Error configuring External Authorisation for LDAP on JasperServer 6.0

Posted on December 26, 2014 at 1:30pm

I have just upgraded from 5.6.0 to 6.0.0 and have my old favourite problem - LDAP configuration (MS AD actually).  First configured successfully under 4.5 then 4.7. I modified the 5.6.0 applicationContext-security.xml file to work in a similar manner to 4.7.  This doesn’t work with 6.0.0, so I have tried splitting the LDAP configuration using the sample_applicationContext-externalAuth-LDAP.xml file.  I get an error as follows:

 

2014-12-26 15:38:39,073 ERROR ContextLoader,Thread-1:331 - Context initialization failed

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'proxyBasicProcessingFilter' defined in ServletContext resource [/WEB-INF/applicationContext-externalAuth-LDAP.xml]: Could not resolve matching constructor (hint: specify index/type/name arguments for simple parameters to avoid type ambiguities)

 

I’ve seen one or two other posts with similar problems, but none of the solutions resolve the problem.  I have configured the beans ldapAuthenticationProvider, userSearch, and ldapContextSource in the externalAuth file with no success.


Has anybody else experienced this problem? Or can you spot the issue in my externalAuth extract below, please?

 
 
<!-- ############ LDAP authentication ############
      - Sample configuration of external authentication via an external LDAP server.
    -->
 
<bean id="proxyAuthenticationProcessingFilter" class="com.jaspersoft.jasperserver.api.security.EncryptionAuthenticationProcessingFilter"
          parent="authenticationProcessingFilter">
<property name="authenticationManager">
<ref local="ldapAuthenticationManager"/>
</property>
 
<property name="authenticationSuccessHandler" ref="externalAuthSuccessHandler" />
</bean>
 
<bean id="proxyAuthenticationSoapProcessingFilter"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.DefaultAuthenticationSoapProcessingFilter">
<property name="authenticationManager" ref="ldapAuthenticationManager"/>
<property name="authenticationSuccessHandler" ref="externalAuthSuccessHandler" />
 
<property name="filterProcessesUrl" value="/services"/>
</bean>
 
<bean id="proxyAuthenticationRestProcessingFilter" class="com.jaspersoft.jasperserver.api.security.externalAuth.DefaultAuthenticationRestProcessingFilter">
<property name="authenticationManager">
<ref local="ldapAuthenticationManager"/>
</property>
<property name="authenticationSuccessHandler" ref="externalAuthSuccessHandler" />
<property name="filterProcessesUrl" value="/rest/login"/>
</bean>
 
<bean id="proxyRequestParameterAuthenticationFilter"
          class="com.jaspersoft.jasperserver.war.util.ExternalRequestParameterAuthenticationFilter" parent="requestParameterAuthenticationFilter">
<property name="authenticationManager">
<ref local="ldapAuthenticationManager"/>
</property>
<property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>
</bean>
 
<bean id="externalAuthSuccessHandler"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.JrsExternalAuthenticationSuccessHandler" parent="successHandler">
<property name="externalDataSynchronizer">
<ref local="externalDataSynchronizer"/>
</property>
</bean>
 
<bean id="proxyBasicProcessingFilter"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalAuthBasicProcessingFilter" parent="basicProcessingFilter">
<property name="authenticationManager" ref="ldapAuthenticationManager"/>
<property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>
</bean>
 
<bean id="ldapAuthenticationManager" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.JSProviderManager">
<property name="providers">
<list>
<ref local="ldapAuthenticationProvider"/>
<ref bean="${bean.daoAuthenticationProvider}"/>
<!--anonymousAuthenticationProvider only needed if filterInvocationInterceptor.alwaysReauthenticate is set to true
                <ref bean="anonymousAuthenticationProvider"/>-->
</list>
</property>
</bean>
 
<bean id="ldapAuthenticationProvider" class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSLdapAuthenticationProvider">
<constructor-arg>
<bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSBindAuthenticator">
<constructor-arg>
<ref local="ldapContextSource"/>
</constructor-arg>
<property name="userSearch" ref="userSearch"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSDefaultLdapAuthoritiesPopulator">
<constructor-arg index="0">
<ref local="ldapContextSource"/>
</constructor-arg>
<constructor-arg index="1">
<value/>
</constructor-arg>
<property name="groupRoleAttribute" value="cn"/>
<property name="groupSearchFilter" value="(&amp;(member={0})(objectclass=group)(cn=JASPER_*))"/>
<property name="searchSubtree" value="true"/>
<!-- Can setup additional external default roles here  <property name="defaultRole" value="LDAP"/> -->
</bean>
</constructor-arg>
</bean>
 
<bean id="userSearch"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.ldap.JSFilterBasedLdapUserSearch">
<constructor-arg index="0">
<value/>
</constructor-arg>
<constructor-arg index="1">
<value>(sAMAccountName={0})</value>
</constructor-arg>
<constructor-arg index="2">
<ref local="ldapContextSource" />
</constructor-arg>
<property name="searchSubtree">
<value>true</value>
</property>
</bean>
 
<bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">
<constructor-arg value="ldap://LDAPSERVER:389/dc=jsr,dc=co,dc=uk"/>
<!-- manager user name and password (may not be needed)  -->
<property name="userDn" value="LDAPADMIN"/>
<property name="password" value="LDAPADMINPassword"/>
<property name="referral" value="follow"/>
</bean>
<!-- ############ LDAP authentication ############ -->
 
<!-- ############ JRS Synchronizer ############ -->
<bean id="externalDataSynchronizer"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalDataSynchronizerImpl">
<property name="externalUserProcessors">
<list>
<ref local="externalUserSetupProcessor"/>
<!-- Example processor for creating user folder-->
<!--<ref local="externalUserFolderProcessor"/>-->
</list>
</property>
</bean>
 
<bean id="abstractExternalProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.AbstractExternalUserProcessor" abstract="true">
<property name="repositoryService" ref="${bean.repositoryService}"/>
<property name="userAuthorityService" ref="${bean.userAuthorityService}"/>
<property name="tenantService" ref="${bean.tenantService}"/>
<property name="profileAttributeService" ref="profileAttributeService"/>
<property name="objectPermissionService" ref="objectPermissionService"/>
</bean>
 
<bean id="externalUserSetupProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserSetupProcessor" parent="abstractExternalProcessor">
<!--Default permitted role characters; others are removed. Change regular expression to allow other chars.
                    <property name="permittedExternalRoleNameRegex" value="[A-Za-z0-9_]+"/>-->
 
<property name="userAuthorityService">
<ref bean="${bean.internalUserAuthorityService}"/>
</property>
<property name="defaultInternalRoles">
<list>
<value>ROLE_USER</value>
</list>
</property>
 
<property name="organizationRoleMap">
<map>
<!-- Example of mapping customer roles to JRS roles -->
<entry>
<key>
<value>ROLE_ADMIN_EXTERNAL_ORGANIZATION</value>
</key>
<!-- JRS role that the <key> external role is mapped to-->
<value>ROLE_ADMINISTRATOR</value>
</entry>
</map>
</property>
</bean>
 
<!-- EXAMPLE Processor
    <bean id="externalUserFolderProcessor"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserFolderProcessor"
          parent="abstractExternalProcessor">
        <property name="repositoryService" ref="${bean.unsecureRepositoryService}"/>
    </bean>
    -->
<!-- ############ JRS Synchronizer ############ -->
</beans>
 
 

 

JasperReports® Server
gedmf's picture
gedmf
27
Joined: Sep 9 2011 - 4:14am
Last seen: 7 years 8 months ago

The example proxyBasicProcessingFilter bean config provided with JS6 is broken.  Try the below, which fixed it for me:

(Of course now I need to understand why the organizationRoleMapping stuff which worked in 5.5 is now broken in 6 - sigh...)

 

 

    <bean id="proxyBasicProcessingFilter"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalAuthBasicProcessingFilter">
        <property name="authenticationManager" ref="ldapAuthenticationManager"/>
        <property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>
 
 
        <property name="authenticationEntryPoint">
            <ref local="basicProcessingFilterEntryPoint"/>
        </property>
    </bean>
tim_12 - 8 years 5 months ago

Hi tim_12,

Thank you for that information. The fix worked perfectly. I too moved on to fixing up the LDAP role mapping that used to work. I am using AD, and didn't include the User details in master properties before the migration, so enter them manually as per p31-33 in the v6.0.1 Authentication Cookbook. After including the mappings from external role to JRS role in the externalUserSetupProcessor, the bit I found missing that completed it and got it working was in the ldapContextSource bean.  I added the following after the password property; <property name="referral" value="follow"/>

Not sure if that helps, but I'd be happy to cast an eye over things if you like.

Once again, thanks for your help.

Ged

gedmf - 8 years 5 months ago
add comment

1 Answer:

Posted on December 29, 2014 at 12:07pm

Note that unless you specifically use external authentication to authenticate users via rest or webservices, proxyBasicProcessingFilter can me completely removed from the sample file.  As a result of this, delegatingPreAuthenticatedFilter in applicationContext-security-web.xml will fall back on the non-external basicProcessingFilter behaviour.

 

Sample file is provided just as that.  It includes more scenarios than you might need.

dlitvak's picture
dlitvak
520
Joined: May 30 2013 - 6:53am
Last seen: 1 year 9 months ago

Hi dlitvak,

Thank you for the explanation. That makes sense to me now. One or two of our people use the Report Studio tool remotely, which I think authenticates using REST under these circumstances. So am I correct in thinking that I should include the proxyBasicProcessingFilter.

Regards

Ged

gedmf - 8 years 5 months ago

Hi, i need help with ldap conf, i was trying to conf. it using the steps described in jasper documentaion, but i am having a problem, the error is this one
type Status report

message /jasperserver/login.html;jsessionid=623DD9EC81A3702EC57937EF900009E7

description The requested resource is not available
<!--
~ Copyright (C) 2005 - 2012 Jaspersoft Corporation. All rights reserved.
~ http://www.jaspersoft.com.
~
~ Unless you have purchased a commercial license agreement from Jaspersoft,
~ the following license terms apply:
~
~ This program is free software: you can redistribute it and/or modify
~ it under the terms of the GNU Affero General Public License as
~ published by the Free Software Foundation, either version 3 of the
~ License, or (at your option) any later version.
~
~ This program is distributed in the hope that it will be useful,
~ but WITHOUT ANY WARRANTY; without even the implied warranty of
~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
~ GNU Affero General Public License for more details.
~
~ You should have received a copy of the GNU Affero General Public License
~ along with this program. If not, see <http://www.gnu.org/licenses/>.
-->

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">

<!-- ############ LDAP authentication ############
- Sample configuration of external authentication via an external LDAP server.
-->

<bean id="proxyAuthenticationProcessingFilter" class="com.jaspersoft.jasperserver.api.security.externalAuth.BaseAuthenticationProcessingFilter">
<property name="authenticationManager">
<ref local="ldapAuthenticationManager"/>
</property>
<property name="externalDataSynchronizer">
<ref local="externalDataSynchronizer"/>
</property>

<property name="sessionRegistry">
<ref bean="sessionRegistry"/>
</property>

<property name="internalAuthenticationFailureUrl" value="/login.html?error=1"/>
<property name="defaultTargetUrl" value="/loginsuccess.html"/>
<property name="invalidateSessionOnSuccessfulAuthentication" value="true"/>
<property name="migrateInvalidatedSessionAttributes" value="true"/>
</bean>

<bean id="proxyAuthenticationSoapProcessingFilter"
class="com.jaspersoft.jasperserver.api.security.externalAuth.DefaultAuthenticationSoapProcessingFilter">
<property name="authenticationManager" ref="ldapAuthenticationManager"/>
<property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>

<property name="invalidateSessionOnSuccessfulAuthentication" value="true"/>
<property name="migrateInvalidatedSessionAttributes" value="true"/>
<property name="filterProcessesUrl" value="/services"/>
</bean>

<bean id="proxyRequestParameterAuthenticationFilter"
class="com.jaspersoft.jasperserver.war.util.ExternalRequestParameterAuthenticationFilter">
<property name="authenticationManager">
<ref local="ldapAuthenticationManager"/>
</property>
<property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>

<property name="authenticationFailureUrl">
<value>/login.html?error=1</value>
</property>
<property name="excludeUrls">
<list>
<value>/j_spring_switch_user</value>
</list>
</property>
</bean>

<bean id="proxyBasicProcessingFilter"
class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalAuthBasicProcessingFilter">
<property name="authenticationManager" ref="ldapAuthenticationManager"/>
<property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>

<property name="authenticationEntryPoint">
<ref local="basicProcessingFilterEntryPoint"/>
</property>
</bean>

<bean id="proxyAuthenticationRestProcessingFilter" class="com.jaspersoft.jasperserver.api.security.externalAuth.DefaultAuthenticationRestProcessingFilter">
<property name="authenticationManager">
<ref local="ldapAuthenticationManager"/>
</property>
<property name="externalDataSynchronizer">
<ref local="externalDataSynchronizer"/>
</property>

<property name="filterProcessesUrl" value="/rest/login"/>
<property name="invalidateSessionOnSuccessfulAuthentication" value="true"/>
<property name="migrateInvalidatedSessionAttributes" value="true"/>
</bean>

<bean id="ldapAuthenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="ldapAuthenticationProvider"/>
<ref bean="${bean.daoAuthenticationProvider}"/>
<!--anonymousAuthenticationProvider only needed if filterInvocationInterceptor.alwaysReauthenticate is set to true
<ref bean="anonymousAuthenticationProvider"/>-->
</list>
</property>
</bean>

<bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<constructor-arg><ref local="ldapContextSource"/></constructor-arg>
<property name="userSearch" ref="userSearch"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
<constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg>
<constructor-arg index="1"><value></value></constructor-arg>
<property name="groupRoleAttribute" value="title"/>
<property name="groupSearchFilter" value="(uid={1})"/>
<property name="searchSubtree" value="true"/>
<!-- Can setup additional external default roles here <property name="defaultRole" value="LDAP"/> -->
</bean>
</constructor-arg>
</bean>

<bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0">
<value>ou=people</value>
</constructor-arg>
<constructor-arg index="1">
<value>(uid={0})</value>
</constructor-arg>
<constructor-arg index="2">
<ref local="ldapContextSource" />
</constructor-arg>
<property name="searchSubtree">
<value>true</value>
</property>
</bean>

<bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">
<constructor-arg value="${xxx.xxx.xxx.xxx/dc=apoteke,dc=com}"/>
<!-- manager user name and password (may not be needed) -->
<property name="userDn" value="${cn=Administrator,dc=apoteke,dc=com}"/>
<property name="password" value="${admin}"/>
</bean>
<!-- ############ LDAP authentication ############ -->

<!-- ############ JRS Synchronizer ############ -->
<bean id="externalDataSynchronizer"
class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalDataSynchronizerImpl">
<property name="externalUserProcessors">
<list>
<ref local="externalUserSetupProcessor"/>
<!-- Example processor for creating user folder-->
<!--<ref local="externalUserFolderProcessor"/>-->
</list>
</property>
</bean>

<bean id="abstractExternalProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.AbstractExternalUserProcessor" abstract="true">
<property name="repositoryService" ref="${bean.repositoryService}"/>
<property name="userAuthorityService" ref="${bean.userAuthorityService}"/>
<property name="tenantService" ref="${bean.tenantService}"/>
<property name="profileAttributeService" ref="profileAttributeService"/>
<property name="objectPermissionService" ref="objectPermissionService"/>
</bean>

<bean id="externalUserSetupProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserSetupProcessor" parent="abstractExternalProcessor">
<!--Default permitted role characters; others are removed. Change regular expression to allow other chars.
<property name="permittedExternalRoleNameRegex" value="[A-Za-z0-9_]+"/>-->

<property name="userAuthorityService">
<ref bean="${bean.internalUserAuthorityService}"/>
</property>
<property name="defaultInternalRoles">
<list>
<value>ROLE_USER</value>
</list>
</property>

<property name="organizationRoleMap">
<map>
<!-- Example of mapping customer roles to JRS roles -->
<entry>
<key>
<value>ROLE_ADMIN_EXTERNAL_ORGANIZATION</value>
</key>
<!-- JRS role that the <key> external role is mapped to-->
<value>ROLE_ADMINISTRATOR</value>
</entry>
</map>
</property>
</bean>

<bean id="externalUserFolderProcessor"
class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserFolderProcessor"
parent="abstractExternalProcessor">
<property name="repositoryService" ref="${bean.unsecureRepositoryService}"/>
</bean>

<!-- EXAMPLE Processor
<bean id="externalUserFolderProcessor"
class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserFolderProcessor"
parent="abstractExternalProcessor">
<property name="repositoryService" ref="${bean.unsecureRepositoryService}"/>
</bean>
-->
<!-- ############ JRS Synchronizer ############ -->
</beans>

Can some one help me, please,

Regards

onelat - 8 years 2 months ago

Jasper version to version the code has as lot of Deprecation. please log a call with Jasper support.upgrading the version is like a new full setup and you may be encounter a tough time.

janakarajp - 7 years 8 months ago
add comment
Feedback