• Problemas autenticacion ldap

  • OpenKM tiene muchas características interesantes, pero es necesario un proceso de configuración para mostrar todo su potencial.
OpenKM tiene muchas características interesantes, pero es necesario un proceso de configuración para mostrar todo su potencial.
Forum rules: Por favor, antes de preguntar algo consulta el wiki de documentación o utiliza la función de búsqueda del foro. Recuerda que no tenemos una bola de cristal ni poderes mentales, o sea que que para informar sobre un error es necesario que nos indiques tanto la versión de OpenKM que usas como la del navegador y sistema operativo. Para más información consulta Cómo informar de fallos de forma efectiva.
 #1848  by giorgio
 
Buenas soy nuevo con la version comunity de OpenKm, y tengo problemas con la autenticación ldap contra Active Directory, he estado viendo los ejemplos de conexiones que hay por aki pero aun asi no me funciona, no se si esque me falta hacer algo mas, pero en principio lo que le he leido pro ahi es solamente cambiar el ficher login-config.xml del jboss no es as? hay que hacer algo mas? os pongo aki mi codigo de conexión, epsero puedan ayudarme. Saludos
Code: Select all
    <application-policy name=\"OpenKM\">
  <authentication>
    <login-module code=\"org.jboss.security.auth.spi.LdapExtLoginModule\" flag=\"required\" > 
      <module-option name=\"java.naming.provider.url\">ldap://servidor.tal.tal.es:389</module-option> 
			<module-option name=\"bindDN\">CN=LDAP_READ,OU=Estandar_USR,OU=SSCC,DC=tal,DC=tal,dc=es</module-option>
      <module-option name=\"java.naming.security.authentication\">simple</module-option>
      <module-option name=\"bindCredential\">PassLDAPREAD</module-option>
      <module-option name=\"baseCtxDN\">OU=Estandar_USR,OU=SSCC,DC=tal,DC=tal,dc=es</module-option>
      <module-option name=\"baseFilter\">(sAMAccountName={0})</module-option>
      <module-option name=\"rolesCtxDN\">OU=Estandar_USR,OU=SSCC,DC=tal,DC=tal,dc=es</module-option>
      <module-option name=\"roleFilter\">(sAMAccountName={0})</module-option>
      <module-option name=\"roleAttributeID\">memberOf</module-option>
      <module-option name=\"roleAttributeIsDN\">true</module-option>
//esto seria la unidad organizativa, el parametro que debe tomar como rol no?
      <module-option name=\"roleNameAttributeID\">ou</module-option>
      <module-option name=\"roleRecursion\">-1</module-option>
      <module-option name=\"searchScope\">SUBTREE_SCOPE</module-option>
      <module-option name=\"defaultRole\">UserRol</module-option>
    </login-module> 
  </authentication>
</application-policy>
 #1850  by jllort
 
No hay que hacer nada mas, para lo que es puramente el proceso de autentificación.

Te faltará despues crear un par de clases para que cuando listas los usuarios y los roles, para estos aparezcan en las listas de usuarios y roles del UI del OpenKM. Pero lo primero es conseguir la conexión que nunca es trivial ( esto de configurar el xml tiene su mistica ).
 #1851  by giorgio
 
Gracias por contestar
un par de clases? de que tipo? que hereden de quien? e incluyendolas donde? porque todo esto no está en la documentación?
y de la conexión al ldap no me puedes poner un ejemplo que esté en funcionamiento que puedas tener por ahi? gracias de antemano.
Saludos.
 #1853  by pavila
 
Si buscas LDAP en el foro verás ejemplos de configuración.
 #5991  by pmalave
 
pavila wrote:Si buscas LDAP en el foro verás ejemplos de configuración.
Perfil de Administración cuando se ingresa con un usuario de Active Directory

Buenos días, ante todo debo decirle que soy nuevo con la version comunity de OpenKm. He leido muy buenos comentarios sobre esta aplicación, ahora bien, lo pude instalar, probar, y he solucionado varios detalles de configuracion, entre ellos la autenticación contra Active Directory.

Mi problema esta en que cuando me logueo con un usuario de Active directory, no se me desplega la pestaña de administración. He leido en el foro todo lo referente a este punto y no he conseguido la solución, tengo entendido que la configuracion del rol de administración se hace en el archivo OpenKM.cfg en conjunto con dos grupos que se deben crear en el Active Directory.

Cree en el Active Directory los dos grupos: UserRole y AdminRole, el usuario que debe ser administrador lo a gregue en los dos grupos y aun asi no puedo silucionar el problema.

Quisiera saber donde tengo el problema. Gracias de antemano.

Este es el archivo OpenKM.cfg.
Code: Select all
# Default configuration values
#
# repository.config=repository.xml
# repository.home=repository
# system.user=system
#principal.adapter=com.openkm.core.UsersRolesPrincipalAdapter
# max.file.size=5
# max.search.results=25
# system.demo=off
# update.info=off

default.user.role=UserRole
default.admin.role=AdminRole
principal.adapter=es.git.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://miservidor.com.ve:389
principal.ldap.security.principal=CN=usuario,ou=Restringidos,ou=Usuarios,ou=CIUDAD,dc=midominio,dc=com,dc=ve
principal.ldap.security.credentials=************
principal.ldap.user.search.base=ou=Usuarios,ou=CIUDAD,dc=midominio,dc=com,dc=ve
principal.ldap.user.search.filter=(objectclass=user)
principal.ldap.user.atribute=cn
principal.ldap.role.search.base=ou=CIUDAD,dc=midominio,dc=com,dc=ve
principal.ldap.role.search.filter=(&(objectclass=group)(memberOf=OU=Grupos,DC=midominio,DC=com,DC=ve))
principal.ldap.role.atribute=cn
principal.ldap.mail.search.base=cn={0},ou=Usuarios,ou=CIUDAD,dc=midominio,dc=com,dc=ve
principal.ldap.mail.search.filter=(objectclass=person)
principal.ldap.mail.atribute=mail

system.login.lowercase=on
restrict.file.mime=off
restrict.file.extension=*~,*.bak,._*
max.file.size=25
system.openoffice=on
system.pdf2swf=/usr/bin/pdf2swf
 #5997  by jllort
 
Lo normal seria unicamente asignarle el AdminRole, seguro que lo has escrito correctamente ?

Fíjate que en el login-config.xml tienes
Code: Select all
<module-option name="defaultRole">UserRol</module-option> 
y esta mal escrito, tendría que ser UserRole, de hecho esta entrada es mejor eliminarla, por que esto le pone al usuario el rol este por defecto, si no tiene
 #40310  by yoshiro05
 
Bunas tardes me podrian ayudar soy nuevo en el desarrollo de openkm eh intentado autenticar usando kerberos siguiendo el ejemplo que existe toda va bien hasta que intento ingresar y me pide una preautorizacion mi imagino es porque en la empresa donde usamos el kerberos lo usamos con un pre comando llamado kinit como puedo hacer para que el openkm me reconozca al usuario y contraseña

mis parametros son:
Code: Select all
principal.adapter 				com.openkm.principal.LdapPrincipalAdapter
principal.database.filter.inactive.users 	true
principal.ldap.referral				follow

principal.ldap.mail.attribute 			mail
principal.ldap.mail.search.base 		cn=users,cn=accounts,dc=ipa,dc=derfe,dc=ine,dc=mx
principal.ldap.mail.search.filter 		(objectClass=Person)
 			
principal.ldap.role.attribute 			cn
principal.ldap.role.search.base 		cn=roles,cn=accounts,dc=ipa,dc=derfe,dc=ine,dc=mx 
principal.ldap.role.search.filter 		(objectClass=groupOfNames)

principal.ldap.roles.by.user.attribute 		memberOf
principal.ldap.roles.by.user.search.base 	cn=users,cn=accounts,dc=ipa,dc=derfe,dc=ine,dc=mx
principal.ldap.roles.by.user.search.filter 	(objectClass=inetUser)

principal.ldap.security.credentials 		prueba123
principal.ldap.security.principal 		uid=antonio.lopez,cn=users,cn=accounts,dc=ipa,dc=derfe,dc=ine,dc=mx
principal.ldap.server 				ldaps://ejemplo.mx:636/

principal.ldap.user.attribute 			uid
principal.ldap.user.search.base 		cn=users,cn=accounts,dc=ipa,dc=derfe,dc=ine,dc=mx 
principal.ldap.user.search.filter 		(objectClass=inetUser)

principal.ldap.username.attribute 		cn
principal.ldap.username.search.base 		cn=users,cn=accounts,dc=ipa,dc=derfe,dc=ine,dc=mx 
principal.ldap.username.search.filter 		(objectClass=inetUser)

principal.ldap.users.by.role.attribute 		member
principal.ldap.users.by.role.search.base 	cn=roles,cn=accounts,dc=ipa,dc=derfe,dc=ine,dc=mx 
principal.ldap.users.by.role.search.filter 	(objectClass=groupOfNames)
mi archivo de 0penKM.xml es
Code: Select all
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:security="http://www.springframework.org/schema/security"
             xmlns:task="http://www.springframework.org/schema/task"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                                 http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                                 http://www.springframework.org/schema/security
                                 http://www.springframework.org/schema/security/spring-security-3.1.xsd
                                 http://www.springframework.org/schema/task
                                 http://www.springframework.org/schema/task/spring-task-3.1.xsd">

  
  <!-- Security configuration -->

<beans:bean id="spnegoEntryPoint" class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" />
 
   <beans:bean id="spnegoAuthenticationProcessingFilter" class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter">
      <beans:property name="authenticationManager" ref="authenticationManager" />
   </beans:bean>
 
   <security:authentication-manager alias="authenticationManager">
      <security:authentication-provider ref="kerberosServiceAuthenticationProvider" /> <!-- Used with SPNEGO -->
      <security:authentication-provider ref="kerberosAuthenticationProvider"/> <!-- Used with form login -->	
   </security:authentication-manager>
 
   <beans:bean id="kerberosAuthenticationProvider" class="org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider">
      <beans:property name="kerberosClient">
         <beans:bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosClient">
            <beans:property name="debug" value="true"/>
         </beans:bean>
      </beans:property>
      <beans:property name="userDetailsService" ref="ldapUserService"/>
   </beans:bean>
 
   <beans:bean id="kerberosServiceAuthenticationProvider" class="org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider">
      <beans:property name="ticketValidator">
         <beans:bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator">
            <beans:property name="servicePrincipal" value="HTTP/sigedocs.ipa.derfe.ine.mx" />
            <!-- Setting keyTabLocation to a classpath resource will most likely not work in a Java EE application Server -->
            <!-- See the Javadoc for more information on that -->
            <beans:property name="keyTabLocation" value="file:/etc/krb5.keytab" />
            <beans:property name="debug" value="true" />
         </beans:bean>
      </beans:property>
      <beans:property name="userDetailsService" ref="ldapUserService" />
   </beans:bean>
 
   <beans:bean class="org.springframework.security.extensions.kerberos.GlobalSunJaasKerberosConfig">
      <beans:property name="debug" value="true" />
      <!-- You can point to a different kerberos config location here, if you don't want the default one -->
<!--       <property name="krbConfLocation" value="/etc/krb5.conf"/> -->
   </beans:bean>
 
  <beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <beans:constructor-arg value="ldaps://m1.ipa.derfe.ine.mx:636"/>
    <beans:property name="userDn" value="uid=antonio.lopez,cn=users,cn=accounts,dc=ipa,dc=derfe,dc=ine,dc=mx"/>
    <beans:property name="password" value="prueba123"/>
    <beans:property name="baseEnvironmentProperties">
      <beans:map>
        <beans:entry>
          <beans:key>
            <beans:value>java.naming.referral</beans:value>
          </beans:key>
          <beans:value>follow</beans:value>
        </beans:entry>
      </beans:map>
    </beans:property>
  </beans:bean>
 
  <beans:bean id="ldapUserService" class="org.springframework.security.ldap.userdetails.LdapUserDetailsService">
    <beans:constructor-arg index="0">
      <beans:bean class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
        <beans:constructor-arg value="cn=users,cn=accounts,dc=ipa,dc=derfe,dc=ine,dc=mx"/>
	<beans:constructor-arg index="1" value="(uid={0})" />
	<beans:constructor-arg index="2" ref="contextSource" />
        <beans:property name="searchSubtree" value="true" />
      </beans:bean>
    </beans:constructor-arg>

    <beans:constructor-arg index="1">
      <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
        <beans:constructor-arg ref="contextSource"/>
        <beans:constructor-arg value="cn=groups,cn=accounts,dc=ipa,dc=derfe,dc=ine,dc=mx"/>
		<beans:property name="groupSearchFilter" value="(objectClass=groupOfNames)"/>
		<beans:property name="groupRoleAttribute" value="ipausers"/>
      		<beans:property name="searchSubtree" value="true" />
       		<beans:property name="convertToUpperCase" value="true" />
       		<beans:property name="rolePrefix" value="" /> 
     </beans:bean>
    </beans:constructor-arg>
  </beans:bean>

</beans:beans>
y mi archivo de applicationContext.xml es
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:security="http://www.springframework.org/schema/security"
             xmlns:context="http://www.springframework.org/schema/context"
             xmlns:task="http://www.springframework.org/schema/task"
             xmlns:jee="http://www.springframework.org/schema/jee"
             xmlns:jaxws="http://cxf.apache.org/jaxws"
             xmlns:jaxrs="http://cxf.apache.org/jaxrs"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                                 http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                                 http://www.springframework.org/schema/security
                                 http://www.springframework.org/schema/security/spring-security-3.1.xsd
                                 http://www.springframework.org/schema/context
                                 http://www.springframework.org/schema/context/spring-context-3.1.xsd
                                 http://www.springframework.org/schema/task
                                 http://www.springframework.org/schema/task/spring-task-3.1.xsd
                                 http://www.springframework.org/schema/jee
                                 http://www.springframework.org/schema/jee/spring-jee-3.1.xsd
                                 http://cxf.apache.org/jaxws
                                 http://cxf.apache.org/schemas/jaxws.xsd"> 
                                 <!-- http://cxf.apache.org/jaxrs
                                 http://cxf.apache.org/schemas/jaxrs.xsd"> -->
    
    <context:component-scan base-package="com.openkm"/>
    
    <!-- <task:annotation-driven/> -->
    <!-- Tasks configuration moved to $CATALINA_HOME/OpenKM.xml -->
    
    <!-- Apache CXF Web Services -->
    <beans:import resource="classpath:META-INF/cxf/cxf.xml" />
    <beans:import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
    
    <!--
    <beans:bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
        <beans:property name="targetClass" value="org.springframework.security.core.context.SecurityContextHolder" />
        <beans:property name="targetMethod" value="setStrategyName" />
        <beans:property name="arguments" value="_INHERITABLETHREADLOCAL" />
    </beans:bean>
    -->
    
    <beans:bean id="WSS4JInInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
        <beans:constructor-arg>
            <beans:map>
                <beans:entry key="action" value="UsernameToken" />
                <beans:entry key="passwordType" value="PasswordText" />
                <beans:entry key="passwordCallbackClass" value="com.openkm.spring.ClientPasswordCallback" />
            </beans:map>
        </beans:constructor-arg>
    </beans:bean>
    
    <!-- SOAP -->
    <jaxws:endpoint id="authService" implementor="com.openkm.ws.endpoint.AuthService" address="/OKMAuth"/>
    <jaxws:endpoint id="bookmarkService" implementor="com.openkm.ws.endpoint.BookmarkService" address="/OKMBookmark"/>
    <jaxws:endpoint id="documentService" implementor="com.openkm.ws.endpoint.DocumentService" address="/OKMDocument"/>
    <jaxws:endpoint id="folderService" implementor="com.openkm.ws.endpoint.FolderService" address="/OKMFolder"/>
    <jaxws:endpoint id="mailService" implementor="com.openkm.ws.endpoint.MailService" address="/OKMMail"/>
    <jaxws:endpoint id="noteService" implementor="com.openkm.ws.endpoint.NoteService" address="/OKMNote"/>
    <jaxws:endpoint id="notificationService" implementor="com.openkm.ws.endpoint.NotificationService" address="/OKMNotification"/>
    <jaxws:endpoint id="propertyGroupService" implementor="com.openkm.ws.endpoint.PropertyGroupService" address="/OKMPropertyGroup"/>
    <jaxws:endpoint id="propertyService" implementor="com.openkm.ws.endpoint.PropertyService" address="/OKMProperty"/>
    <jaxws:endpoint id="repositoryService" implementor="com.openkm.ws.endpoint.RepositoryService" address="/OKMRepository"/>
    <jaxws:endpoint id="searchService" implementor="com.openkm.ws.endpoint.SearchService" address="/OKMSearch"/>
    <jaxws:endpoint id="dashboardService" implementor="com.openkm.ws.endpoint.DashboardService" address="/OKMDashboard"/>
    <jaxws:endpoint id="workflowService" implementor="com.openkm.ws.endpoint.WorkflowService" address="/OKMWorkflow"/>
    <jaxws:endpoint id="testService" implementor="com.openkm.ws.endpoint.TestService" address="/OKMTest">
        <!--
            <jaxws:inInterceptors>
                <beans:ref bean="WSS4JInInterceptor"/>
            </jaxws:inInterceptors>
        -->
    </jaxws:endpoint>
    

    <!-- 
	OpenCMIS -->
    <jaxws:endpoint id="cmisNavigationService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.NavigationService" address="/cmis/NavigationService"/>
    <jaxws:endpoint id="cmisPolicyService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.PolicyService" address="/cmis/PolicyService"/>
    <jaxws:endpoint id="cmisDiscoveryService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.DiscoveryService" address="/cmis/DiscoveryService"/>
    <jaxws:endpoint id="cmisMultiFilingService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.MultiFilingService" address="/cmis/MultiFilingService"/>
    <jaxws:endpoint id="cmisRepositoryService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.RepositoryService" address="/cmis/RepositoryService"/>
    <jaxws:endpoint id="cmisRelationshipService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.RelationshipService" address="/cmis/RelationshipService"/>
    <jaxws:endpoint id="cmisVersioningService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.VersioningService" address="/cmis/VersioningService"/>
    <jaxws:endpoint id="cmisObjectService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.ObjectService" address="/cmis/ObjectService"/>
    <jaxws:endpoint id="cmisAclService" implementor="org.apache.chemistry.opencmis.server.impl.webservices.AclService" address="/cmis/ACLService"/>


   
    <!--
	 REST 
    <jaxrs:server id="restAuth" address="/rest/auth">
        <jaxrs:serviceBeans>
            <beans:bean class="com.openkm.rest.endpoint.AuthService"/>
        </jaxrs:serviceBeans>
    </jaxrs:server>
    <jaxrs:server id="restDocument" address="/rest/document">
        <jaxrs:serviceBeans>
            <beans:bean class="com.openkm.rest.endpoint.DocumentService"/>
        </jaxrs:serviceBeans>
    </jaxrs:server>
    <jaxrs:server id="restFolder" address="/rest/folder">
        <jaxrs:serviceBeans>
            <beans:bean class="com.openkm.rest.endpoint.FolderService"/>
        </jaxrs:serviceBeans>
    </jaxrs:server>
    <jaxrs:server id="restMail" address="/rest/mail">
        <jaxrs:serviceBeans>
            <beans:bean class="com.openkm.rest.endpoint.MailService"/>
        </jaxrs:serviceBeans>
    </jaxrs:server>
    <jaxrs:server id="restNote" address="/rest/note">
        <jaxrs:serviceBeans>
            <beans:bean class="com.openkm.rest.endpoint.NoteService"/>
        </jaxrs:serviceBeans>
    </jaxrs:server>
    <jaxrs:server id="restPropertyGroup" address="/rest/propertyGroup">
        <jaxrs:serviceBeans>
            <beans:bean class="com.openkm.rest.endpoint.PropertyGroupService"/>
        </jaxrs:serviceBeans>
    </jaxrs:server>
    <jaxrs:server id="restSearch" address="/rest/search">
        <jaxrs:serviceBeans>
            <beans:bean class="com.openkm.rest.endpoint.SearchService"/>
        </jaxrs:serviceBeans>
    </jaxrs:server>
    <jaxrs:server id="restRepository" address="/rest/repository">
        <jaxrs:serviceBeans>
            <beans:bean class="com.openkm.rest.endpoint.RepositoryService"/>
        </jaxrs:serviceBeans>
    </jaxrs:server>
    <jaxrs:server id="restProperty" address="/rest/property">
        <jaxrs:serviceBeans>
            <beans:bean class="com.openkm.rest.endpoint.PropertyService"/>
        </jaxrs:serviceBeans>
    </jaxrs:server>
    <jaxrs:server id="restTest" address="/rest/test">
        <jaxrs:serviceBeans>
            <beans:bean class="com.openkm.rest.endpoint.TestService"/>
        </jaxrs:serviceBeans>
    </jaxrs:server>
-->

   
    <security:global-method-security secured-annotations="enabled"/>
    
    <!-- Remove prefix to be able of use custom roles
    <beans:bean class="org.springframework.security.access.vote.RoleVoter">
        <beans:property name="rolePrefix" value="ROLE_"/>
    </beans:bean> -->
    
    <!-- OpenCMIS -->
    <beans:bean id="CmisLifecycleBean" class="com.openkm.cmis.CmisLifecycleBean">
        <beans:property name="cmisServiceFactory" ref="CmisServiceFactory" />
    </beans:bean>
    <beans:bean id="CmisServiceFactory" class="com.openkm.cmis.CmisServiceFactory" />
    

	<!-- Web Services using Basic authentication -->
    <security:http pattern="/services/**" create-session="stateless">
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:http-basic />
    </security:http>

    <!-- Status -->
    <security:http pattern="/Status" create-session="stateless">
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <security:http-basic />
    </security:http>
    
    <!-- Download -->
    <security:http pattern="/Download" create-session="stateless">
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <security:http-basic />
    </security:http>
    
    <!-- Workflow deploy -->
    <security:http pattern="/workflow-register" create-session="stateless">
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <security:http-basic />
    </security:http>
    
    <!-- WebDAV using Basic authentication -->
    <security:http pattern="/webdav/**" create-session="stateless">
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <security:http-basic />
    </security:http>
    
    <!-- Syndication using Basic authentication -->
    <security:http pattern="/feed/**" create-session="stateless">
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <security:http-basic />
    </security:http>
    
    <!-- OpenCMIS (Browser) using Basic authentication
    <security:http pattern="/cmis/browser/**" create-session="stateless">
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <security:http-basic />
    </security:http> -->
    
    <!-- OpenCMIS (AtomPub) using Basic authentication
    <security:http pattern="/cmis/atom/**" create-session="stateless">
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <security:http-basic />
    </security:http> -->
    
    <!-- OpenCMIS (AtomPub) using Basic authentication
    <security:http pattern="/cmis/atom11/**" create-session="stateless">
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <security:http-basic />
    </security:http> -->
    
    <!-- REST
    <security:http pattern="/services/rest/**" create-session="stateless">
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <security:http-basic />
    </security:http> -->
    
    <!-- Additional filter chain for normal users, matching all other requests -->
    <!-- http://info.michael-simons.eu/2011/01/28/disable-jsessionid-path-parameter-in-java-web-applications/ -->
    <!-- <security:http access-denied-page="/unauthorized.jsp"> -->

  <security:http entry-point-ref="spnegoEntryPoint">
        <!-- GWT -->
        <security:intercept-url pattern="/frontend/**" access="IS_AUTHENTICATED_FULLY" />
        
        <!-- JSPs -->
        <security:intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/admin/**" access="ROLE_OTHER_ADMIN" />
        <!-- <security:intercept-url pattern="/mobile/**" access="IS_AUTHENTICATED_FULLY" /> -->
        
        <!-- Servlets -->
        <security:intercept-url pattern="/RepositoryStartup" access="IS_AUTHENTICATED_FULLY" />
	<!--  <security:intercept-url pattern="/TextToSpeech" access="IS_AUTHENTICATED_FULLY" />
        <security:intercept-url pattern="/HtmlPreview" access="IS_AUTHENTICATED_FULLY" />
        <security:intercept-url pattern="/SyntaxHighlighter" access="IS_AUTHENTICATED_FULLY" /> -->
        <security:intercept-url pattern="/Test" access="IS_AUTHENTICATED_FULLY" />
        
        <!-- Extensions -->
        <!--   <security:intercept-url pattern="/extension/ZohoFileUpload" access="IS_AUTHENTICATED_ANONYMOUSLY" /> -->
        <security:intercept-url pattern="/extension/**" access="IS_AUTHENTICATED_FULLY" />
        
        <!-- Login page -->

	<security:custom-filter ref="spnegoAuthenticationProcessingFilter" position="BASIC_AUTH_FILTER" />        
	<security:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?error=1"/>
  </security:http>
    

    <!-- Security access logger -->
    <!--    <beans:bean id="loggerListener" class="com.openkm.spring.LoggerListener" /> -->
    
    <!-- <jee:jndi-lookup id="dataSource" jndi-name="jdbc/OpenKMDS" resource-ref="true" /> -->
    
    <!-- Security configuration moved to $CATALINA_HOME/OpenKM.xml -->
    <!-- WINFIX
    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider>
            <security:password-encoder hash="md5"/>
            <security:jdbc-user-service 
                data-source-ref="dataSource"
                users-by-username-query="select usr_id, usr_password, 1 from OKM_USER where usr_id=? and usr_active='T'"
                authorities-by-username-query="select ur_user, ur_role from OKM_USER_ROLE where ur_user=?"/>
        </security:authentication-provider>
    </security:authentication-manager>
    WINFIX -->

<!-- ############################################################################################################### -->

</beans:beans>
El error que me manda es
Code: Select all
2015-08-07 14:42:31,915 [http-bio-172.19.84.132-8090-exec-5] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter- Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@44245b2a

2015-08-07 14:42:31,915 [http-bio-172.19.84.132-8090-exec-5]DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository- SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.

2015-08-07 14:42:31,927 [http-bio-172.19.84.132-8090-exec-5] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter- Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90572420: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@255f8: RemoteIpAddress: 172.19.1.148; SessionId: 5E9C8175F80B3080375C16F71C6DE6B2; Granted Authorities: ROLE_ANONYMOUS'

2015-08-07 14:42:31,929 [http-bio-172.19.84.132-8090-exec-5] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor- Secure object: FilterInvocation: URL: /login.jsp?error=1; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]

2015-08-07 14:42:31,930 [http-bio-172.19.84.132-8090-exec-5] DEBUG org.springframework.security.access.vote.AffirmativeBased- Voter: org.springframework.security.access.vote.RoleVoter@28ab7479, returned: 0

2015-08-07 14:42:31,930 [http-bio-172.19.84.132-8090-exec-5] DEBUG org.springframework.security.access.vote.AffirmativeBased- Voter: org.springframework.security.access.vote.AuthenticatedVoter@106bc8cb, returned: 1

2015-08-07 14:42:31,931 [http-bio-172.19.84.132-8090-exec-5] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor- Authorization successful

2015-08-07 14:42:31,931 [http-bio-172.19.84.132-8090-exec-5] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor- RunAsManager did not change Authentication object
 #40320  by jllort
 
Mejor que abras otro ticket y no lo mezclemos con el tema anterior. En cualquier caso si estamos hablando de la autentificación la unica parte interesante es el OpenKM.xml te sugiero que te bajes la ultima version de openkm de integration.openkm.com porque hay ciertas correcciones que probablemente precisas. Para migrar de la version 6.3.0 a la nightly build sigue los pasos descritos aquí http://wiki.openkm.com/index.php/Migrat ... 3_to_6.3.1

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.