know how & when the sql query is getting executed for checking the authentication. Is it calling any java class( so that i can debug the code and check where it is failing) to perform the check or is it done internally by the Spring framework.

Please Assist. Thanks in Advance

Upvotes: 0

Views: 1798

Answers (1)

Ralph
Ralph

Reputation: 120861

What brothers me is that you logfile shows that you try to use an Ldap for authentication (LdapAuthenticationProvider) but you xml file shows that you try to use a DaoAuthenticationProvider.

I really think you massed up you deployment, either you looked/deployed on the wrong server or you did not deployed the (actual version) application at all.

In addition there is a mistake in you configuration: you have to tell spring security to use your daoAuthenticationProvider:

add this:

<authentication-manager alias="authenticationManager">
    <authentication-provider ref="daoAuthenticationProvider"/>
</authentication-manager>

Upvotes: 1

Related Questions