roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Fines" <fi...@Macalester.edu>
Subject Re: Roller with LDAP Auth Trouble. Syntax or ???
Date Fri, 31 Aug 2007 14:16:19 GMT
Hi,

Thank you.  Here is the entire server.xml.  The line in question, line 232
is in the "SSL SWITCHING" section, which I did not edit. ???

Thanks,
Ted

<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
   contributor license agreements.  The ASF licenses this file to You
  under the Apache License, Version 2.0 (the "License"); you may not
  use this file except in compliance with the License.
  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.  For additional information regarding
  copyright in this work, please see the NOTICE file in the top level
  directory of this distribution.
-->
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
    "http://www.springframework.org/dtd/spring-beans.dtd">

<beans>

    <!-- ======================== FILTER CHAIN ======================= -->
    <bean id="filterChainProxy" class="
org.acegisecurity.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT

/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,rememberMeProcessingFilter,channelProcessingFilter,remoteUserFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
            </value>
        </property>
    </bean>

    <!-- ======================== AUTHENTICATION ======================= -->

    <!-- Note the order that entries are placed against the
objectDefinitionSource is critical.
         The FilterSecurityInterceptor will work from the top of the list
down to the FIRST pattern that matches the request URL.
         Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*)
expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
    <bean id="filterInvocationInterceptor" class="
org.acegisecurity.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="accessDecisionManager" ref="accessDecisionManager"/>
        <property name="objectDefinitionSource">
            <value>
                PATTERN_TYPE_APACHE_ANT
                /roller-ui/login-redirect.jsp=admin,editor
                /roller-ui/yourProfile**=admin,editor
                /roller-ui/createWebsite**=admin,editor
                /roller-ui/yourWebsites**=admin,editor
                /roller-ui/authoring/**=admin,editor
                /roller-ui/admin/**=admin
                /rewrite-status*=admin
                /roller-ui/user.do*=register
            </value>
                <!-- Add this to above list for LDAP/SSO configuration -->
                <!-- /roller-ui/user.do*=register -->
        </property>
    </bean>

    <bean id="authenticationManager" class="
org.acegisecurity.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref local="daoAuthenticationProvider"/>
                <ref local="ldapAuthProvider"/>
                <!-- Uncomment this for LDAP/SSO configuration <ref
local="ldapAuthProvider"/> -->
                <ref
local="anonymousAuthenticationProvider"/>
                <!-- rememberMeAuthenticationProvider added programmatically
-->
            </list>
        </property>
    </bean>



    <!-- BEGIN: LDAP/RollerDB hybrid security configuration -->
    <bean id="initialDirContextFactory" class="
org.acegisecurity.ldap.DefaultInitialDirContextFactory">
    <constructor-arg value="ldap://ldap.macalester.edu:389/o=mac"/>
      <property name="managerDn">
        <value>SECRET_DN</value>
      </property>
      <property name="managerPassword">
        <value>SECRET_PASSWORD</value>
      </property>

      <property name="extraEnvVars">
        <map>
          <entry>
            <key>
              <value>java.naming.referral</value>
            </key>
            <value>follow</value>
          </entry>
        </map>
      </property>
    </bean>
    <bean id="ldapAuthProvider" class="
org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
      <constructor-arg>
        <bean class="
org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
           <constructor-arg>
             <ref local="initialDirContextFactory"/>
           </constructor-arg>
           <property name="userSearch"><ref
bean="ldapUserSearch"/></property>
        </bean>
      </constructor-arg>
      <constructor-arg>
        <ref local="jdbcAuthoritiesPopulator"/>
      </constructor-arg>
      <property name="userCache" ref="userCache"/>
    </bean>

    <bean id="jdbcAuthoritiesPopulator" class="
org.apache.roller.ui.core.security.AuthoritiesPopulator">
        <property name="dataSource">
            <bean class="org.springframework.jndi.JndiObjectFactoryBean">
                <property name="jndiName"
value="java:comp/env/jdbc/rollerdb"/>
            </bean>
        </property>
        <property name="authoritiesByUsernameQuery">
            <value>SELECT username,rolename FROM userrole WHERE username =
?</value>
        </property>
    <property name="defaultRole"><value>register</value></property>
    </bean>

    <!-- Log failed authentication attempts to commons-logging -->
    <bean id="loggerListener" class="
org.acegisecurity.event.authentication.LoggerListener"/>
    <bean id="daoAuthenticationProvider" class="
org.acegisecurity.providers.dao.DaoAuthenticationProvider">
         <property name="userDetailsService" ref="jdbcAuthenticationDao"/>
         <property name="userCache" ref="userCache"/>
    </bean>

    <!-- Read users from database -->
    <bean id="jdbcAuthenticationDao" class="
org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
        <property name="dataSource">
            <bean class="org.springframework.jndi.JndiObjectFactoryBean">
                <property name="jndiName"
value="java:comp/env/jdbc/rollerdb"/>
            </bean>
        </property>
        <property name="usersByUsernameQuery">
            <value>SELECT username,passphrase,isenabled FROM rolleruser
WHERE username = ?</value>
        </property>
        <property name="authoritiesByUsernameQuery">
            <value>SELECT username,rolename FROM userrole WHERE username =
?</value>
        </property>
    </bean>

    <bean id="userCache" class="
org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
        <property name="cache">
            <bean class="
org.springframework.cache.ehcache.EhCacheFactoryBean">
                <property name="cacheManager">
                    <bean class="
org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
                </property>
                <property name="cacheName" value="userCache"/>
            </bean>
        </property>
    </bean>

    <bean id="anonymousAuthenticationProvider" class="
org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
        <property name="key" value="anonymous"/>
    </bean>

    <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
        <property name="rolePrefix" value=""/>
    </bean>

    <bean id="accessDecisionManager" class="
org.acegisecurity.vote.AffirmativeBased">
        <property name="allowIfAllAbstainDecisions" value="false"/>
        <property name="decisionVoters">
            <list>
                <ref local="roleVoter"/>
            </list>
        </property>
    </bean>

    <!-- ===================== HTTP REQUEST SECURITY ====================
-->
    <bean id="httpSessionContextIntegrationFilter" class="
org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>

    <bean id="authenticationProcessingFilter" class="
org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationFailureUrl"
value="/roller-ui/login.do?error=true"/>
        <property name="defaultTargetUrl" value="/"/>
        <property name="filterProcessesUrl" value="/j_security_check"/>
        <property name="rememberMeServices" ref="rememberMeServices"/>
    </bean>

    <bean id="anonymousProcessingFilter" class="
org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
        <property name="key" value="anonymous"/>
        <property name="userAttribute" value="anonymous,ROLE_ANONYMOUS"/>
    </bean>

    <bean id="exceptionTranslationFilter" class="
org.acegisecurity.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint"
ref="authenticationProcessingFilterEntryPoint"/>
    </bean>

    <bean id="remoteUserFilter" class="
org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>

    <bean id="authenticationProcessingFilterEntryPoint" class="
org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        <property name="loginFormUrl" value="/roller-ui/login.do"/>
        <property name="forceHttps" value="false"/>
    </bean>

    <!-- ===================== REMEMBER ME ==================== -->
    <bean id="rememberMeProcessingFilter" class="
org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="rememberMeServices" ref="rememberMeServices"/>
    </bean>

    <bean id="rememberMeServices" class="
org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
        <property name="userDetailsService" ref="jdbcAuthenticationDao"/>
        <property name="key" value="rollerlovesacegi"/>
        <property name="parameter" value="rememberMe"/>
    </bean>

    <bean id="rememberMeAuthenticationProvider" class="
org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
        <property name="key" value="rollerlovesacegi"/>
    </bean>

    <!-- ===================== SSL SWITCHING ==================== -->
    <bean id="channelProcessingFilter" class="
org.acegisecurity.securechannel.ChannelProcessingFilter">
        <property name="channelDecisionManager"
ref="channelDecisionManager"/>
        <property name="filterInvocationDefinitionSource">
            <value>
                PATTERN_TYPE_APACHE_ANT
            </value>
        </property>
    </bean>

    <bean id="channelDecisionManager" class="
org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
        <property name="channelProcessors">
            <list>
                <bean class="
org.acegisecurity.securechannel.SecureChannelProcessor"/>
                <bean class="
org.acegisecurity.securechannel.InsecureChannelProcessor"/>
            </list>
        </property>
    </bean>
</beans>


On 8/31/07, Dave <snoopdave@gmail.com> wrote:
>
> On 8/31/07, Ted Fines <ted.fines@beta.macalester.edu> wrote:
> > Hi,
> >
> > I am setting up a new Roller test install and trying to get LDAP Auth
> > working.  I am following the instructions at:
> > http://rollerweblogger.org/wiki/Wiki.jsp?page=LDAP_SSP_FAQ
> >
> > Here is my AUTHENTICATION section from server.xml, followed by the log
> > output when I restart Tomcat and try to access Roller with this
> > server.xmlin place.  (I have replace the bind dn and pass with
> > "SECRET_DN" and
> > "SECRET_PASSWORD".)
> >
> > While I am an experienced LDAP programmer/admin, I am not a Java
> programmer
> > and don't really get what the error log is trying to tell me.
> >
> > ERROR 2007-08-31 06:23:50,843 StandardContext:filterStart - Exception
> > starting filter securityFilter
> > org.springframework.beans.factory.BeanDefinitionStoreException : Line
> 232 in
> > XML document from ServletContext resource [/WEB-INF/security.xml] is
> > invalid; nested exception is org.xml.sax.SAXParseException: The content
> of
> > element type "beans" must match "(description?,(import|alias|bean)*)".
> > org.xml.sax.SAXParseException: The content of element type "beans" must
> > match "(description?,(import|alias|bean)*)".
>
> The error message is telling you that on line 232 of security.xml you
> have a <bean> element that does not have the correct contents. I can't
> spot the problem in the XML that you sent. Perhaps you could send the
> entire file or tell us precisely what changes you made to it?
>
> - Dave
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message