Page 4 of 4
Re: LDAP not working correctly in 6.2
PostPosted:Mon Jan 28, 2013 10:38 pm
by jllort
Yes is a second security control at jsp files but that not mean could be break down from Servlet. Where're I want to go it that if you replaced "ROLE_ADMIN" to "IS_FULLY_AUTHENTICATED" I suggest you change IS_FULLY_AUTHENTICATED to your actual role name ( that is a best aproximation than allow access to any authenticated user -> then you should get direct permission denied ).
Re: LDAP not working correctly in 6.2
PostPosted:Wed Jan 30, 2013 11:52 am
by Catscratch
If I try to set the regarding role (my ldap admin role) I get an exception:
Code: Select all2013-01-30 12:54:00,055 [pool-2-thread-1] ERROR org.springframework.web.context.ContextLoader - Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#6' while setting bean property 'sourceList' with key [6]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#6': Cannot resolve reference to bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#6' while setting constructor argument with key [7]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#6': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [OpenKMAdmins]
Unsupported configuration attribute. Can't I chose ldap roles here?
Re: LDAP not working correctly in 6.2
PostPosted:Thu Jan 31, 2013 10:18 pm
by jllort
In the same place you got ROLE_ADMIN if you change by your own role you get this error ? sure it's the only change you've done ( revise the xml file with attention to ensure there's no missing character etc... and you really are replacing one role name to other.
Re: LDAP not working correctly in 6.2
PostPosted:Fri Feb 01, 2013 9:00 am
by Catscratch
Yeah. I double checked it.
Re: LDAP not working correctly in 6.2
PostPosted:Fri Feb 01, 2013 10:38 am
by dejanfc
I had the same problem in another app that was using spring security, but I never checked the source files to see if the values are hardcoded somewhere. However, quick google search returned this:
Code: Select all<http use-expressions="true">
<intercept-url pattern="/index.jsp" access="permitAll" />
<intercept-url pattern="/secure/extreme/**" access="hasRole('supervisor')" />
<intercept-url pattern="/secure/**" access="isAuthenticated()" />
<intercept-url pattern="/listAccounts.html" access="isAuthenticated()" />
<intercept-url pattern="/post.html" access="hasAnyRole('supervisor','teller')" />
<intercept-url pattern="/**" access="denyAll" />
<form-login />
</http>
If you feel like experimenting you could try with hasRole. Please report back on results, I'm interested too
.
Re: LDAP not working correctly in 6.2
PostPosted:Fri Feb 01, 2013 12:03 pm
by Catscratch
Nice idea!
But sadly it is not working.
Code: Select allUnsupported configuration attributes: [hasRole('OpenKMAdmins')]
Re: LDAP not working correctly in 6.2
PostPosted:Mon Feb 11, 2013 12:21 pm
by dejanfc
Yeah, it only works with expressions. If I get some more time to play around with this I'll try to find a solution, but for now I'll consider it a minor inconvenience
. As for your /okm:trash problem from previous page - you were right. The problem in my testing was that I used a user that had been previously logged in under ROLE_USER role so he was able to create his trash folder, which made the role change afterwards not cause any issue. However, when I tried this with a freshly created user I got the same error as you. After editing the fields in mysql (OKM_NODE_PERMISSION - NRP_PERMISSION field, for anyone interested) I was able to log in. It would be great if new version of OpenKM could add an option to edit the security on trash node through the interface as well, so we don't have to resort to measures such as this
.
Re: LDAP not working correctly in 6.2
PostPosted:Thu Dec 26, 2013 5:38 pm
by richbcph
Catscratch,
I have the same issues as you did. How did you manually set the permissions? I have been banging my head against the wall and cannot get past the trash problem.
Re: LDAP not working correctly in 6.2
PostPosted:Fri Dec 27, 2013 1:42 pm
by jllort
Re: LDAP not working correctly in 6.2
PostPosted:Sat Dec 28, 2013 7:11 am
by richbcph
never mind we got it solved in another thread. I did not have the groups set as case sensitive.