Happy Holidays everyone.
I'm having a problem that I'm hoping someone can help with.
I've got a web app setup to use the LdapRealm in Glassfish v3 for
authentication. I've configured this on one system to use OpenDS (ldap
protocol) with no issues at all. I'm trying to get it working against
Fedora DS (ldaps protocol) and I keep getting the following exception when I
try to authenticate to the web app:
[#|2009-12-24T09:36:54.092-
0600|SEVERE|glassfishv3.0|javax.enterprise.system.core.security.com.sun.enterprise.security.auth.realm|_ThreadID=31;_ThreadName=Thread-1;|SEC1113:
Exception in LdapRealm when trying to authenticate user.
javax.security.auth.login.LoginException:
javax.naming.CommunicationException: ldap.rice.edu:636 [Root exception is
java.lang.IllegalArgumentException: object is not an instance of declaring
class]
at
com.sun.enterprise.security.auth.realm.ldap.LDAPRealm.findAndBind(LDAPRealm.java:450)
Anyone seen something like this before? Any ideas what I may have done
wrong?
Java 1.6.0_16
GlassFish v3 (build 74.2)
The CA of the certificate returned from our LDAP server is trusted.
From domains.xml (names changed to protect the innocent):
<auth-realm name="testldap"
classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm">
<property description="" name="search-bind-dn"
value="cn=admin,ou=Service Accounts,dc=example,dc=com" />
<property description="" name="search-bind-password"
value="hidden" />
<property description="" name="search-filter"
value="(&(objectClass=inetOrgPerson)(uid=%s))" />
<property description="" name="group-search-filter"
value="(&(objectClass=groupOfUniqueNames)(uniqueMember=%d))" />
<property description="" name="group-target" value="givenName" />
<property description="" name="group-base-dn"
value="ou=Groups,dc=example,dc=com" />
<property name="jaas-context" value="ldapRealm" />
<property name="base-dn" value="dc=example,dc=com" />
<property name="directory" value="ldaps://ldap.example.com/" />
</auth-realm>
From the web.xml:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>testldap</realm-name>
</login-config>
Full Stack Trace:
[#|2009-12-24T10:38:59.016-0600|SEVERE|glassfishv3.0|javax.enterprise.system.core.security.com.sun.enterprise.security.auth.realm|_ThreadID=30;_ThreadName=Thread-1;|SEC1113:
Exception in LdapRealm when trying to authenticate user.
javax.security.auth.login.LoginException:
javax.naming.CommunicationException: ldap.example.com:636 [Root exception is
java.lang.IllegalArgumentException: object is not an instance of declaring
class]
at
com.sun.enterprise.security.auth.realm.ldap.LDAPRealm.findAndBind(LDAPRealm.java:450)
at
com.sun.enterprise.security.auth.login.LDAPLoginModule.authenticate(LDAPLoginModule.java:104)
at
com.sun.enterprise.security.auth.login.PasswordLoginModule.authenticateUser(PasswordLoginModule.java:90)
at
com.sun.appserv.security.AppservPasswordLoginModule.login(AppservPasswordLoginModule.java:141)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at
javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
com.sun.enterprise.security.auth.login.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:341)
at
com.sun.enterprise.security.auth.login.LoginContextDriver.login(LoginContextDriver.java:199)
at
com.sun.enterprise.security.auth.login.LoginContextDriver.login(LoginContextDriver.java:152)
at
com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:478)
at
com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:417)
at
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:169)
at
com.sun.web.security.RealmAdapter.invokeAuthenticateDelegate(RealmAdapter.java:1126)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:580)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:615)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
at
com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
at
org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:332)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:233)
at
com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:165)
at
com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791)
at
com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693)
at
com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954)
at
com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170)
at
com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
at
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
at
com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
at
com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
at
com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
at
com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330)
at
com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.naming.CommunicationException: ldap.example.com:636 [Root
exception is java.lang.IllegalArgumentException: object is not an instance
of declaring class]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:207)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
at
com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:46)
at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:97)
at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:114)
at
com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:310)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1572)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at
javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
at
com.sun.enterprise.security.auth.realm.ldap.LDAPRealm.findAndBind(LDAPRealm.java:422)
... 42 more
Caused by: java.lang.IllegalArgumentException: object is not an instance of
declaring class
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:314)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:184)
... 60 more
|#]