This problem is related to JAX-RS configuration.
I configured JAX-RS for a single class. The configuration worked fine.
#Path(/bean1/)
#Produces("application/xml")
public class class1 {
#POST
#Consumes(MediaType.APPLICATION_XML)
#Produces(MediaType.APPLICATION_XML)
#Path(/m1)
public String method1(JAXBElement<String> request) {
}
#POST
#Consumes(MediaType.APPLICATION_XML)
#Produces(MediaType.APPLICATION_XML)
#Path(/m2)
public String method2(JAXBElement<String> request) {
}
}
Below is jaxrs:server tag
<jaxrs:server id="bean1" address="/">
<jaxrs:serviceBeans>
<ref bean="class1" />
</jaxrs:serviceBeans>
<jaxrs:extensionMappings>
<entry key="xml" value="application/xml" />
</jaxrs:extensionMappings>
</jaxrs:server>
I could call through Apache Jersey client with URL "/bean1/m1"
Now, I wanted to configure another class with JAX-RS. Hence, I added configuration as below
#Path(/bean2/)
#Produces("application/xml")
public class class2 {
#POST
#Consumes(MediaType.APPLICATION_XML)
#Produces(MediaType.APPLICATION_XML)
#Path(/m3)
public String method3(JAXBElement<String> request) {
}
}
I added another jaxrs:server tag and specified address. The effective configuration is
<jaxrs:server id="bean1" address="/bean1">
<jaxrs:serviceBeans>
<ref bean="class1" />
</jaxrs:serviceBeans>
<jaxrs:extensionMappings>
<entry key="xml" value="application/xml" />
</jaxrs:extensionMappings>
</jaxrs:server>
<jaxrs:server id="bean2" address="/bean2">
<jaxrs:serviceBeans>
<ref bean="class2" />
</jaxrs:serviceBeans>
<jaxrs:extensionMappings>
<entry key="xml" value="application/xml" />
</jaxrs:extensionMappings>
</jaxrs:server>
I again tried to call web service with URL "/bean1/m1".
However, I received an error No root resource matching request path /m1 has been found.
Requesting help.
Looking at your configuration you now have a mapping that maps to:
/bean1/bean1/m1
/bean2/bean2/m3
You probably want to do something like this:
<jaxrs:server id="server" address="/">
<jaxrs:serviceBeans>
<ref bean="class1" />
<ref bean="class2" />
</jaxrs:serviceBeans>
<jaxrs:extensionMappings>
<entry key="xml" value="application/xml" />
</jaxrs:extensionMappings>
</jaxrs:server>
You can just define 2 servicebeans for the same server if you want. That should give you what you want.
Related
I am facing an issue where I need to set timeout for one particular webservice to a value other than the default value for all other services. Now I need to find a way where I can somehow programmatically override the http Conduit timeout for my service. Can someone please guide me how to achieve this?
This is my current configuration and service:
<http:conduit name="*.http-conduit">
<http:client ConnectionTimeout="${httpConduit.connectionTimeout:30000}" ReceiveTimeout="${httpConduit.receiveTimeout:30000}" />
<http:tlsClientParameters disableCNCheck="${httpConduit.ssl.disableCNCheck:false}">
<sec:keyManagers keyPassword="${httpConduit.ssl.keyPassword}">
<sec:keyStore type="${httpConduit.ssl.keyStoreType}" password="${httpConduit.ssl.keyStorePassword}" file="${httpConduit.ssl.keyStoreFile}" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="${httpConduit.ssl.trustStoreType}" password="${httpConduit.ssl.trustStorePassword}" file="${httpConduit.ssl.trustStoreFile}" />
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
</http:conduit>
<jaxrs:client id="testProxy" address="${test.endpoint}" threadSafe="true" serviceClass="foo.TestProxy">
<jaxrs:headers>
<entry key="Accept-Encoding" value="gzip,deflate" />
<entry key="Content-Type" value="application/json;charset=UTF-8" />
<entry key="Content-Length" value="92" />
<entry key="Connection" value="Keep-Alive" />
</jaxrs:headers>
<jaxrs:providers>
<ref bean="jsonProvider" />
</jaxrs:providers>
<jaxrs:features>
<!-- Enables logging of the 'on-the-wire' request/response -->
<bean class="org.apache.cxf.feature.LoggingFeature" />
</jaxrs:features>
</jaxrs:client>
Issue resolved!
I created an out interceptor bean in the client and a CustomINterceptor class to update the values:
<jaxrs:headers>
<entry key="Accept-Encoding" value="gzip,deflate" />
<entry key="Content-Type" value="application/json;charset=UTF-8" />
<entry key="Content-Length" value="92" />
<entry key="Connection" value="Keep-Alive" />
</jaxrs:headers>
<jaxrs:providers>
<ref bean="jsonProvider" />
</jaxrs:providers>
<jaxrs:features>
<!-- Enables logging of the 'on-the-wire' request/response -->
<bean class="org.apache.cxf.feature.LoggingFeature" />
</jaxrs:features>
<jaxrs:outInterceptors>
<ref bean="customInterceptor" />
</jaxrs:outInterceptors>
</jaxrs:client>
<bean id="customInterceptor" class="com.bmo.channel.alert.interceptor.CustomInterceptor" ></bean>
public class CustomInterceptor extends AbstractPhaseInterceptor<Message>{
public CustomInterceptor () {
super(Phase.SETUP);
}
#Override
public void handleMessage(Message message) {
System.out.println("Inside handle message");
try {
final Conduit conduit = message.getExchange().getConduit(message);
if (conduit instanceof HTTPConduit) {
final HTTPConduit httpConduit = (HTTPConduit) conduit;
HTTPClientPolicy policy = httpConduit.getClient();
policy.setReceiveTimeout(timeout);
policy.setConnectionTimeout(timeout);
httpConduit.setClient(policy);
System.out.println("ConnectionTimeout() -- " + policy.getConnectionTimeout());
System.out.println("ReceiveTimeout -- " + policy.getReceiveTimeout());
System.out.println("HTTPClientPolicy -- " + policy.getHost());
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
'''
I defined two rabbit:template in spring xml:
<bean id="application.startup.status" class="org.springframework.amqp.remoting.client.AmqpProxyFactoryBean">
<property name="serviceInterface" value="com.xxx.services.IStartupStatusService"/>
<property name="amqpTemplate" ref="rmqTemplate_application_startup_status"/>
</bean>
<rabbit:template id="rmqTemplate_application_startup_status" connection-factory="rmqConnectionFactory" reply-timeout="2000"
routing-key="remoting.application_startup_status"
exchange="remoting.exchange.application_startup_status"/>
<rabbit:queue name="application_startup_status" />
<rabbit:direct-exchange name="remoting.exchange.application_startup_status">
<rabbit:bindings>
<rabbit:binding queue="application_startup_status" key="remoting.application_startup_status" />
</rabbit:bindings>
</rabbit:direct-exchange>
<bean id="application.root.status" class="org.springframework.amqp.remoting.client.AmqpProxyFactoryBean">
<property name="serviceInterface" value="com.xxx.services.IRootStatusService"/>
<property name="amqpTemplate" ref="rmqTemplate_application_root_status"/>
</bean>
<rabbit:template id="rmqTemplate_application_root_status" connection-factory="rmqConnectionFactory" reply-timeout="2000"
routing-key="remoting.application_root_status"
exchange="remoting.exchange.application_root_status"/>
<rabbit:queue name="application_root_status" />
<rabbit:direct-exchange name="remoting.exchange.application_root_status">
<rabbit:bindings>
<rabbit:binding queue="application_root_status" key="remoting.application_root_status" />
</rabbit:bindings>
</rabbit:direct-exchange>
when run my application, there is error :
Caused by: org.springframework.beans.factory.NoUniqueBeanDefinitionException: No qualifying bean of type 'org.springframework.amqp.rabbit.core.RabbitTemplate' available: expected single matching bean but found 3: rmqTemplate_application_startup_status, rmqTemplate_application_root_status
I write this Spring XML following the sample in page http://docs.spring.io/spring-amqp/reference/htmlsingle/#remoting. How to resolve this issue?
Use the id as the variable name and/or use a #Qualifier.
#Autowired
#Qualifier("rmqTemplate_application_root_status")
private RabbitTemplate rootStatusTemplate;
or
<rabbit:template id="rootStatusTemplate" ...
#Autowired
private RabbitTemplate rootStatusTemplate;
I am new to spring Data JPA.I facing problem in loading bean without using ApplicationContext or ClassPathXmlApplicationContext.Because in my current project I have one old spring related jar which cannot be removed.Because of which my current "SpringContext.xml" cannot be loaded.Here is my code which prevent from loading SpringContext.xml
ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext("SpringContext.xml");
RegistrationBean registrationBean = (RegistrationBean)context.getBean("registrationBean");
Here is my RegistrationBean for my Repository
#Component
public class RegistrationBean {
#Autowired
private CreditorProfileRepository creditorProfileReposigtory;
public RegistrationBean(){
}
public CreditorProfileRepository getCreditorProfileReposigtory() {
return creditorProfileReposigtory;
}
public void setEmployeeReposigtory(CreditorProfileRepository creditorProfileReposigtory) {
this.creditorProfileReposigtory = creditorProfileReposigtory;
}
}
Here is my repository
import org.springframework.data.repository.CrudRepository;
import org.springframework.stereotype.Repository;
#Repository
public interface CreditorProfileRepository extends CrudRepository <CreditorProfile, String>{
public CreditorProfile findBympcreditorprofileidpk(String mpcreditorprofileidpk);
}
So I taught of using constructor injection to load registrationBean in my application class.Here is my application class
public class CreateCreditorProfile implements ICreateCreditorProfile{
RegistrationBean repositoryRegistration;
CreateCreditorProfile(RegistrationBean repositoryRegistration){
this.repositoryRegistration=repositoryRegistration;
}
CreateCreditorProfile(){
this.repositoryRegistration=repositoryRegistration;
}
#Override
public void createCreditorProfile(CreditorProfileServiceDetails creditorProfileServiceDetails) {
CreditorProfile creditorProfile = new CreditorProfile();
creditorProfile.setcreditorprofileidpk("343243243");
creditorProfile.setpartyid("000005");
creditorProfile.setpartyname("Federico o Peluso");
repositoryRegistration.getCreditorProfileReposigtory().save(creditorProfile);
}
Here is my ApplicationContext.xml
<bean id="registrationBean" class="com.mi.bn.payment.persistence.RegistrationBean" scope="prototype" />
<bean id="CreateCreditorProfile" class="com.mi.bn.paymen.persistence.CreateCreditorProfile" scope="prototype" >
<constructor-arg name="repositoryRegistration" ref="registrationBean" />
</bean>
<bean id="creditorsProfileConfiguration" class="com.mi.bn.payment.domain.configuration.CreditorsProfileConfiguration" scope="prototype">
<constructor-arg name="creater" ref="CreateCreditorProfile" />
</bean>
Here is my SpringContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:util="http://www.springframework.org/schema/util"
xmlns:jpa="http://www.springframework.org/schema/data/jpa"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/data/jpa
http://www.springframework.org/schema/data/jpa/spring-jpa.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.0.xsd">
<!-- For consider the using of annotations foe defining Spring Bean -->
<context:annotation-config />
<!-- For defining Spring Bean -->
<context:component-scan base-package="com.cs.ed.paymentmessaging.persistence" />
<!-- For bootstrapping the Spring Repository -->
<jpa:repositories base-package="com.cs.ed.paymentmessaging.persistence" />
<!-- Necessary to get the entity manager injected into the factory bean -->
<bean
class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" />
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
<property name="url" value="jdbc:db2://localhost:50000/DD23"/>
<property name="driverClassName" value="com.ibm.db2.jcc.DB2Driver"/>
<property name="username" value="db2admin"/>
<property name="password" value="Wasadm1n"/>
</bean>
<bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
<property name="showSql" value="true"/>
<property name="generateDdl" value="true"/>
<property name="databasePlatform" value="org.hibernate.dialect.DB2Dialect"/>
</bean>
<!-- Entity Manager Factory -->
<bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="persistenceUnitName" value="SpringData"></property>
<property name="jpaVendorAdapter" ref="jpaVendorAdapter" />
<property name="dataSource" ref="dataSource"/>
</bean>
<!-- Transaction Manager -->
<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="entityManagerFactory" ref="entityManagerFactory" />
</bean>
<!-- Enable Transactional Manner -->
<tx:annotation-driven transaction-manager="transactionManager" />
But still it is my application class I get null pointer exception at
repositoryRegistration.getCreditorProfileReposigtory().save(creditorprofile)
So Please let me know workaround for this problem.
Here is stack trace
11:03:04,725 INFO [CommandExecuter] An Unexpected Error Occurred An Unexpected Error Occurred java.lang.NullPointerException
com.trapedza.bankfusion.core.BankFusionException: An Unexpected Error Occurred java.lang.NullPointerException
at com.misys.bankfusion.subsystem.microflow.runtime.command.ExecuteMicroflowCommand.createBankFusionException(ExecuteMicroflowCommand.java:1224)
at com.misys.bankfusion.subsystem.microflow.runtime.command.ExecuteMicroflowCommand.execute(ExecuteMicroflowCommand.java:674)
at com.misys.bankfusion.command.impl.AbstractCommand.execute(AbstractCommand.java:596)
at com.trapedza.bankfusion.servercommon.commands.AbstractCommand.execute(AbstractCommand.java:392)
at com.misys.bankfusion.command.impl.CommandExecuter.executeCommand(CommandExecuter.java:435)
at com.misys.bankfusion.controller.ExecutionModeHelper.executeDirect(ExecutionModeHelper.java:142)
at com.misys.bankfusion.controller.ExecutionModeHelper.executeCommand(ExecutionModeHelper.java:121)
at com.misys.bankfusion.controller.ExecutionController.executeCommand(ExecutionController.java:121)
at com.misys.bankfusion.controller.CommandUtils.executeCommand(CommandUtils.java:66)
at com.misys.bankfusion.uxp.plugin.BankFusionServicePlugin.processOtherRequests(BankFusionServicePlugin.java:799)
at com.misys.bankfusion.uxp.plugin.BankFusionServicePlugin.executeService(BankFusionServicePlugin.java:191)
at com.misys.uxp.container.servlet.UXServlet.service(UXServlet.java:104)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.lang.NullPointerException
at com.misys.bankfusion.paymentmessaging.persistence.CreateCreditorProfile.createCreditorProfile(CreateCreditorProfile.java:65)
at com.misys.bankfusion.paymentmessaging.domain.configuration.CreditorsProfileConfiguration.createCreditorProfile(CreditorsProfileConfiguration.java:34)
at com.misys.bankfusion.paymentmessaging.controller.fatom.MaintainCreditorProfiles.process(MaintainCreditorProfiles.java:46)
Your RegistrationBean seems not to be autowired:
public class CreateCreditorProfile implements ICreateCreditorProfile{
#Autowired
RegistrationBean repositoryRegistration;
...
}
Regarding your question why the constructor call is not working, as far as I can see there are 2 context.xml declarations - ApplicationContext.xml and SpringContext.xml. You need to load both of them:
ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(
"SpringContext.xml","ApplicationContext.xml");
Or you can import the Application.xml inside the SpringContext.xml
<import resource="ApplicationContext.xml" />
Both ways should result in loading your beans properly.
I have a problem with setting permission for existing node("Sites" folder). I have a group and I need to give her full control permission for "Sites" folder. I'm used the next xml for this
<cm:folder view:childName="cm:Sites">
<view:acl>
<view:ace view:access="ALLOWED">
<view:authority>GROUP_NOTEBOOK_PROJECT_CREATOR_GROUP</view:authority>
<view:permission>FullControl</view:permission>
</view:ace>
</view:acl>
<view:properties>
<cm:name>Sites</cm:name>
<sys:node-uuid>1e6f0610-a018-4966-ab37-c71e809dc6ed</sys:node-uuid>
</view:properties>
</cm:folder>
and next config context
<bean id="com.agilent.datastore.notebook.server.systemBootstrap" class="org.alfresco.repo.module.ImporterModuleComponent"
parent="module.baseComponent">
<property name="moduleId" value="${artifactId}" />
<property name="name" value="${name}" />
<property name="description" value="${description}" />
<property name="sinceVersion" value="${noSnapshotVersion}.${buildNumber}" />
<property name="appliesFromVersion" value="${noSnapshotVersion}.${buildNumber}" />
<!-- Uncomment next line if you want to execute bootstrap again -->
<!-- property name="executeOnceOnly" value="false" / -->
<property name="importer" ref="spacesBootstrap" />
<property name="bootstrapViews">
<list>
<props>
<prop key="uuidBinding">UPDATE_EXISTING</prop>
<prop key="path">/${spaces.company_home.childname}</prop>
<prop key="location">alfresco/extension/agilent/sites.acp</prop>
But when I'm bootstrap this folder I got exception Cannot insert duplicate key row in object 'dbo.alf_child_assoc' with unique index 'parent_node_id'.; nested exception is java.sql.SQLException: Cannot insert duplicate key row in object 'dbo.alf_child_assoc' with unique index 'parent_node_id'.
The best way to achieve what you want is to write a patch, that is a java class that extends the alfresco AbstractPatch.java class.
In the applyInternal method you first get hold of the sites-folder preferable with an xpath-search since this uses the nodeService in the background. Solr won't be available during the execution of this code since the patch is ran during bootstrap.
Declare you patch in a spring context file like this:
<bean id="patch.setPermissionsOnSitesFolderPatch" class="org.yourdomain.alfresco.patch.SetPermissionOnSitesFolderPatch" parent="basePatch">
<property name="id">
<value>patch.patch.setPermissionsOnSitesFolderPatch</value>
</property>
<property name="description">
<value>patch.setPermissionsOnSitesFolderPatch.description</value>
</property>
<property name="fixesFromSchema">
<value>0</value>
</property>
<property name="fixesToSchema">
<value>${version.schema}</value>
</property>
<property name="targetSchema">
<value>10000</value>
</property>
<property name="force" value="true" />
<property name="repository" ref="repositoryHelper"/>
</bean>
To complete the answer by #billerby you will also need a Java class to go along with that snippet. The Alfresco docs contain a good example. Using that this is what I came up with for my use-case:
Note I'm using Lombok, but that's just for convenience
public class UpdatePermissionsPatch extends AbstractPatch {
/**
* The Alfresco Service Registry that gives access to all public content services in Alfresco.
*/
#Setter private ServiceRegistry serviceRegistry;
/* Properties */
#Setter private String path;
#Setter private String authority;
#Setter private String permission;
#Setter private boolean allowed;
/** This will clear permissions for the specified authority if set to true */
#Setter private boolean clearPermissions;
private String getSuccessId() {
return getId() + ".result";
}
private String getErrorId() {
return getId() + ".error";
}
#Override
protected String applyInternal() throws Exception {
log.info("Starting execution of patch: {}", I18NUtil.getMessage(getId()));
// Get the store reference for the Repository store that contains live content
StoreRef store = StoreRef.STORE_REF_WORKSPACE_SPACESSTORE;
// Get root node for store
NodeRef rootRef = serviceRegistry.getNodeService().getRootNode(store);
// Do the patch work
setPermissions(getWipNodeRef(rootRef));
log.info("Finished execution of patch: {}", I18NUtil.getMessage(getId()));
return I18NUtil.getMessage(getSuccessId());
}
private void setPermissions(NodeRef nodeRef) {
PermissionService permsService = serviceRegistry.getPermissionService();
if (clearPermissions) {
permsService.clearPermission(nodeRef, authority);
}
permsService.setPermission(nodeRef, authority, permission, allowed);
}
private NodeRef getWipNodeRef(NodeRef rootNodeRef) {
NamespaceService nsService = serviceRegistry.getNamespaceService();
List<NodeRef> refs = searchService.selectNodes(rootNodeRef, path, null, nsService, false);
if (refs.size() != 1) {
throw new AlfrescoRuntimeException(I18NUtil.getMessage(getErrorId(),
String.format("Node could not be found, XPATH query %s returned %i nodes.", path, refs.size())
));
}
return refs.get(0);
}
}
And your bootstrap context xml will need to include something like this:
<bean
id="org.tutorial.folderUpdateWipPermissions"
class="org.tutorial.patch.UpdatePermissionsPatch"
parent="basePatch"
>
<property name="id" value="org.tutorial.bootstrap.patch.folderUpdateWipPermissions" />
<property name="description" value="org.tutorial.bootstrap.patch.folderUpdateWipPermissions.description" />
<property name="fixesFromSchema" value="0" />
<property name="fixesToSchema" value="${version.schema}" />
<property name="targetSchema" value="100003" />
<property name="serviceRegistry">
<ref bean="ServiceRegistry"/>
</property>
<property name="path" value="/${spaces.company_home.childname}/cm:Work_x0020_In_x0020_Progress" />
<property name="authority" value="GROUP_MyGroup" />
<property name="permission" value="Consumer" />
<property name="allowed" value="true" />
<property name="clearPermissions" value="true" />
</bean>
We are using spring security to authenticate users from LDAP in our application. The authentication part is working properly but the authorization part is not working.
We are not able to retrieve the roles of the user from the LDAP.
From the book "Spring Security 3" by Peter Mularien
"This is because Active Directory stores group membership as attributes on
the LDAP entries of users themselves. Out of the box (as of the time of publishing),
Spring Security does not offer an LdapAuthoritiesPopulator that can be
configured to support the structure of a typical Active Directory LDAP tree."
Below is my spring-security configuration file.
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http use-expressions="true" >
<intercept-url pattern="/resources/**" filters="none" />
<intercept-url pattern="/login" access="permitAll"/>
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page="/login"
default-target-url="/home"
always-use-default-target="true"
authentication-failure-url="/login?login_error=1" />
<logout invalidate-session="true"
logout-success-url="/"
logout-url="/logout"/>
</http>
<authentication-manager alias="ldapAuthenticationManager">
<authentication-provider ref="ldapAuthenticationProvider"/>
</authentication-manager>
<beans:bean id="ldapAuthenticationProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg ref="ldapBindAuthenticator"/>
<beans:constructor-arg ref="ldapAuthoritiesPopulator"/>
<beans:property name="userDetailsContextMapper" ref="ldapUserDetailsContextMapper"/>
</beans:bean>
<beans:bean id="ldapServer" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<!-- MS Active Directory -->
<beans:constructor-arg value="ldap://localhost:389/dc=myOrg,dc=net"/>
<beans:property name="userDn" value="admin"/>
<beans:property name="password" value="admin"/>
<beans:property name="baseEnvironmentProperties">
<beans:map>
<beans:entry key="java.naming.referral" value="follow" />
</beans:map>
</beans:property>
</beans:bean>
<beans:bean id="ldapBindAuthenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="ldapServer"/>
<beans:property name="userSearch" ref="ldapSearchBean"/>
</beans:bean>
<beans:bean id="ldapSearchBean" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<!-- MS Active Directory -->
<!-- user-search-base; relative to base of configured context source -->
<beans:constructor-arg value="ou=Software OU"/>
<!-- user-search-filter -->
<beans:constructor-arg value="(sAMAccountName={0})"/>
<beans:constructor-arg ref="ldapServer"/>
</beans:bean>
<beans:bean id="ldapAuthoritiesPopulator" class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="ldapServer" />
<beans:constructor-arg value="" />
<beans:property name="groupSearchFilter" value="(sAMAccountName={0})"/>
<beans:property name="groupRoleAttribute" value="memberOf" />
<beans:property name="rolePrefix" value=""/>
<beans:property name="searchSubtree" value="true"/>
<beans:property name="convertToUpperCase" value="false"/>
<beans:property name="ignorePartialResultException" value="true"/>
</beans:bean>
<beans:bean class="org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper" id="ldapUserDetailsContextMapper"/>
</beans:beans>
Please help.
You might want to take a look here: https://jira.springsource.org/browse/SEC-876. Although this code contribution was declined, with a reasonable answer, it might give you hints.
We use the following config:
Spring XML
<bean id="ldapUserService" class="MyUserDetailService">
<constructor-arg ref="ldapUserSearch"/>
<constructor-arg ref="ldapAuthoritiesPopulator"/>
</bean>
<bean id="ldapUserSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg value="OU=FOO-Accounts,OU=FOO,OU=OU-GLOBAL"/> <!-- user search base, RELATIVE TO SERVER CONTEXT (URL & base of configured LDAP server)! -->
<constructor-arg value="(sAMAccountName={0})"/> <!-- user search filter -->
<constructor-arg ref="ldapServer"/>
</bean>
<bean id="ldapAuthoritiesPopulator" class="MyLdapAuthoritiesPopulator">
<constructor-arg ref="ldapServer" />
<constructor-arg value="=OU=SomeFooBar,OU=FOO-Global-Security,OU=FOO-Groups,OU=FOO,OU=OU-GLOBAL" /> <!-- group search base, RELATIVE TO SERVER CONTEXT (URL & base of configured LDAP server)! -->
<constructor-arg ref="roleMappings"/>
<property name="groupRoleAttribute" value="cn" />
<property name="groupSearchFilter" value="(member={0})" />
</bean>
Populator
There's a lot of proprietary code I cannot share because our customer has extra information in the AD we need to extract. I removed that as its of no concern for the question. Hence, this code won't compile.
public class MyLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator {
/**
* Prefix assigned by Spring Security to each group/role from LDAP.
*/
public static final String AUTHORITY_ROLE_PREFIX = "ROLE_";
private Properties roleMappings;
private Properties invertedRoleMappings;
/**
*
* #param contextSource supplies the contexts used to search for user roles.
* #param groupSearchBase if this is an empty string the search will be performed from the root DN
* of the context factory. If null, no search will be performed.
* #param roleMappings maps logical (internal) role names to names as delivered by LDAP
*/
#SuppressWarnings("deprecation")
public MyLdapAuthoritiesPopulator(final ContextSource contextSource,
final String groupSearchBase,
final Properties roleMappings) {
super(contextSource, groupSearchBase);
setConvertToUpperCase(false);
setRolePrefix("");
this.roleMappings = roleMappings;
this.invertedRoleMappings = invertRoleMappings();
logger.info("Processing LDAP roles based on the following mapping: {}.", roleMappings);
}
.....
#Override
public Set<GrantedAuthority> getGroupMembershipRoles(final String userDn, final String username) {
final Set<GrantedAuthority> effectiveGroupMembershipRoles = super.getGroupMembershipRoles(
userDn, username);
return mapEffectiveRolesToApplicationRoles(effectiveGroupMembershipRoles);
}
/**
* Maps effective LDAP roles such as 'foo_boston_dispatcher' or 'foo_boston_readonly' to
* FOO internal roles. The internal role (i.e. the {#link GrantedAuthority}) is a combination
* of the 'ROLE_' prefix and a {#link Role} enum value. .........
*/
Set<GrantedAuthority> mapEffectiveRolesToApplicationRoles(final Set<GrantedAuthority> effectiveGroupMembershipRoles) {
logger.info("Processing effective roles from LDAP: {}.", effectiveGroupMembershipRoles);
final Set<GrantedAuthority> internalRoles = new HashSet<GrantedAuthority>();
final List<String> effectiveRoleNames = extractRoleNamesFrom(effectiveGroupMembershipRoles);
final List<String> unmappedGroupMembershipRoles = new ArrayList<String>();
......
// in a method invoked here we do something like internalRoles.add(new GrantedAuthority(AUTHORITY_ROLE_PREFIX + role));
......
logger.info("Created internal roles {}.", internalRoles);
logger.trace(
"The following group membership roles were not mapped to an internal equivalent: {}",
unmappedGroupMembershipRoles);
return internalRoles;
}
......
private List<String> extractRoleNamesFrom(final Collection<GrantedAuthority> authorities) {
final List<String> authorityNames = new ArrayList<String>(authorities.size());
for (GrantedAuthority authority : authorities) {
authorityNames.add(authority.getAuthority());
}
return authorityNames;
}
}