SEC-2664: ActiveDirectoryLdapAuthenticationProvider should wrap communication exceptions in InternalAuthenticationServiceException #2884
Comments
|
Pradeep Agrawal said: if ActiveDirectoryLdapAuthenticationProvider fails then another provider (i.e authentication-provider/jdbc) should work which usage localhost database connection for username/password authentication. |
|
Rob Winch said: If an AuthenticationProvider fails in a way that is unrelated to user interactions (i.e. the LDAP server is down), then it should not continue to try other AuthenticationProvider instances. However, it should be wrapped in an InternalAuthenticationServiceException. See SEC-1919 |
spring-projects-issues
added
in: ldap
|
Could you please let us know if there are any plans to address this? The above milestone was closed. Thanks! |
|
@mlschechter we haven't had time to address it. Would you be interested in providing a PR? |
|
Our dependency on this logic has changed more than I thought, and this is not currently an issue for my team. Unfortunately, that reduces my flexibility in this area, so I'm unlikely to have bandwidth in the near future. |
jzheaux
added
the
status: ideal-for-contribution
|
Hi! I would like to investigate this issue and send a proposal PR about it. Can I take it? |
…ication exceptions in InternalAuthenticationServiceException spring-projectsgh-2884
…ication exceptions in InternalAuthenticationServiceException CommunicationException are now wrapped in InternalAuthenticationServiceException Closes spring-projectsgh-2884
…ication exceptions in InternalAuthenticationServiceException CommunicationException are now wrapped in InternalAuthenticationServiceException Closes spring-projectsgh-2884
rwinch
added
status: duplicate
spring-projects-issues
added
the
status: backported
- The test intentionally points to a non-existent LDAP server; on some machines, this will hang indefinitely without a specified timeout. Issue gh-2884
Pradeep Agrawal (Migrated from SEC-2664) said:
Jun 23, 2014 2:53:43 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [default] in context with path [/myapp] threw exception
org.springframework.ldap.CommunicationException: myazuread.cloudapp.net:389; nested exception is javax.naming.CommunicationException: myazuread.cloudapp.net:389 [Root exception is java.net.UnknownHostException: myazuread.cloudapp.net]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:100)
at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:170)
at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.doAuthentication(ActiveDirectoryLdapAuthenticationProvider.java:111)
at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:61)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: javax.naming.CommunicationException: myazuread.cloudapp.net:389 [Root exception is java.net.UnknownHostException: myazuread.cloudapp.net]
at com.sun.jndi.ldap.Connection.(Connection.java:226)
at com.sun.jndi.ldap.LdapClient.(LdapClient.java:136)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1608)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2698)
at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:316)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:153)
at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider$ContextFactory.createContext(ActiveDirectoryLdapAuthenticationProvider.java:311)
at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.bindAsUser(ActiveDirectoryLdapAuthenticationProvider.java:164)
... 29 more
Caused by: java.net.UnknownHostException: myazuread.cloudapp.net
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:178)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at java.net.Socket.connect(Socket.java:528)
at java.net.Socket.(Socket.java:425)
at java.net.Socket.(Socket.java:208)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:368)
at com.sun.jndi.ldap.Connection.(Connection.java:203)
... 43 more
The text was updated successfully, but these errors were encountered: