spring-guides / gs-authenticating-ldap Goto Github PK

View Code? Open in Web Editor NEW

94.0 30.0 153.0 1.19 MB

Authenticating a User with LDAP :: Learn how to secure an application with LDAP.

Home Page: https://spring.io/guides/gs/authenticating-ldap/

License: Apache License 2.0

Java 100.00%

gs-authenticating-ldap's Introduction

Table of Contents

What You Will Build
What You Need
Starting with Spring Initializr
Create a Simple Web Controller
Build the Unsecured Web Application
Set up Spring Security
Add Application Properties
Set up User Data
Summary
See Also

This guide walks you through the process creating an application and securing it with the Spring Security LDAP module.

What You Will Build

You will build a simple web application that is secured by Spring Security’s embedded Java-based LDAP server. You will load the LDAP server with a data file that contains a set of users.

What You Need

https://raw.githubusercontent.com/spring-guides/getting-started-macros/main/prereq_editor_jdk_buildtools.adoc

https://raw.githubusercontent.com/spring-guides/getting-started-macros/main/how_to_complete_this_guide.adoc

Starting with Spring Initializr

Note	Because the point of this guide is to secure an unsecured web application, you will first build an unsecured web application and, later in the guide, add more dependencies for the Spring Security and LDAP features.

You can use this pre-initialized project and click Generate to download a ZIP file. This project is configured to fit the examples in this tutorial.

To manually initialize the project:

Navigate to https://start.spring.io. This service pulls in all the dependencies you need for an application and does most of the setup for you.
Choose either Gradle or Maven and the language you want to use. This guide assumes that you chose Java.
Click Dependencies and select Spring Web.
Click Generate.
Download the resulting ZIP file, which is an archive of a web application that is configured with your choices.

Note	If your IDE has the Spring Initializr integration, you can complete this process from your IDE.

Note	You can also fork the project from Github and open it in your IDE or other editor.

Create a Simple Web Controller

In Spring, REST endpoints are Spring MVC controllers. The following Spring MVC controller (from src/main/java/com/example/authenticatingldap/HomeController.java) handles a GET / request by returning a simple message:

link:initial/src/main/java/com/example/authenticatingldap/HomeController.java[role=include]

The entire class is marked up with @RestController so that Spring MVC can autodetect the controller (by using its built-in scanning features) and automatically configure the necessary web routes.

@RestController also tells Spring MVC to write the text directly into the HTTP response body, because there are no views. Instead, when you visit the page, you get a simple message in the browser (because the focus of this guide is securing the page with LDAP).

Build the Unsecured Web Application

Before you secure the web application, you should verify that it works. To do that, you need to define some key beans, which you can do by creating an Application class. The following listing (from src/main/java/com/example/authenticatingldap/AuthenticatingLdapApplication.java) shows that class:

link:complete/src/main/java/com/example/authenticatingldap/AuthenticatingLdapApplication.java[role=include]

https://raw.githubusercontent.com/spring-guides/getting-started-macros/main/spring-boot-application-new-path.adoc

https://raw.githubusercontent.com/spring-guides/getting-started-macros/main/build_an_executable_jar_subhead.adoc https://raw.githubusercontent.com/spring-guides/getting-started-macros/main/build_an_executable_jar_with_both.adoc

If you open your browser and visit http://localhost:8080, you should see the following plain text:

Welcome to the home page!

Set up Spring Security

To configure Spring Security, you first need to add some extra dependencies to your build.

For a Gradle-based build, add the following dependencies to the build.gradle file:

link:complete/build.gradle[role=include]

Note	Due to an artifact resolution issue with Gradle, spring-tx must be pulled in. Otherwise, Gradle fetches an older one that doesn’t work.

For a Maven-based build, add the following dependencies to the pom.xml file:

link:complete/pom.xml[role=include]

These dependencies add Spring Security and UnboundId, an open source LDAP server. With those dependencies in place, you can then use pure Java to configure your security policy, as the following example (from src/main/java/com/example/authenticatingldap/WebSecurityConfig.java) shows:

link:complete/src/main/java/com/example/authenticatingldap/WebSecurityConfig.java[role=include]

You also need an LDAP server. Spring Boot provides auto-configuration for an embedded server written in pure Java, which is being used for this guide. The ldapAuthentication() method configures things so that the user name at the login form is plugged into {0} such that it searches uid={0},ou=people,dc=springframework,dc=org in the LDAP server. Also, the passwordCompare() method configures the encoder and the name of the password’s attribute.

Add Application Properties

Spring LDAP requires that three application properties be set in the application.properties` file:

spring.ldap.embedded.ldif=classpath:test-server.ldif
spring.ldap.embedded.base-dn=dc=springframework,dc=org
spring.ldap.embedded.port=8389

Set up User Data

LDAP servers can use LDIF (LDAP Data Interchange Format) files to exchange user data. The spring.ldap.embedded.ldif property inside application.properties lets Spring Boot pull in an LDIF data file. This makes it easy to pre-load demonstration data. The following listing (from src/main/resources/test-server.ldif) shows an LDIF file that works with this example:

link:complete/src/main/resources/test-server.ldif[role=include]

Note	Using an LDIF file is not standard configuration for a production system. However, it is useful for testing purposes or guides.

If you visit the site at http://localhost:8080, you should be redirected to a login page provided by Spring Security.

Enter a user name of ben and a password of benspassword. You should see the following message in your browser:

Welcome to the home page!

Summary

Congratulations! You have written a web application and secured it with Spring Security. In this case, you used an LDAP-based user store.

gs-authenticating-ldap's People

Contributors

Stargazers

Watchers

Forkers

rwinch dathatcher khiraide sumakadadi hyeong-jin runetteorobia linylzyzh123 xiaowu1002430026 ducat595 jaiswalrhl endron stickcruz andresousaribeiro doggerz junhuac matthew-pearson mukteswar3 adornala mikefuhan mygqprivate pillsoon airinfo-solution niggusch rucky2013 sven-engelhardt wut2004 faisaladnan harish594 rajeshkumarn ptmcgit eddumelendez garnagin yiyiwangru dhys ryanstrong2 keke77 chp19860820 benius radhikari54 dpondeljak rdnaidu mishin prakash-26790 amseager victoraditya delgorx liushuti hugomatus oizhaolei bzighab shgujarathi mrwinc sffej paullmc manuel-alvarez-alvarez spring-guides-cn abou92 lezhileyi nawaz462 venkatyarl spring-operator rustkas fileto1 elboulehmi xiaobensb skperugu manoj-leela nabilh isaiasmorochi se-melius buzzardo mauricioalixandreti mountainthunder kamauwairegi coderrahulgupta connorleejones andrey0402 riteshmckvie benthecyberone nikosdim anaamay shishuwu macsual logan-lim thomsound nandan8snns gekal-fork shanksms baisilg vineeshvraj7 baburaolatthe cnopens elkhaberi wtsaccuracy curioustauseef philkau devdkp salama232 khlilelkhatatt oelabed

gs-authenticating-ldap's Issues

Use @EnableWebSecurity instead of deprected @EnableWebMvcSecurity.

The example currently uses @EnableWebMvcSecurity which is deprecated.
It should be replaced with @EnableWebSecurity.

Unresolved directive in 'What you’ll need' section of README

I get this in the rendered readme on the guide's web-page:

<h2 id="_what_you_ll_need">What you’ll need</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Unresolved directive in &lt;stdin&gt; - include::https://raw.githubusercontent.com/spring-guides/getting-started-macros/master/prereq_editor_jdk_buildtools.adoc[] :initial: /initial :complete: /complete</p>
</div>
</div>

spring 3.1 generates deprecated code

Guide: https://spring.io/guides/gs/authenticating-ldap/

indicates that: src/main/java/com/example/authenticatingldap/WebSecurityConfig.java
contains:
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin();

Unfortunately both authorizeRequests and formLogin are flagged as deprecated in Spring 3.1
The method authorizeRequests() from the type HttpSecurity is deprecated

What is the correct code to use? Can the guide be updated please

Not working

This gives error

aused by: javax.naming.CommunicationException: localhost:8389
	at com.sun.jndi.ldap.Connection.<init>(Connection.java:238) ~[na:1.8.0_201]
	at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) ~[na:1.8.0_201]
	at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:64) ~[na:1.8.0_201]
	at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:114) ~[na:1.8.0_201]
	at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:136) ~[na:1.8.0_201]
	at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:340) ~[na:1.8.0_201]
	at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1601) ~[na:1.8.0_201]
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) ~[na:1.8.0_201]
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[na:1.8.0_201]
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[na:1.8.0_201]
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) ~[na:1.8.0_201]
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) ~[na:1.8.0_201]
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) ~[na:1.8.0_201]
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) ~[na:1.8.0_201]
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) ~[na:1.8.0_201]
	at javax.naming.InitialContext.init(InitialContext.java:244) ~[na:1.8.0_201]
	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) ~[na:1.8.0_201]
	at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42) ~[spring-ldap-core-2.3.3.RELEASE.jar:2.3.3.RELEASE]
	at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:343) ~[spring-ldap-core-2.3.3.RELEASE.jar:2.3.3.RELEASE]
	... 59 common frames omitted
Caused by: java.net.ConnectException: Connection refused (Connection refused)

Missing annotation from guide

In the guide @EnableWebSecurity is missing from WebSecurityConfig.java, without this the login doesn't work.

I was following the guide but mine is a an MVC app as opposed to REST, not sure if that makes any difference.

Embedded ldap connention refused

Hi
Do i need any additional configuration to setup embedded ldap, I have following dependency in my pom.xml

<dependency>
            <groupId>org.springframework.ldap</groupId>
            <artifactId>spring-ldap-core</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-ldap</artifactId>
        </dependency>
        <dependency>
            <groupId>com.unboundid</groupId>
            <artifactId>unboundid-ldapsdk</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>

Also in application properties file

spring.ldap.embedded.ldif=classpath:test-data.ldif
spring.ldap.embedded.base-dn=ou=users,dc=cluster,dc=local
spring.ldap.embedded.port=8389
spring.ldap.embedded.url=ldap://localhost:8389/

But while running test i am getting connection refused.

org.springframework.ldap.CommunicationException: localhost:8389; nested exception is javax.naming.CommunicationException: localhost:8389 [Root exception is java.net.ConnectException: Connection refused]

Initializr does not create all code needed for documented walkthrough

The steps at https://spring.io/guides/gs/authenticating-ldap/ to use a pre-generated project or to manually initialise the project do not create source suitable for the rest of the guide
There is no HomeController.java class file ?
Also, the pre-generated initialise link warns that: 'Spring Boot 3.1.0 is not available, 3.1.7 has been selected.'

Gradle build script info is missing for this example

There may be extras here, but here is my dependencies section, that got the sample to work:

apacheDsVersion = '1.5.5'
dependencies {
    compile "org.apache.directory.server:apacheds-core:$apacheDsVersion",
            "org.apache.directory.server:apacheds-core-entry:$apacheDsVersion",
            "org.apache.directory.server:apacheds-protocol-shared:$apacheDsVersion",
            "org.apache.directory.server:apacheds-protocol-ldap:$apacheDsVersion",
            "org.apache.directory.server:apacheds-server-jndi:$apacheDsVersion",
            'org.apache.directory.shared:shared-ldap:0.9.15'

    compile 'org.springframework.boot:spring-boot-starter-web'

    compile 'org.springframework.security:spring-security-web:3.2.5.RELEASE',
            'org.springframework.security:spring-security-core:3.2.5.RELEASE',
            'org.springframework.security:spring-security-config:3.2.5.RELEASE',
            'org.springframework.security:spring-security-taglibs:3.2.5.RELEASE',
            'org.springframework.security:spring-security-ldap:3.2.5.RELEASE'

    testCompile("junit:junit")
}

test error with 3.1.2 release

i must test code with this dependency

org.springframework.security
spring-security-ldap
3.1.2.RELEASE

but i have this error on "maven install" command

Errors:
[ERROR] AuthenticatingLdapApplicationTests.loginWithInvalidUserThenUnauthenticated » IllegalState
[ERROR] AuthenticatingLdapApplicationTests.loginWithValidUserThenAuthenticated » IllegalState
[INFO]
[ERROR] Tests run: 2, Failures: 0, Errors: 2, Skipped: 0

No access to Maven Repo -- Local Repository Setup

Hello, as I am behind enterprise firewall, I have no access to Maven Repo. I will need to do a Local Repository Setup. How to configure the build.gradle to get the necessary dependencies from a local repo?

Update Spring Boot to the latest version

Update the guide to use the most recent Spring Boot version.

Files that require changes are:

initial/build.gradle
initial/pom.xml
complete/build.gradle
complete/pom.xml

Remove paragraph about WebSecurityConfigurerAdapter

We no longer use WebSecurityConfigurerAdapter, so the paragraph about it can be removed.

This is a good one for someone who wants to get started contributing to Spring.

Fix guideline documentation

When following the guideline here:
Spring guides - LDAP

I found out that it's not working because the embedded LDAP server is not starting.
Before checking the complete example (here on the repository) I've debugged the AutoConfiguration class EmbeddedLdapAutoConfiguration
This led me to understand that the the embedded server will only start if the following properties are present in the classpath:

spring.ldap.embedded.ldif=classpath:test-server.ldif
spring.ldap.embedded.port=8389
spring.ldap.embedded.base-dn=dc=springframework,dc=org

This is clear here in the Github example but is missing in the guides of LDAP. Is it possible to improve the guide?

Also, I believe it would be nice to put a log.debug or even a log.info when the embedded server is started and in which port it has started.

Problems with displaying several code snippets on the guide page

Bugs with displaying several code examples on https://spring.io/guides/gs/authenticating-ldap/ (inside "Set up Spring Security" & "Set up user data" paragraphs):

build.gradle - Unresolved directive in - include::complete/build.gradle[tag=security,indent=0]

pom.xml - Unresolved directive in - include::complete/pom.xml[tag=security,indent=0]

src/main/java/hello/WebSecurityConfig.java - Unresolved directive in <stdin> - include::complete/src/main/java/hello/WebSecurityConfig.java[]

src/main/resources/test-server.ldif - Unresolved directive in <stdin> - include::complete/src/main/resources/test-server.ldif[]

Btw, Ascii plugin in IDEA shows all of them correctly.

WebSecurityConfigurerAdapter deprecated

Is there any plan to update this guide to the new configuration style?

NoClassDefFoundError

My environment is as follow: JDK_8_121_x64 and Spring Tool Suite 3.8.3 x64.

The project was created using STS and the Spring Boot version is v1.5.2.RELEASE.

After the building process, when I run the project as Spring Boot App, I get this error:

:: Spring Boot ::        (v1.5.2.RELEASE)

2017-03-31 11:26:20.425  INFO 7084 --- [           main] hello.Application                        : Starting 
Application on HP-59005662 with PID 7084 (C:\Users\paulorenato\Desktop\spring-tool-suite-3.8.3.RELEASE-e4.6.2-win32-x86_64\workspace-sts\gs-authenticating-ldap-complete\target\classes started by paulorenato in C:\Users\paulorenato\Desktop\spring-tool-suite-3.8.3.RELEASE-e4.6.2-win32-x86_64\workspace-sts\gs-authenticating-ldap-complete)
2017-03-31 11:26:20.427  INFO 7084 --- [           main] hello.Application                        : No active profile set, falling back to default profiles: default
2017-03-31 11:26:20.472  INFO 7084 --- [           main] ationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@23282c25: startup date [Fri Mar 31 11:26:20 BRT 2017]; root of context hierarchy
2017-03-31 11:26:21.122 ERROR 7084 --- [           main] o.s.boot.SpringApplication               : Application startup failed

java.lang.NoClassDefFoundError: org/springframework/security/ldap/DefaultSpringSecurityContextSource
	at java.lang.Class.getDeclaredMethods0(Native Method) ~[na:1.8.0_121]
	at java.lang.Class.privateGetDeclaredMethods(Class.java:2701) ~[na:1.8.0_121]
	at java.lang.Class.getDeclaredMethods(Class.java:1975) ~[na:1.8.0_121]
	at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:613) ~[spring-core-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.util.ReflectionUtils.doWithMethods(ReflectionUtils.java:524) ~[spring-core-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.util.ReflectionUtils.doWithMethods(ReflectionUtils.java:510) ~[spring-core-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.util.ReflectionUtils.getUniqueDeclaredMethods(ReflectionUtils.java:570) ~[spring-core-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.getTypeForFactoryMethod(AbstractAutowireCapableBeanFactory.java:697) ~[spring-beans-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.determineTargetType(AbstractAutowireCapableBeanFactory.java:640) ~[spring-beans-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.predictBeanType(AbstractAutowireCapableBeanFactory.java:609) ~[spring-beans-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.beans.factory.support.AbstractBeanFactory.isFactoryBean(AbstractBeanFactory.java:1484) ~[spring-beans-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doGetBeanNamesForType(DefaultListableBeanFactory.java:425) ~[spring-beans-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanNamesForType(DefaultListableBeanFactory.java:395) ~[spring-beans-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.boot.autoconfigure.web.EmbeddedServletContainerAutoConfiguration$BeanPostProcessorsRegistrar.registerBeanDefinitions(EmbeddedServletContainerAutoConfiguration.java:136) ~[spring-boot-autoconfigure-1.5.2.RELEASE.jar:1.5.2.RELEASE]
	at org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader.loadBeanDefinitionsFromRegistrars(ConfigurationClassBeanDefinitionReader.java:352) ~[spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader.loadBeanDefinitionsForConfigurationClass(ConfigurationClassBeanDefinitionReader.java:143) ~[spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.context.annotation.ConfigurationClassBeanDefinitionReader.loadBeanDefinitions(ConfigurationClassBeanDefinitionReader.java:116) ~[spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.context.annotation.ConfigurationClassPostProcessor.processConfigBeanDefinitions(ConfigurationClassPostProcessor.java:320) ~[spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.context.annotation.ConfigurationClassPostProcessor.postProcessBeanDefinitionRegistry(ConfigurationClassPostProcessor.java:228) ~[spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanDefinitionRegistryPostProcessors(PostProcessorRegistrationDelegate.java:270) ~[spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:93) ~[spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:686) ~[spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:524) ~[spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122) ~[spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:737) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:370) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:314) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1162) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1151) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
	at hello.Application.main(Application.java:10) [classes/:na]
Caused by: java.lang.ClassNotFoundException: org.springframework.security.ldap.DefaultSpringSecurityContextSource
	at java.net.URLClassLoader.findClass(URLClassLoader.java:381) ~[na:1.8.0_121]
	at java.lang.ClassLoader.loadClass(ClassLoader.java:424) ~[na:1.8.0_121]
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331) ~[na:1.8.0_121]
	at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ~[na:1.8.0_121]
	... 30 common frames omitted

2017-03-31 11:26:21.123  INFO 7084 --- [           main] ationConfigEmbeddedWebApplicationContext : Closing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@23282c25: startup date [Fri Mar 31 11:26:20 BRT 2017]; root of context hierarchy
2017-03-31 11:26:21.124  WARN 7084 --- [           main] ationConfigEmbeddedWebApplicationContext : Exception thrown from LifecycleProcessor on context close

java.lang.IllegalStateException: LifecycleProcessor not initialized - call 'refresh' before invoking lifecycle methods via the context: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@23282c25: startup date [Fri Mar 31 11:26:20 BRT 2017]; root of context hierarchy
	at org.springframework.context.support.AbstractApplicationContext.getLifecycleProcessor(AbstractApplicationContext.java:417) [spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.context.support.AbstractApplicationContext.doClose(AbstractApplicationContext.java:1002) [spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.context.support.AbstractApplicationContext.close(AbstractApplicationContext.java:961) [spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.boot.SpringApplication.handleRunFailure(SpringApplication.java:794) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:325) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1162) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1151) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
	at hello.Application.main(Application.java:10) [classes/:na]

2017-03-31 11:26:21.125 ERROR 7084 --- [           main] o.s.b.f.s.DefaultListableBeanFactory     : Destroy method on bean with name 'org.springframework.boot.autoconfigure.internalCachingMetadataReaderFactory' threw an exception

java.lang.IllegalStateException: ApplicationEventMulticaster not initialized - call 'refresh' before multicasting events via the context: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@23282c25: startup date [Fri Mar 31 11:26:20 BRT 2017]; root of context hierarchy
	at org.springframework.context.support.AbstractApplicationContext.getApplicationEventMulticaster(AbstractApplicationContext.java:404) [spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.context.support.ApplicationListenerDetector.postProcessBeforeDestruction(ApplicationListenerDetector.java:97) ~[spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.beans.factory.support.DisposableBeanAdapter.destroy(DisposableBeanAdapter.java:253) ~[spring-beans-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.destroyBean(DefaultSingletonBeanRegistry.java:578) [spring-beans-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.destroySingleton(DefaultSingletonBeanRegistry.java:554) [spring-beans-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.destroySingleton(DefaultListableBeanFactory.java:961) [spring-beans-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.destroySingletons(DefaultSingletonBeanRegistry.java:523) [spring-beans-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.destroySingletons(DefaultListableBeanFactory.java:968) [spring-beans-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.context.support.AbstractApplicationContext.destroyBeans(AbstractApplicationContext.java:1033) [spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.context.support.AbstractApplicationContext.doClose(AbstractApplicationContext.java:1009) [spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.context.support.AbstractApplicationContext.close(AbstractApplicationContext.java:961) [spring-context-4.3.7.RELEASE.jar:4.3.7.RELEASE]
	at org.springframework.boot.SpringApplication.handleRunFailure(SpringApplication.java:794) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:325) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1162) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1151) [spring-boot-1.5.2.RELEASE.jar:1.5.2.RELEASE]
	at hello.Application.main(Application.java:10) [classes/:na]

Exception in thread "main" java.lang.NoClassDefFoundError: org/springframework/security/ldap/DefaultSpringSecurityContextSource
	at java.lang.Class.getDeclaredMethods0(Native Method)
	at java.lang.Class.privateGetDeclaredMethods(Class.java:2701)
	at java.lang.Class.getDeclaredMethods(Class.java:1975)
	at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:613)
	at org.springframework.util.ReflectionUtils.doWithMethods(ReflectionUtils.java:524)
	at org.springframework.util.ReflectionUtils.doWithMethods(ReflectionUtils.java:510)
	at org.springframework.util.ReflectionUtils.getUniqueDeclaredMethods(ReflectionUtils.java:570)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.getTypeForFactoryMethod(AbstractAutowireCapableBeanFactory.java:697)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.determineTargetType(AbstractAutowireCapableBeanFactory.java:640)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.predictBeanType(AbstractAutowireCapableBeanFactory.java:609)
	at org.springframework.beans.factory.support.AbstractBeanFactory.isFactoryBean(AbstractBeanFactory.java:1484)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doGetBeanNamesForType(DefaultListableBeanFactory.java:425)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanNamesForType(DefaultListableBeanFactory.java:395)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:515)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:508)
	at org.springframework.context.support.AbstractApplicationContext.getBeansOfType(AbstractApplicationContext.java:1189)
	at org.springframework.boot.SpringApplication.getExitCodeFromMappedException(SpringApplication.java:862)
	at org.springframework.boot.SpringApplication.getExitCodeFromException(SpringApplication.java:848)
	at org.springframework.boot.SpringApplication.handleExitCode(SpringApplication.java:834)
	at org.springframework.boot.SpringApplication.handleRunFailure(SpringApplication.java:788)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:325)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1162)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1151)
	at hello.Application.main(Application.java:10)
Caused by: java.lang.ClassNotFoundException: org.springframework.security.ldap.DefaultSpringSecurityContextSource
	at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
	... 24 more

Spring Security LDAP Changes After 5.7 - Updating To Match Spring Docs

I started with the latest version of the "complete" example and changed to match our version of Spring Boot (2.7.5) and it worked fine. Then I tried to update to match the documentation here (spring-projects/spring-security#10138).

Changed from :

@Autowired
public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
        .ldapAuthentication()
            .userDnPatterns("uid={0},ou=people")
            .groupSearchBase("ou=groups")
            .contextSource()
                .url("ldap://localhost:8389/dc=springframework,dc=org")
                .and()
            .passwordCompare()
                .passwordEncoder(new BCryptPasswordEncoder())
                .passwordAttribute("userPassword");

To:

@Bean
public EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean() {
    EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean =
            EmbeddedLdapServerContextSourceFactoryBean.fromEmbeddedLdapServer();
    contextSourceFactoryBean.setPort(0);
    return contextSourceFactoryBean;
}   

@Bean
public AuthenticationManager authenticationManager(BaseLdapPathContextSource contextSource) {
    LdapPasswordComparisonAuthenticationManagerFactory factory = new LdapPasswordComparisonAuthenticationManagerFactory(
            contextSource, new BCryptPasswordEncoder());
    factory.setUserDnPatterns("uid={0},ou=people");
    factory.setPasswordAttribute("pwd");  
    return factory.createAuthenticationManager();
}

The system builds fine but there is a problem with the ldif file and in Unbound LDAP Container.

Caused by: com.unboundid.ldap.sdk.LDAPException: An entry with DN 'dc=springframework,dc=org' already exists in the server.
	at com.unboundid.ldap.listener.InMemoryRequestHandler.addEntry(InMemoryRequestHandler.java:5022) ~[unboundid-ldapsdk-6.0.6.jar:6.0.6]
	at com.unboundid.ldap.listener.InMemoryRequestHandler.importFromLDIF(InMemoryRequestHandler.java:4730) ~[unboundid-ldapsdk-6.0.6.jar:6.0.6]
	at com.unboundid.ldap.listener.InMemoryDirectoryServer.importFromLDIF(InMemoryDirectoryServer.java:1340) ~[unboundid-ldapsdk-6.0.6.jar:6.0.6]
	at org.springframework.security.ldap.server.UnboundIdContainer.importLdif(UnboundIdContainer.java:123) ~[spring-security-ldap-5.7.4.jar:5.7.4]

io.spring.platform parent causes gs-authenticating-ldap project to fail

I am using

<parent>
    <groupId>io.spring.platform</groupId>
    <artifactId>platform-bom</artifactId>
    <version>1.0.3.RELEASE</version>
</parent>

because of some of the additional dependencies it manages.
but when using this in conjuction with this example there are many points of failure.
The apacheds artifact for version 0.9.15 does not have the ServerEntry class and when updating the version to 0.9.19 the LdapNameNotFoundException is not found because it is in version 0.9.18.
So I thought adding apacheds-all would fix this but that was not the case. this is because the managed version, and I assume all versions, of the apacheds-all has the 1.5 version of org.slf4j packaged in the jar which causes a version conflict when doing the slf4j binding.

I am of the opinion that there are 2 defect here, one with the spring-io pom and one with the apacheds-all artifact. if you do not agree please let me know and close this ticket.

Thanks,

Null Pointer on Startup

Running mvn spring-boot:run results in:

Exception in thread "main" java.lang.NullPointerException
    at org.springframework.boot.autoconfigure.security.AuthenticationManagerConfiguration.onApplicationEvent(AuthenticationManagerConfiguration.java:96)
    at org.springframework.boot.autoconfigure.security.AuthenticationManagerConfiguration.onApplicationEvent(AuthenticationManagerConfiguration.java:54)
    at org.springframework.boot.autoconfigure.security.AuthenticationManagerConfiguration$$EnhancerBySpringCGLIB$$6e726fa6.onApplicationEvent(<generated>)
    at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:98)
    at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:333)
    at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:776)
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:142)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:485)
    at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:120)
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:691)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:320)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:952)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:941)
    at hello.Application.main(Application.java:14)

I am presuming that it is the same issue as spring-guides/gs-securing-web#15

Link to complete Gradle/Maven config file not working.

I don't know how README.adoc reference the content of a link.

It just shows nothing with the following two links:

link:complete/build.gradle[]
link:complete/pom.xml[]

I don't know why so just provides a screenshot for someone knows where the problem is.

broken links in the summary section

http://docs.spring.io/spring-security/site/docs/3.2.x/reference/html/
http://docs.spring.io/spring-security/site/docs/3.2.x/reference/html/ldap.html

Authentication enabled too early in guide

I was just going through the "Getting Started" guides linked from the Spring home page and ran into an issue with this one.

The initial build.gradle file has the following lines:

compile("org.springframework.boot:spring-boot-starter-security")
compile("org.springframework.security:spring-security-ldap:3.2.0.RC1")

This causes an authentication dialog to appear when going to http://localhost:8080 as instructed later:

If you open your browser and visit http://localhost:8080, you should see the following plain text:

Welcome to the home page!

So when the user gets to that point, a dialog appears asking for a username and password, and they assume that they did something incorrectly because they are unable to see that text. Newbies like me may take some time to isolate the problem to those two lines in the build.gradle file.

Remove unused CI files

The file test/run.sh is no longer required. This file and the test directory can be deleted.

The Jenkinsfile file can also be deleted.

These files were originally used for Jenkins CI. Now that this project has been converted to GitHub Actions, these files can be removed.

Java 8 Support

Hi ! I was reading the guide about "authenticating ldap" and I saw that isn't yet supported for Java 8 ...
So I just wanna know which is the status of that? Is it possible doing with Java 8 someway?
Thanks @gregturn

Gradle build failed with error Could not find method implmentation()

Error:
Could not find method implmentation() for arguments [org.springframework.ldap:spring-ldap-core] on object of type org.gradle.api.internal.artifacts.dsl.dependencies.DefaultDependencyHandler

Any suggestion how can I resolve this?

benpassword is not working

User Ben's password, benpassword, is not working. After following the steps mentioned in the guide I was not able to perform the login with benpassword.

To get it working I added a BCrypt Encoded password for Bob and tried the URL and the app worked.

At least this should be mentioned in the guide so that other users don't face the same issue.

Problems building

Hi,
Was just trying to build this and I'm getting the following error when I run:

2015-03-05 17:42:53.204 ERROR 7684 --- [ main] o.s.boot.SpringApplication : Application startup failed
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)

    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'persistenceExceptionTranslationPostProcessor' defined in clas
path resource [org/springframework/boot/autoconfigure/dao/PersistenceExceptionTranslationAutoConfiguration.class]: Initialization of bean failed; ne
ted exception is java.lang.IllegalStateException: No persistence exception translators found in bean factory. Cannot perform exception translation.
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:547)
at org.springframework.context.support.PostProcessorRegistrationDelegate.registerBeanPostProcessors(PostProcessorRegistrationDelegate.java:22
)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
at org.springframework.context.support.AbstractApplicationContext.registerBeanPostProcessors(AbstractApplicationContext.java:615)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:465)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:118)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:686)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:320)
at org.springframework.context.support.PostProcessorRegistrationDelegate.registerBeanPostProcessors(PostProcessorRegistrationDelegate.java:22
)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:957)
at org.springframework.context.support.AbstractApplicationContext.registerBeanPostProcessors(AbstractApplicationContext.java:615)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:946)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:465)
at hello.Application.mai at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationCont
xt.java:118)
cation.java:10)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.jaCaused by: java.lang.IllegalStateException: No persistence exceptio
translators found in bean factory. Cannot perform exception translation.

    at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.detectPersistenceExceptionTranslators(PersistenceExceptionTrans

ationInterceptor.java:142)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:320)
at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.(PersistenceExceptionTranslationInterceptor.java:79)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:957)
at org.springframework.dao.annotation.PersistenceExceptionTranslationAdvisor.(PersistenceExceptionTranslationAdvisor.java:71)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:946)
at org.springframework.dao.annotation.PersistenceExceptionTranslationPostProcessor.setBeanFactory(PersistenceExceptionTranslationPostProcesso
.java:84)
at hello.Application.main(Application.java:10)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeAwareMethods(AbstractAutowireCapableBeanFactory.java:15
5)
Caused by: java.lang.IllegalStateException: No persistence exception translators found in bean factory. Cannot perform exception translation.
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1553)
at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.detectPersistenceExceptionTranslators(PersistenceExceptionTrans
ationInterceptor.java:142)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.(PersistenceExceptionTranslationInterceptor.java:79)
... 14 more
at org.springframework.dao.annotation.PersistenceExceptionTranslationAdvisor.(PersistenceExceptionTranslationAdvisor.java:71)
at org.springframework.dao.annotation.PersistenceExceptionTranslationPostProcessor.setBeanFactory(PersistenceExceptionTranslationPostProcesso
.java:84)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeAwareMethods(AbstractAutowireCapableBeanFactory.java:15
5)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1553)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
... 14 common frames omitted

Any ideas ?