Spring Security SEC-2691: Consistent Usage of LDAP Host

Filip Hanik (Migrated from SEC-2691) said:

if you don't specify 127.0.0.1, my LDAP server automatically binds to IPv6 only, so ::0, and then the other code attempts to connect to 127.0.0.1

Using new TcpTransport("127.0.0.1", port) causes the following failure on some systems:

Class org.springframework.security.config.annotation.authentication.ldap.LdapAuthenticationProviderConfigurerTests

authentication-manager support multiple default ldap contexts (ports dynamically allocated)

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration: Instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public javax.servlet.Filter org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain() throws java.lang.Exception] threw exception; nested exception is java.lang.RuntimeException: Could not postProcess org.springframework.security.ldap.server.ApacheDSContainer@4d821ed4 of type class org.springframework.security.ldap.server.ApacheDSContainer
    at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:597)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1094)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:989)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:475)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:302)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:298)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:720)
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:757)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:480)
    at org.springframework.context.annotation.AnnotationConfigApplicationContext.<init>(AnnotationConfigApplicationContext.java:84)
    at org.springframework.security.config.annotation.BaseSpringSpec.loadConfig(BaseSpringSpec.groovy:91)
    at org.springframework.security.config.annotation.authentication.ldap.LdapAuthenticationProviderConfigurerTests.authentication-manager support multiple default ldap contexts (ports dynamically allocated)(LdapAuthenticationProviderConfigurerTests.groovy:42)
Caused by: org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public javax.servlet.Filter org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain() throws java.lang.Exception] threw exception; nested exception is java.lang.RuntimeException: Could not postProcess org.springframework.security.ldap.server.ApacheDSContainer@4d821ed4 of type class org.springframework.security.ldap.server.ApacheDSContainer
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:188)
    at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:586)
    ... 14 more
Caused by: java.lang.RuntimeException: Could not postProcess org.springframework.security.ldap.server.ApacheDSContainer@4d821ed4 of type class org.springframework.security.ldap.server.ApacheDSContainer
    at org.springframework.security.config.annotation.configuration.AutowireBeanFactoryObjectPostProcessor.postProcess(AutowireBeanFactoryObjectPostProcessor.java:63)
    at org.springframework.security.config.annotation.SecurityConfigurerAdapter$CompositeObjectPostProcessor.postProcess(SecurityConfigurerAdapter.java:117)
    at org.springframework.security.config.annotation.SecurityConfigurerAdapter.postProcess(SecurityConfigurerAdapter.java:77)
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.access$400(LdapAuthenticationProviderConfigurer.java:56)
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer$ContextSourceBuilder.build(LdapAuthenticationProviderConfigurer.java:503)
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer$ContextSourceBuilder.access$500(LdapAuthenticationProviderConfigurer.java:392)
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.getContextSource(LdapAuthenticationProviderConfigurer.java:548)
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.build(LdapAuthenticationProviderConfigurer.java:72)
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.configure(LdapAuthenticationProviderConfigurer.java:339)
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.configure(LdapAuthenticationProviderConfigurer.java:56)
    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.configure(AbstractConfiguredSecurityBuilder.java:376)
    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:325)
    at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:39)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.authenticationManager(WebSecurityConfigurerAdapter.java:238)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:178)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:283)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:68)
    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:367)
    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:320)
    at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:39)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:92)
    at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
    at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:312)
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:166)
    ... 15 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.ldap.server.ApacheDSContainer@4d821ed4': Invocation of init method failed; nested exception is java.lang.RuntimeException: Server startup failed
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1553)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:398)
    at org.springframework.security.config.annotation.configuration.AutowireBeanFactoryObjectPostProcessor.postProcess(AutowireBeanFactoryObjectPostProcessor.java:60)
    ... 38 more
Caused by: java.lang.RuntimeException: Server startup failed
    at org.springframework.security.ldap.server.ApacheDSContainer.start(ApacheDSContainer.java:182)
    at org.springframework.security.ldap.server.ApacheDSContainer.afterPropertiesSet(ApacheDSContainer.java:132)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1612)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1549)
    ... 40 more
Caused by: org.apache.directory.shared.ldap.exception.LdapConfigurationException: Failed to bind an LDAP service (33389) to the service registry. [Root exception is java.net.BindException: Address already in use]
    at org.apache.directory.server.ldap.LdapServer.startNetwork(LdapServer.java:528)
    at org.apache.directory.server.ldap.LdapServer.start(LdapServer.java:394)
    at org.springframework.security.ldap.server.ApacheDSContainer.start(ApacheDSContainer.java:180)
    ... 43 more
Caused by: java.net.BindException: Address already in use
    at sun.nio.ch.Net.bind(Net.java:444)
    at sun.nio.ch.Net.bind(Net.java:436)
    at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:214)
    at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
    at org.apache.mina.transport.socket.nio.NioSocketAcceptor.open(NioSocketAcceptor.java:251)
    at org.apache.mina.transport.socket.nio.NioSocketAcceptor.open(NioSocketAcceptor.java:48)
    at org.apache.mina.core.polling.AbstractPollingIoAcceptor.registerHandles(AbstractPollingIoAcceptor.java:523)
    at org.apache.mina.core.polling.AbstractPollingIoAcceptor.access$200(AbstractPollingIoAcceptor.java:65)
    at org.apache.mina.core.polling.AbstractPollingIoAcceptor$Acceptor.run(AbstractPollingIoAcceptor.java:407)
    at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

Comment From: manueljordan

I had this situation about Caused by: java.net.BindException: Address already in use, but not sure if for that module based on LDAP

It happens for multiple Gradle executions, for example Testings or Build.

What I did do was:

• gradle --stop

and always check with jps if exists some Gradle/Kotlin/MainWrapper running because I did realise that practically always the IDE - (i.e: STS) creates its own Gradle Daemon and that one only appears with jps.

Therefore exists some Gradle's daemons working for Spring Security, some created by the console and other by the IDE itself. Both in parallel, therefore there the reason about the Caused by: java.net.BindException: Address already in use. Since then I have the IDE open, but any Gradle command is executed in command.

If the Gradle views are opened or if the Gradle refresh is executed for the project through the IDE, it triggers the daemon of the IDE too

Comment From: jgrandja

Thanks for the detailed feedback @manueljordan ! I also logged #9394 last week and this feedback is very helpful.

Comment From: manueljordan

Hi @jgrandja - No problem, perhaps should be considered to do mention here to Marting Lippert?, perhaps should be valuable that the IDE itself through a special view or through BuildShip (I prefer the former) shows the Gradle's Daemons created by the STS itself.

Comment From: jgrandja

@manueljordan Feel free to log a feature request in the STS repo.