Reputation: 1168
LDAP Spring Security NullPointer in LdapUserDetailsImpl.hashCode
In a multinode Spring LDAP Security application, getting the below exception. Strange thing is in some node, authentication happens properly and in some nodes getting this exception -
In a multinode Spring LDAP Security application, getting the below exception. Strange thing is in some node, authentication happens properly and in some nodes getting this exception -
StackTrace: java.lang.NullPointerException at org.springframework.security.ldap.userdetails.LdapUserDetailsImpl.hashCode(LdapUserDetailsImpl.java:133) at org.springframework.security.authentication.AbstractAuthenticationToken.hashCode(AbstractAuthenticationToken.java:180) at java.lang.Object.toString(Object.java:236) at org.springframework.security.authentication.AbstractAuthenticationToken.toString(AbstractAuthenticationToken.java:201) at java.lang.String.valueOf(String.java:2994) at java.lang.StringBuilder.append(StringBuilder.java:131) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.successfulAuthentication(AbstractAuthenticationProcessingFilter.java:312) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:240) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at com.company.cm.config.WebSecurityConfig$1.doFilterInternal(WebSecurityConfig.java:113) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:124) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:167) at org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:80) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1132) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1533) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1489) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)
Logs -
20:04:28.581 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/login_process'; against '/login_process' 20:04:28.581 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication 20:04:28.581 [http-nio-8080-exec-10] DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider 20:04:28.581 [http-nio-8080-exec-10] DEBUG org.springframework.security.ldap.authentication.LdapAuthenticationProvider - Processing authentication request for user: 20:04:28.581 [http-nio-8080-exec-10] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Attempting to bind as uid=,ou=People,dc=company,dc=com 20:04:28.581 [http-nio-8080-exec-10] DEBUG org.springframework.security.ldap.DefaultSpringSecurityContextSource - Removing pooling flag for user uid=,ou=People,dc=company,dc=com 20:04:28.772 [http-nio-8080-exec-10] DEBUG org.springframework.ldap.core.support.AbstractContextSource - Got Ldap context on server 'ldap://ip/dc=company,dc=com' 20:04:28.772 [http-nio-8080-exec-10] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Retrieving attributes... 20:04:28.860 [http-nio-8080-exec-10] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Getting authorities for user uid=,ou=People,dc=company,dc=com 20:04:28.860 [http-nio-8080-exec-10] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - Searching for roles for user '', DN = 'uid=,ou=People,dc=company,dc=com', with filter (memberUid={0}) in search base 'ou=Group' 20:04:28.860 [http-nio-8080-exec-10] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Using filter: (memberUid=uid=,ou=People,dc=company,dc=com) 20:04:28.860 [http-nio-8080-exec-10] DEBUG org.springframework.ldap.core.LdapTemplate - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true 20:04:28.865 [http-nio-8080-exec-10] DEBUG org.springframework.ldap.core.support.AbstractContextSource - Got Ldap context on server 'ldap://ip/dc=company,dc=com' 20:04:28.976 [http-nio-8080-exec-10] DEBUG org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator 20:04:28.977 [http-nio-8080-exec-10] DEBUG org.springframework.security.ldap.userdetails.LdapUserDetailsMapper - Mapping user details from context with DN: uid=,ou=People,dc=company,dc=com 20:04:28.977 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy - Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@1d1ae249 20:04:28.977 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.978 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.979 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.979 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.979 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.979 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.980 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.980 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.980 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.980 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.981 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.981 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.981 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.981 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.981 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.981 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.981 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.981 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.983 [http-nio-8080-exec-10] DEBUG org.springframework.session.web.http.SessionRepositoryFilter.SESSION_LOGGER - No session found by id: Caching result for getSession(false) for this HttpServletRequest. 20:04:28.983 [http-nio-8080-exec-10] DEBUG org.springframework.session.web.http.SessionRepositoryFilter.SESSION_LOGGER - A new session was created. To help you troubleshoot where the session was created we provided a StackTrace (this is not an error). You can prevent this from appearing by disabling DEBUG logging for org.springframework.session.web.http.SessionRepositoryFilter.SESSION_LOGGER java.lang.RuntimeException: For debugging purposes only (not an error) at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getSession(SessionRepositoryFilter.java:368) at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getSession(SessionRepositoryFilter.java:390) at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.changeSessionId(SessionRepositoryFilter.java:291) at javax.servlet.http.HttpServletRequestWrapper.changeSessionId(HttpServletRequestWrapper.java:249) at javax.servlet.http.HttpServletRequestWrapper.changeSessionId(HttpServletRequestWrapper.java:249) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216) at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:201) at org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy.applySessionFixation(ChangeSessionIdAuthenticationStrategy.java:55) at org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy.onAuthentication(AbstractSessionFixationProtectionStrategy.java:87) at org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy.onAuthentication(ChangeSessionIdAuthenticationStrategy.java:32) at org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy.onAuthentication(CompositeSessionAuthenticationStrategy.java:89) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:218) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at com.company.cm.config.WebSecurityConfig$1.doFilterInternal(WebSecurityConfig.java:113) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:124) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:167) at org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:80) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:94) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1132) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1533) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1489) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) 20:04:28.984 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy - Delegating to org.springframework.security.web.csrf.CsrfAuthenticationStrategy@38ef21bd 20:04:28.984 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 20:04:28.984 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed 20:04:28.986 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.987 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.987 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.987 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.987 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.987 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.987 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.988 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.988 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.989 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.990 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.990 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.990 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.991 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.992 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/WEB-INF/error/exceptionPage.jsp'; against '/css/' 20:04:28.992 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/WEB-INF/error/exceptionPage.jsp'; against '/fonts/' 20:04:28.992 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/WEB-INF/error/exceptionPage.jsp'; against '/html/' 20:04:28.992 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/WEB-INF/error/exceptionPage.jsp'; against '/js/' 20:04:28.992 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/WEB-INF/error/exceptionPage.jsp'; against '/thirdparty/' 20:04:28.992 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp at position 1 of 14 in additional filter chain; firing Filter: 'ChannelProcessingFilter' 20:04:28.992 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Request '/WEB-INF/error/exceptionPage.jsp' matched by universal pattern '/' 20:04:28.992 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.access.channel.ChannelProcessingFilter - Request: FilterInvocation: URL: /WEB-INF/error/exceptionPage.jsp; ConfigAttributes: [ANY_CHANNEL] 20:04:28.992 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp at position 2 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 20:04:28.992 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp at position 3 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 20:04:28.992 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT 20:04:28.992 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper$HttpSessionWrapper@1285eb30. A new one will be created. 20:04:28.992 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp at position 4 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter' 20:04:28.993 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp at position 5 of 14 in additional filter chain; firing Filter: 'CsrfFilter' 20:04:28.993 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp at position 6 of 14 in additional filter chain; firing Filter: '' 20:04:28.993 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp at position 7 of 14 in additional filter chain; firing Filter: 'LogoutFilter' 20:04:28.993 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/WEB-INF/error/exceptionPage.jsp'; against '/logout' 20:04:28.993 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp at position 8 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 20:04:28.993 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/WEB-INF/error/exceptionPage.jsp'; against '/login_process' 20:04:28.993 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp at position 9 of 14 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: both null (property equals) 20:04:28.993 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - queryString: both null (property equals) 20:04:28.993 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - requestURI: arg1=/cms/index.html; arg2=/cms/WEB-INF/error/exceptionPage.jsp (property not equals) 20:04:28.993 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - saved request doesn't match 20:04:28.993 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp at position 10 of 14 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 20:04:28.993 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp at position 11 of 14 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 20:04:28.993 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: 35b812b5-4e29-4f31-9c9f-be7601329ec3; Granted Authorities: ROLE_ANONYMOUS' 20:04:28.993 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.FilterChainProxy - /WEB-INF/error/exceptionPage.jsp at position 12 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter' 20:04:28.993 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Opening RedisConnection 20:04:28.993 [http-nio-8080-exec-10] DEBUG org.springframework.data.redis.core.RedisConnectionUtils - Closing Redis Connection 20:04:28.994 [http-nio-8080-exec-10] DEBUG org.springframework.security.web.session.SessionManagementFilter - Requested session ID 59d0030f-e0ba-4991-a512-a5848660afc4 is invalid.
Configuration -
@Bean
public DefaultSpringSecurityContextSource ldapContext() {
DefaultSpringSecurityContextSource context = new DefaultSpringSecurityContextSource(
config.get("ldap.context", "ldap://x.x.x.x/dc=company,dc=com"));
context.afterPropertiesSet();
return context;
}
/**
* LDAP Bind Authenticator
*
* @return
*/
@Bean
public BindAuthenticator bindAuthenticator() {
BindAuthenticator authenticator = new BindAuthenticator(ldapContext());
String[] dnPatterns = { config.get("ldap.dnPattern", "uid={0},ou=People") };
authenticator.setUserDnPatterns(dnPatterns);
return authenticator;
}
/**
* LDAP authorities populator
*
* @return
*/
@Bean
public DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator() {
DefaultLdapAuthoritiesPopulator ldapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator(ldapContext(),
config.get("ldap.group.search.base", "ou=Group"));
ldapAuthoritiesPopulator.setGroupRoleAttribute(config.get("ldap.group.role.attribute", "cn"));
ldapAuthoritiesPopulator.setGroupSearchFilter(config.get("ldap.group.search.filter", "(memberUid={0})"));
ldapAuthoritiesPopulator.setIgnorePartialResultException(true);
ldapAuthoritiesPopulator.setRolePrefix(config.get("ldap.user.role.prefix", "ROLE_"));
ldapAuthoritiesPopulator.setSearchSubtree(true);
ldapAuthoritiesPopulator.setConvertToUpperCase(true);
return ldapAuthoritiesPopulator;
}
@Bean
public LdapAuthenticationProvider ldapAuthenticationProvider() {
LdapAuthenticationProvider authProvider = new LdapAuthenticationProvider(bindAuthenticator(),
ldapAuthoritiesPopulator());
authProvider.setUseAuthenticationRequestCredentials(true);
authProvider.setHideUserNotFoundExceptions(false);
authProvider.setUserDetailsContextMapper(ldapContextMapper());
return authProvider;
}
@Bean
public LdapUserDetailsContextMapper ldapContextMapper() {
return new LdapUserDetailsContextMapper();
}
@Configuration @EnableRedisHttpSession(redisNamespace = "cms", maxInactiveIntervalInSeconds = 14400) @ImportResource("classpath:application-context.xml") public class SessionRepositoryConfig extends AbstractHttpSessionApplicationInitializer {
@Autowired
Configuration config;
@Bean
public JedisConnectionFactory connectionFactory() {
List<String> clusterNodes = Arrays.asList(config.get("redis.cluster.session"));
return new JedisConnectionFactory(new RedisClusterConfiguration(clusterNodes));
}
Upvotes: 1
Views: 978
Answers (1)
Reputation: 1168
Did a lot of digging. Surprisingly, logback configuration was causing this issue. Once the logback xml was configured for the instance properly, the issue disappeared.
Not sure on how logback is related to this. But above solution worked pretty much fine.
Thanks
Upvotes: 0
Related Questions
- Spring Security 5.7 LdapUserDetailsMapper Authorties Empty
- Spring Security with LDAP - error after login
- nullpointer exception in createSuccessfulAuthentication with Ldap Authentication
- LdapAuthenticationProvider throws NullPointerException at AbstractContextSource.getReadOnlyContext
- Spring LDAP NullPointerException
- Spring Security LDAP Authentication throws NO_ATTRIBUTE_OR_VAL error
- spring security issue with LDAP | error code 32 - No Such Object
- Exception while authenticating user using Spring LDAP
- Spring LDAP exception - No UserDetailsService registered
- LdapAuthenticationProvider not checking if user is not active