Jump to content
JasperReports 7.0 is now available ×

Error configuring External Authorisation for LDAP on JasperServer 6.0


gedmf

Recommended Posts

I have just upgraded from 5.6.0 to 6.0.0 and have my old favourite problem - LDAP configuration (MS AD actually).  First configured successfully under 4.5 then 4.7. I modified the 5.6.0 applicationContext-security.xml file to work in a similar manner to 4.7.  This doesn’t work with 6.0.0, so I have tried splitting the LDAP configuration using the sample_applicationContext-externalAuth-LDAP.xml file.  I get an error as follows:

 

2014-12-26 15:38:39,073 ERROR ContextLoader,Thread-1:331 - Context initialization failed

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'proxyBasicProcessingFilter' defined in ServletContext resource [/WEB-INF/applicationContext-externalAuth-LDAP.xml]: Could not resolve matching constructor (hint: specify index/type/name arguments for simple parameters to avoid type ambiguities)

 

I’ve seen one or two other posts with similar problems, but none of the solutions resolve the problem.  I have configured the beans ldapAuthenticationProvider, userSearch, and ldapContextSource in the externalAuth file with no success.


Has anybody else experienced this problem? Or can you spot the issue in my externalAuth extract below, please?

 
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
 
<!-- ############ LDAP authentication ############
      - Sample configuration of external authentication via an external LDAP server.
    -->
 
<bean id="proxyAuthenticationProcessingFilter" class="com.jaspersoft.jasperserver.api.security.EncryptionAuthenticationProcessingFilter"
          parent="authenticationProcessingFilter">
<property name="authenticationManager">
<ref local="ldapAuthenticationManager"/>
</property>
 
<property name="authenticationSuccessHandler" ref="externalAuthSuccessHandler" />
</bean>
 
<bean id="proxyAuthenticationSoapProcessingFilter"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.DefaultAuthenticationSoapProcessingFilter">
<property name="authenticationManager" ref="ldapAuthenticationManager"/>
<property name="authenticationSuccessHandler" ref="externalAuthSuccessHandler" />
 
<property name="filterProcessesUrl" value="/services"/>
</bean>
 
<bean id="proxyAuthenticationRestProcessingFilter" class="com.jaspersoft.jasperserver.api.security.externalAuth.DefaultAuthenticationRestProcessingFilter">
<property name="authenticationManager">
<ref local="ldapAuthenticationManager"/>
</property>
<property name="authenticationSuccessHandler" ref="externalAuthSuccessHandler" />
<property name="filterProcessesUrl" value="/rest/login"/>
</bean>
 
<bean id="proxyRequestParameterAuthenticationFilter"
          class="com.jaspersoft.jasperserver.war.util.ExternalRequestParameterAuthenticationFilter" parent="requestParameterAuthenticationFilter">
<property name="authenticationManager">
<ref local="ldapAuthenticationManager"/>
</property>
<property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>
</bean>
 
<bean id="externalAuthSuccessHandler"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.JrsExternalAuthenticationSuccessHandler" parent="successHandler">
<property name="externalDataSynchronizer">
<ref local="externalDataSynchronizer"/>
</property>
</bean>
 
<bean id="proxyBasicProcessingFilter"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalAuthBasicProcessingFilter" parent="basicProcessingFilter">
<property name="authenticationManager" ref="ldapAuthenticationManager"/>
<property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>
</bean>
 
<bean id="ldapAuthenticationManager" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.JSProviderManager">
<property name="providers">
<list>
<ref local="ldapAuthenticationProvider"/>
<ref bean="${bean.daoAuthenticationProvider}"/>
<!--anonymousAuthenticationProvider only needed if filterInvocationInterceptor.alwaysReauthenticate is set to true
                <ref bean="anonymousAuthenticationProvider"/>-->
</list>
</property>
</bean>
 
<bean id="ldapAuthenticationProvider" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProvider">
<constructor-arg>
<bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSBindAuthenticator">
<constructor-arg>
<ref local="ldapContextSource"/>
</constructor-arg>
<property name="userSearch" ref="userSearch"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSDefaultLdapAuthoritiesPopulator">
<constructor-arg index="0">
<ref local="ldapContextSource"/>
</constructor-arg>
<constructor-arg index="1">
<value/>
</constructor-arg>
<property name="groupRoleAttribute" value="cn"/>
<property name="groupSearchFilter" value="(&(member={0})(objectclass=group)(cn=JASPER_*))"/>
<property name="searchSubtree" value="true"/>
<!-- Can setup additional external default roles here  <property name="defaultRole" value="LDAP"/> -->
</bean>
</constructor-arg>
</bean>
 
<bean id="userSearch"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSFilterBasedLdapUserSearch">
<constructor-arg index="0">
<value/>
</constructor-arg>
<constructor-arg index="1">
<value>(sAMAccountName={0})</value>
</constructor-arg>
<constructor-arg index="2">
<ref local="ldapContextSource" />
</constructor-arg>
<property name="searchSubtree">
<value>true</value>
</property>
</bean>
 
<bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">
<constructor-arg value="ldap://LDAPSERVER:389/dc=jsr,dc=co,dc=uk"/>
<!-- manager user name and password (may not be needed)  -->
<property name="userDn" value="LDAPADMIN"/>
<property name="password" value="LDAPADMINPassword"/>
<property name="referral" value="follow"/>
</bean>
<!-- ############ LDAP authentication ############ -->
 
<!-- ############ JRS Synchronizer ############ -->
<bean id="externalDataSynchronizer"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalDataSynchronizerImpl">
<property name="externalUserProcessors">
<list>
<ref local="externalUserSetupProcessor"/>
<!-- Example processor for creating user folder-->
<!--<ref local="externalUserFolderProcessor"/>-->
</list>
</property>
</bean>
 
<bean id="abstractExternalProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.AbstractExternalUserProcessor" abstract="true">
<property name="repositoryService" ref="${bean.repositoryService}"/>
<property name="userAuthorityService" ref="${bean.userAuthorityService}"/>
<property name="tenantService" ref="${bean.tenantService}"/>
<property name="profileAttributeService" ref="profileAttributeService"/>
<property name="objectPermissionService" ref="objectPermissionService"/>
</bean>
 
<bean id="externalUserSetupProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserSetupProcessor" parent="abstractExternalProcessor">
<!--Default permitted role characters; others are removed. Change regular expression to allow other chars.
                    <property name="permittedExternalRoleNameRegex" value="[A-Za-z0-9_]+"/>-->
 
<property name="userAuthorityService">
<ref bean="${bean.internalUserAuthorityService}"/>
</property>
<property name="defaultInternalRoles">
<list>
<value>ROLE_USER</value>
</list>
</property>
 
<property name="organizationRoleMap">
<map>
<!-- Example of mapping customer roles to JRS roles -->
<entry>
<key>
<value>ROLE_ADMIN_EXTERNAL_ORGANIZATION</value>
</key>
<!-- JRS role that the <key> external role is mapped to-->
<value>ROLE_ADMINISTRATOR</value>
</entry>
</map>
</property>
</bean>
 
<!-- EXAMPLE Processor
    <bean id="externalUserFolderProcessor"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserFolderProcessor"
          parent="abstractExternalProcessor">
        <property name="repositoryService" ref="${bean.unsecureRepositoryService}"/>
    </bean>
    -->
<!-- ############ JRS Synchronizer ############ -->
</beans>
 
 

 

Link to comment
Share on other sites

  • Replies 6
  • Created
  • Last Reply

Top Posters In This Topic

The example proxyBasicProcessingFilter bean config provided with JS6 is broken.  Try the below, which fixed it for me:

(Of course now I need to understand why the organizationRoleMapping stuff which worked in 5.5 is now broken in 6 - sigh...)

 

 

    <bean id="proxyBasicProcessingFilter"          class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalAuthBasicProcessingFilter">        <property name="authenticationManager" ref="ldapAuthenticationManager"/>        <property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>        <property name="authenticationEntryPoint">            <ref local="basicProcessingFilterEntryPoint"/>        </property>    </bean>[/code]
Link to comment
Share on other sites

Note that unless you specifically use external authentication to authenticate users via rest or webservices, proxyBasicProcessingFilter can me completely removed from the sample file.  As a result of this, delegatingPreAuthenticatedFilter in applicationContext-security-web.xml will fall back on the non-external basicProcessingFilter behaviour.

 

Sample file is provided just as that.  It includes more scenarios than you might need.

Link to comment
Share on other sites

Hi tim_12,

Thank you for that information. The fix worked perfectly. I too moved on to fixing up the LDAP role mapping that used to work. I am using AD, and didn't include the User details in master properties before the migration, so enter them manually as per p31-33 in the v6.0.1 Authentication Cookbook. After including the mappings from external role to JRS role in the externalUserSetupProcessor, the bit I found missing that completed it and got it working was in the ldapContextSource bean.  I added the following after the password property; <property name="referral" value="follow"/>

Not sure if that helps, but I'd be happy to cast an eye over things if you like.

Once again, thanks for your help.

Ged

Link to comment
Share on other sites

Hi dlitvak,

 

Thank you for the explanation. That makes sense to me now. One or two of our people use the Report Studio tool remotely, which I think authenticates using REST under these circumstances. So am I correct in thinking that I should include the proxyBasicProcessingFilter.

 

Regards

 

Ged

Link to comment
Share on other sites

  • 2 months later...

Hi, i need help with ldap conf, i was trying to conf. it using the steps described in jasper documentaion, but i am having a problem, the error is this one

type Status report

 

message /jasperserver/login.html;jsessionid=623DD9EC81A3702EC57937EF900009E7

 

description The requested resource is not available

 

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">

 

 

 

 

 

class="com.jaspersoft.jasperserver.api.security.externalAuth.DefaultAuthenticationSoapProcessingFilter">

 

 

class="com.jaspersoft.jasperserver.war.util.ExternalRequestParameterAuthenticationFilter">

 

/login.html?error=1

/j_spring_switch_user

 

class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalAuthBasicProcessingFilter">

 

 

 

 

 

 

 

 

class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">

ou=people

(uid={0})

true

 

 

class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalDataSynchronizerImpl">

 

 

 

ROLE_USER

 

ROLE_ADMIN_EXTERNAL_ORGANIZATION

ROLE_ADMINISTRATOR

 

class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserFolderProcessor"

parent="abstractExternalProcessor">

 

 

 

 

Can some one help me, please,

 

Regards

Link to comment
Share on other sites

  • 6 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...