search

grails-plugins / grails-spring-security-kerberos

Apache License 2.0
3 stars 4 forks source link

Problem occuring while using multiple Authentication providers #3

Open anthony-o opened 7 years ago

anthony-o commented 7 years ago

I'm using both ldapAuthProvider and kerberosServiceAuthenticationProvider.

All is going well when I try to login using Kerberos authentication mechanism, but when I use the ldap one, then I have this error:

java.lang.ClassCastException: org.springframework.security.authentication.UsernamePasswordAuthenticationToken cannot be cast to org.springframework.security.kerberos.authentication.KerberosServiceRequestToken
        at org.springframework.security.kerberos.web.authentication.ResponseHeaderSettingKerberosAuthenticatioSuccessHandler.onAuthenticationSuccess(ResponseHeaderSettingKerberosAuthenticationSuccessHandler.java:66)
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.successfulAuthentication(AbstractAuthenticationProcessingFilter.java:331)
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.successfulAuthentication(AbstractAuthenticationProcessingFilter.java:298)
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:235)
        at grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:53)

It seems that this plugin replaces the successHandler of RequestHolderAuthenticationFilter with ResponseHeaderSettingKerberosAuthenticationSuccessHandler but does not handle the case when another Provider has logged-in the user:

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
            Authentication authentication) throws IOException, ServletException {
        KerberosServiceRequestToken auth = (KerberosServiceRequestToken) authentication; // this is line 66 where the bug occurs
        if (auth.hasResponseToken()) {
            response.addHeader(headerName, headerPrefix + auth.getEncodedResponseToken());
        }
    }
jasenj1 commented 5 years ago

Did you ever get this resolved? I am facing the same problem. Using Kerberos as primary authentication, LDAP as fall back for systems that don't speak Kerberos. I get the login page, authentication is successful, but then the Kerberos onAuthenticationSuccess() throws an exception because it doesn't like the token. This looks like an issue with the underlying Spring Kerberos library, not the Grails plugin.