Details
-
Fix
-
Status: Released (View Workflow)
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Current Situation
We assume an incomplete LDAP configuration with shiro.ini such as:
ldapRealm = com.sos.auth.shiro.SOSLdapAuthorizingRealm
ldapRealm.userDnTemplate = uid={0},dc=example,dc=com
ldapRealm.searchBase = dc=example,dc=com
ldapRealm.contextFactory.url = ldap://ldap.forumsys.com:389
but without any other LDAP configuration such as
#ldapRealm.groupNameAttribute=ou #ldapRealm.userNameAttribute=uid #ldapRealm.userSearchFilter=(cn=%s) # Mapping of a LDAP group to roles. You can assign more than one role with separator sign | #ldapRealm.groupRolesMap = \ #"scientists":"it_operator", \ #"mathematicians":"administrator|application_manager" #rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter #rolePermissionResolver.ini = $iniRealm #ldapRealm.rolePermissionResolver = $rolePermissionResolver #securityManager.realms = $ldapRealm #cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager #securityManager.cacheManager = $cacheManager
Then the login process hangs and the JOC log shows repeatedly lines like this:
2017-08-02 10:23:31,269 INFO tp1174290147-466 o.a.s.r.AuthorizingRealm - No cache or cacheManager properties have been set. Authorization cache cannot be obtained. 2017-08-02 10:23:31,474 ERROR tp1174290147-466 c.s.a.s.SOSLdapAuthorizing - javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] 2017-08-02 10:23:31,475 INFO tp1174290147-466 c.s.j.c.JocCockpitProperties - Resolved path of shiro.ini = C:/ProgramData/sos-berlin.com/joc/jetty_base/resources/joc/shiro.ini
Desired Behavior
Login should respond with a HTTP code 420 with corresponding error message if a shiro.ini configuration is messed up.