gkaechelin

Hi Ric. Sure. Attached are my applicationContext-security.xml and my applicationContext-multiTenancy-security.xml. The former has all the configuration necessary to authenticate via LDAP. Just make sure your userDnPatterns and groupSearchFilter values are set up to match your LDAP schema. All my additions to this file are between this comment: <!-- ********** WEBLAYERS LDAP CONFIGURATION START ********** --> <!-- ********** WEBLAYERS LDAP CONFIGURATION END ********** --> You should be able to use them as is with the exception of your LDAP endpoint URL and the user and group patterns. I also got the role mapping working and that was all configuration in the applicationContext-multiTenancy-security.xml. Even though we are not taking advantage of multi-tenancy, this is where the role mapping is configured. See the defaultExternalUserProcessor bean to define your role mappings. I mapped any of our LDAP users in role "WLCARCHITECT" to jaspersoft's "ROLE_ADMINISTRATOR". Good luck. Gus

Bumping this... does anyone know if it is even possible to map external roles to the default JS roles? How abotu assigning the JS defult role authority to other roles?

Hi All. I am successfully authenticating via LDAP and my user roles are available when managing user roles on the server. My issue is that I would like to map my external roles to JS roles. For example, if I have a user mapping to an external role of EXT_SUPERUSER, I'd like that user to have ROLE_SUPERUSER assigned in jaspersoft. I've tried the configuration below in applicationContext-multiTenancy-security to accomplish this but it has not been effective. Has anyone been successful doing this? Is this the correct way to accomplish this? Any help would be greatly appreciated. Thanks. Gus Code:<bean id="defaultExternalUserProcessor" class="com.jaspersoft.jasperserver.multipleTenancy.DefaultExternalUserProcessor"> <property name="multiTenancyService"><ref bean="internalMultiTenancyService"/></property> <property name="defaultOrganizationIfNotDetected" value="organization_1"/> <property name="multiTenancyConfiguration"><ref bean="multiTenancyConfiguration"/></property> <property name="rootOrganizationRolesMap"> <map> <!-- Mapping customers roles to JS roles Example --> <entry> <key> <!-- Сustomer role(with adding ROLE_ prefix) which need to be mapped to root JS roles --> <value>ROLE_EXT_SUPERUSER</value> </key> <!-- root JS role customer role to be mapped to --> <value>ROLE_SUPERUSER</value> </entry> </map> </property> </bean>

You hit this one square on the head. My editor pretty-print formatted the applicationContext-security.xml and inserted a line break in the secretKey value node. Once I fixed this, no more exception. Thanks for the hand! Gus

Hi and thanks for the quick response! That was it. I moved teh ldap authenticator to be the last in the auth manager series and works great now. I can log in using both my LDAP users and teh defult JS users. Thanks again! Gus

Hi All. I successfully configured LDAP and am able to log into JS server with my LDAP credentials. However, even though I have left the original daoAuthProvider and anonymous provider in place, I can no longer log in using any of the default credentials. My understanding is that if the LDAP auth fails, the default should then be attempted. I've included the auth manager and LDAP configuration below. All other applicationContext-security.xml config has be untouched. I've also attached a clean log file which seems to show that the LDAP auth is being attempted with "superuser" but the default auth is not being executed. Any ideas would be greatly appreciated. Thanks. Gus Code: <!-- ======================== AUTHENTICATION ======================= --> <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager"> <property name="providers"> <list> <ref local="ldapAuthenticationProvider" /> <ref bean="${bean.daoAuthenticationProvider}" /> <ref bean="anonymousAuthenticationProvider" /> <!--ref local="jaasAuthenticationProvider"/ --> </list> </property> </bean> <!-- ********** LDAP CONFIGURATION START ********** --> <bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <constructor-arg value="ldap://localhost:10389/ou=users,ou=system" /> <property name="userDn"> <value>uid=admin,ou=system</value> </property> <property name="password"> <value>secret</value> </property> </bean> <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0"> <value></value> </constructor-arg> <constructor-arg index="1"> <value>(uid={0})</value> </constructor-arg> <constructor-arg index="2"> <ref local="ldapContextSource" /> </constructor-arg> <property name="searchSubtree"> <value>true</value> </property> </bean> <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg> <ref local="ldapContextSource" /> </constructor-arg> <property name="userDnPatterns"> <list> <value>uid={0}</value> </list> </property> <property name="userSearch" ref="userSearch" /> </bean> </constructor-arg> <constructor-arg> <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg index="0"> <ref local="ldapContextSource" /> </constructor-arg> <constructor-arg index="1"> <value></value> </constructor-arg> <property name="groupRoleAttribute"> <value>cn</value> </property> <property name="groupSearchFilter"> <value>(&(member={0})(objectclass=groupOfNames))</value> </property> <property name="searchSubtree"> <value>true</value> </property> </bean> </constructor-arg> </bean>

The first time I log into JS server (using my LDAP credentials) after a server reboot, I get the exception below. If I refresh my page everythign *seems* to be OK. Anyone know what this exception is all about? Is it benign and can I get rid of it or address the issue it is complaining about? Thanks for you insight. Gus Code:****************************************************** Owasp.CsrfGuard Properties** Logger: com.jaspersoft.jasperserver.api.security.JSCsrfLogger* NewTokenLandingPage: /jasperserver-pro/login.html* PRNG: SHA1PRNG* SessionKey: JASPER_CSRF_SESSION_KEY* TokenLength: 96* TokenName: JASPER_CSRF_TOKEN* Ajax: true* Rotate: true* TokenPerPage: true* Action: org.owasp.csrfguard.action.Rotate* Action: org.owasp.csrfguard.action.Redirect* Parameter: Page = /jasperserver-pro/login.html* Action: org.owasp.csrfguard.action.Log* Parameter: Message = potential cross-site request forgery (CSRF) attack thwarted (user:%user%, ip:%remote_ip%, uri:%request_uri%, error:%exception_message%)*****************************************************15:07:27,381 INFO [sTDOUT] 2012-04-09 15:07:27,380 WARN LoggerListener,http-0.0.0.0-8081-1:60 - Authentication event InteractiveAuthenticationSuccessEvent: admin; details: com.jaspersoft.jasperserver.multipleTenancy.MTWebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 1D8C5A01E2A7E78792C1EA3F12F209A615:07:27,389 INFO [sTDOUT] 2012-04-09 15:07:27,388 WARN UserAuthorityServiceImpl,http-0.0.0.0-8081-1:823 - Created new external user: admin15:07:27,416 INFO [sTDOUT] 2012-04-09 15:07:27,415 WARN MTUserAuthorityServiceImpl,http-0.0.0.0-8081-1:630 - Created new external role: ROLE_WLCREPORTUSER with tenant: organization_115:07:27,436 INFO [sTDOUT] 2012-04-09 15:07:27,435 WARN MTUserAuthorityServiceImpl,http-0.0.0.0-8081-1:630 - Created new external role: ROLE_WLCSUPERUSER with tenant: organization_115:07:27,447 INFO [sTDOUT] 2012-04-09 15:07:27,446 WARN MTUserAuthorityServiceImpl,http-0.0.0.0-8081-1:630 - Created new external role: ROLE_WLCADMIN with tenant: organization_115:07:27,459 INFO [sTDOUT] 2012-04-09 15:07:27,459 WARN MTUserAuthorityServiceImpl,http-0.0.0.0-8081-1:630 - Created new external role: ROLE_WLCUSER with tenant: organization_115:07:27,471 INFO [sTDOUT] 2012-04-09 15:07:27,470 WARN UserAuthorityServiceImpl,http-0.0.0.0-8081-1:872 - Added following external roles to: adminROLE_WLCUSERROLE_WLCSUPERUSERROLE_WLCREPORTUSERROLE_WLCADMIN15:07:27,479 INFO [sTDOUT] 2012-04-09 15:07:27,478 WARN UserAuthorityServiceImpl,http-0.0.0.0-8081-1:901 - Added following new default internal roles to: adminROLE_USER15:07:27,480 INFO [sTDOUT] 2012-04-09 15:07:27,479 WARN UserAuthorityServiceImpl,http-0.0.0.0-8081-1:908 - Updated user: admin. Roles are now:ROLE_WLCSUPERUSERROLE_WLCUSERROLE_USERROLE_WLCREPORTUSERROLE_WLCADMIN15:07:27,494 ERROR [sTDERR] java.lang.NumberFormatException: For input string: "D9 0x31"15:07:27,494 ERROR [sTDERR] at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)15:07:27,494 ERROR [sTDERR] at java.lang.Integer.parseInt(Integer.java:458)15:07:27,494 ERROR [sTDERR] at java.lang.Integer.valueOf(Integer.java:528)15:07:27,494 ERROR [sTDERR] at java.lang.Integer.decode(Integer.java:958)15:07:27,494 ERROR [sTDERR] at com.jaspersoft.jasperserver.api.metadata.common.service.impl.Cipherer.setKeyBytes(Cipherer.java:229)15:07:27,494 ERROR [sTDERR] at com.jaspersoft.jasperserver.api.metadata.common.service.impl.PasswordCipherer.initCipherer(PasswordCipherer.java:110)15:07:27,495 ERROR [sTDERR] at com.jaspersoft.jasperserver.api.metadata.common.service.impl.PasswordCipherer.getInstance(PasswordCipherer.java:96)15:07:27,495 ERROR [sTDERR] at com.jaspersoft.jasperserver.api.metadata.user.domain.impl.hibernate.RepoUser.copyFromClient(RepoUser.java:291)15:07:27,495 ERROR [sTDERR] at com.jaspersoft.jasperserver.api.metadata.user.service.impl.UserAuthorityServiceImpl.updatePersistentUser(UserAuthorityServiceImpl.java:251)15:07:27,495 ERROR [sTDERR] at com.jaspersoft.jasperserver.multipleTenancy.MTUserAuthorityServiceImpl.updatePersistentUser(MTUserAuthorityServiceImpl.java:473)15:07:27,495 ERROR [sTDERR] at com.jaspersoft.jasperserver.api.metadata.user.service.impl.UserAuthorityServiceImpl.putUser(UserAuthorityServiceImpl.java:243)15:07:27,495 ERROR [sTDERR] at com.jaspersoft.jasperserver.api.metadata.user.service.impl.UserAuthorityServiceImpl.alignInternalAndExternalUser(UserAuthorityServiceImpl.java:912)15:07:27,495 ERROR [sTDERR] at com.jaspersoft.jasperserver.multipleTenancy.MTUserAuthorityServiceImpl.maintainInternalUser(MTUserAuthorityServiceImpl.java:610)15:07:27,495 ERROR [sTDERR] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)15:07:27,495 ERROR [sTDERR] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)15:07:27,495 ERROR [sTDERR] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)15:07:27,495 ERROR [sTDERR] at java.lang.reflect.Method.invoke(Method.java:597)15:07:27,495 ERROR [sTDERR] at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)15:07:27,495 ERROR [sTDERR] at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)15:07:27,495 ERROR [sTDERR] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)15:07:27,495 ERROR [sTDERR] at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)15:07:27,495 ERROR [sTDERR] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)15:07:27,495 ERROR [sTDERR] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)15:07:27,495 ERROR [sTDERR] at $Proxy180.maintainInternalUser(Unknown Source)15:07:27,496 ERROR [sTDERR] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)15:07:27,496 ERROR [sTDERR] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)15:07:27,496 ERROR [sTDERR] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)15:07:27,496 ERROR [sTDERR] at java.lang.reflect.Method.invoke(Method.java:597)15:07:27,496 ERROR [sTDERR] at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)15:07:27,496 ERROR [sTDERR] at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)15:07:27,496 ERROR [sTDERR] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)15:07:27,496 ERROR [sTDERR] at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)15:07:27,496 ERROR [sTDERR] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)15:07:27,496 ERROR [sTDERR] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)15:07:27,496 ERROR [sTDERR] at $Proxy181.maintainInternalUser(Unknown Source)15:07:27,496 ERROR [sTDERR] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)15:07:27,496 ERROR [sTDERR] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)15:07:27,496 ERROR [sTDERR] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)15:07:27,496 ERROR [sTDERR] at java.lang.reflect.Method.invoke(Method.java:597)15:07:27,496 ERROR [sTDERR] at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)15:07:27,496 ERROR [sTDERR] at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)15:07:27,496 ERROR [sTDERR] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)15:07:27,496 ERROR [sTDERR] at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)15:07:27,496 ERROR [sTDERR] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)15:07:27,497 ERROR [sTDERR] at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)15:07:27,497 ERROR [sTDERR] at $Proxy181.maintainInternalUser(Unknown Source)15:07:27,497 ERROR [sTDERR] at com.jaspersoft.jasperserver.api.metadata.user.service.impl.MetadataAuthenticationProcessingFilter.doFilter(MetadataAuthenticationProcessingFilter.java:107)15:07:27,497 ERROR [sTDERR] at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:411)15:07:27,497 ERROR [sTDERR] at com.jaspersoft.jasperserver.war.util.RequestParameterAuthenticationFilter.doFilter(RequestParameterAuthenticationFilter.java:97)15:07:27,497 ERROR [sTDERR] at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:411)15:07:27,497 ERROR [sTDERR] at com.jaspersoft.jasperserver.multipleTenancy.MTBasicProcessingFilter.doFilterHttp(MTBasicProcessingFilter.java:180)15:07:27,497 ERROR [sTDERR] at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)15:07:27,497 ERROR [sTDERR] at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:411)15:07:27,497 ERROR [sTDERR] at com.jaspersoft.jasperserver.war.UserPreferencesFilter.doFilter(UserPreferencesFilter.java:184)15:07:27,497 ERROR [sTDERR] at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:411)15:07:27,497 ERROR [sTDERR] at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:278)15:07:27,497 ERROR [sTDERR] at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)15:07:27,497 ERROR [sTDERR] at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:411)15:07:27,497 ERROR [sTDERR] at com.jaspersoft.jasperserver.war.UserPreferencesFilter.doFilter(UserPreferencesFilter.java:184)15:07:27,497 ERROR [sTDERR] at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:411)15:07:27,497 ERROR [sTDERR] at com.jaspersoft.jasperserver.api.logging.filter.BasicLoggingFilter.doFilter(BasicLoggingFilter.java:53)15:07:27,497 ERROR [sTDERR] at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:411)15:07:27,497 ERROR [sTDERR] at com.jaspersoft.jasperserver.api.security.JSCsrfGuardFilter.doFilter(JSCsrfGuardFilter.java:81)15:07:27,498 ERROR [sTDERR] at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:411)15:07:27,498 ERROR [sTDERR] at com.jaspersoft.jasperserver.api.security.WebAppSecurityFilter.doFilter(WebAppSecurityFilter.java:83)15:07:27,498 ERROR [sTDERR] at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:411)15:07:27,498 ERROR [sTDERR] at com.jaspersoft.jasperserver.war.MultipartRequestWrapperFilter.doFilter(MultipartRequestWrapperFilter.java:90)15:07:27,498 ERROR [sTDERR] at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:411)15:07:27,498 ERROR [sTDERR] at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)15:07:27,498 ERROR [sTDERR] at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)15:07:27,498 ERROR [sTDERR] at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:411)15:07:27,498 ERROR [sTDERR] at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:188)15:07:27,498 ERROR [sTDERR] at org.springframework.security.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:99)15:07:27,498 ERROR [sTDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)15:07:27,498 ERROR [sTDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)15:07:27,498 ERROR [sTDERR] at com.jaspersoft.jasperserver.war.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:67)15:07:27,498 ERROR [sTDERR] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)15:07:27,498 ERROR [sTDERR] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)15:07:27,498 ERROR [sTDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)15:07:27,498 ERROR [sTDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)15:07:27,498 ERROR [sTDERR] at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)15:07:27,498 ERROR [sTDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)15:07:27,498 ERROR [sTDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)15:07:27,499 ERROR [sTDERR] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)15:07:27,499 ERROR [sTDERR] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)15:07:27,499 ERROR [sTDERR] at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)15:07:27,499 ERROR [sTDERR] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)15:07:27,499 ERROR [sTDERR] at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)15:07:27,499 ERROR [sTDERR] at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)15:07:27,499 ERROR [sTDERR] at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)15:07:27,499 ERROR [sTDERR] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)15:07:27,499 ERROR [sTDERR] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)15:07:27,499 ERROR [sTDERR] at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)15:07:27,499 ERROR [sTDERR] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)15:07:27,499 ERROR [sTDERR] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)15:07:27,499 ERROR [sTDERR] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)15:07:27,499 ERROR [sTDERR] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)15:07:27,499 ERROR [sTDERR] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)15:07:27,499 ERROR [sTDERR] at java.lang.Thread.run(Thread.java:662)

Hi All. I successfully configured LDAP and am able to log into JS server with my LDAP credentials. However, even though I have left the original daoAuthProvider and anonymous provider in place, I can no longer log in using any of the default credentials. My understanding is that if the LDAP auth fails, the default should then be attempted. I've included the auth manager and LDAP configuration below. All other applicationContext-security.xml config has be untouched. I've also attached a clean log file which seems to show that the LDAP auth is being attempted with "superuser" but the default auth is not being executed. Any ideas would be greatly appreciated. Thanks. Gus Code: <!-- ======================== AUTHENTICATION ======================= --> <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager"> <property name="providers"> <list> <ref local="ldapAuthenticationProvider" /> <ref bean="${bean.daoAuthenticationProvider}" /> <ref bean="anonymousAuthenticationProvider" /> <!--ref local="jaasAuthenticationProvider"/ --> </list> </property> </bean> <!-- ********** LDAP CONFIGURATION START ********** --> <bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <constructor-arg value="ldap://localhost:10389/ou=users,ou=system" /> <property name="userDn"> <value>uid=admin,ou=system</value> </property> <property name="password"> <value>secret</value> </property> </bean> <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0"> <value></value> </constructor-arg> <constructor-arg index="1"> <value>(uid={0})</value> </constructor-arg> <constructor-arg index="2"> <ref local="ldapContextSource" /> </constructor-arg> <property name="searchSubtree"> <value>true</value> </property> </bean> <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg> <ref local="ldapContextSource" /> </constructor-arg> <property name="userDnPatterns"> <list> <value>uid={0}</value> </list> </property> <property name="userSearch" ref="userSearch" /> </bean> </constructor-arg> <constructor-arg> <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg index="0"> <ref local="ldapContextSource" /> </constructor-arg> <constructor-arg index="1"> <value></value> </constructor-arg> <property name="groupRoleAttribute"> <value>cn</value> </property> <property name="groupSearchFilter"> <value>(&(member={0})(objectclass=groupOfNames))</value> </property> <property name="searchSubtree"> <value>true</value> </property> </bean> </constructor-arg> </bean>

Hi All. I successfully configured LDAP and am able to log into JS server with my LDAP credentials. However, even though I have left the original daoAuthProvider and anonymous provider in place, I can no longer log in using any of the default credentials. My understanding is that if the LDAP auth fails, the default should then be attempted. I've included the auth manager and LDAP configuration below. All other applicationContext-security.xml config has be untouched. I've also attached a clean log file which seems to show that the LDAP auth is being attempted with "superuser" but the default auth is not being executed. Any ideas would be greatly appreciated. Thanks. Gus Code: <!-- ======================== AUTHENTICATION ======================= --> <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager"> <property name="providers"> <list> <ref local="ldapAuthenticationProvider" /> <ref bean="${bean.daoAuthenticationProvider}" /> <ref bean="anonymousAuthenticationProvider" /> <!--ref local="jaasAuthenticationProvider"/ --> </list> </property> </bean> <!-- ********** LDAP CONFIGURATION START ********** --> <bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <constructor-arg value="ldap://localhost:10389/ou=users,ou=system" /> <property name="userDn"> <value>uid=admin,ou=system</value> </property> <property name="password"> <value>secret</value> </property> </bean> <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0"> <value></value> </constructor-arg> <constructor-arg index="1"> <value>(uid={0})</value> </constructor-arg> <constructor-arg index="2"> <ref local="ldapContextSource" /> </constructor-arg> <property name="searchSubtree"> <value>true</value> </property> </bean> <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg> <ref local="ldapContextSource" /> </constructor-arg> <property name="userDnPatterns"> <list> <value>uid={0}</value> </list> </property> <property name="userSearch" ref="userSearch" /> </bean> </constructor-arg> <constructor-arg> <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg index="0"> <ref local="ldapContextSource" /> </constructor-arg> <constructor-arg index="1"> <value></value> </constructor-arg> <property name="groupRoleAttribute"> <value>cn</value> </property> <property name="groupSearchFilter"> <value>(&(member={0})(objectclass=groupOfNames))</value> </property> <property name="searchSubtree"> <value>true</value> </property> </bean> </constructor-arg> </bean>