Spring LDAP失败

时间:2017-03-30 19:40:20

标签: tomcat spring-security spring-ldap

我有一个成功使用LDAP的AngularJS - Spring应用程序。我将其设置复制到Spring-GWT应用程序,但它们都失败了。

错误的关键部分似乎是:

org.springframework.security.authentication.InternalAuthenticationServiceException:无效的属性说明;嵌套异常是javax.naming.directory.InvalidSearchFilterException:无效的属性描述;剩余名称'ou =用户,ou = MCR,dc = mfad,dc = mfroot,dc = org'

application.security.xml:

<?xml version = "1.0" encoding = "UTF-8"?>
<beans:beans xmlns = "http://www.springframework.org/schema/security"
             xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"
             xmlns:beans = "http://www.springframework.org/schema/beans" 
             xmlns:util = "http://www.springframework.org/schema/util"
             xsi:schemaLocation = "http://www.springframework.org/schema/beans 
                                 http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
                                 http://www.springframework.org/schema/util
                                 http://www.springframework.org/schema/util/spring-util-4.3.xsd
                                 http://www.springframework.org/schema/security 
                                 http://www.springframework.org/schema/security/spring-security-4.2.xsd">

    <!-- HTTP security configurations -->
    <http auto-config = 'true' use-expressions = "false" >
        <intercept-url pattern = "/j_spring_security_check" access = "IS_AUTHENTICATED_ANONYMOUSLY"/> 
        <intercept-url pattern = "/login" access = "IS_AUTHENTICATED_ANONYMOUSLY"/> 
        <intercept-url pattern = "/Login.html" access = "IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern = "/img/favicon.ico" access = "IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern = "/**" access = "IS_AUTHENTICATED_FULLY" />
        <logout logout-success-url = "/Login.html" />
        <form-login login-page = "/Login.html" default-target-url = "/index.gwt.html" always-use-default-target = "true" 
                    login-processing-url = "/j_spring_security_check" username-parameter = "username" password-parameter = "password" />

        <session-management invalid-session-url = "/Login.html"
                            session-authentication-error-url = "/Login.html"
                            session-fixation-protection = "newSession">
            <concurrency-control max-sessions = "1" error-if-maximum-exceeded = "false" />
        </session-management>
    </http>

    <ldap-server {Our settings} />

    <authentication-manager alias = "authenticationManager">
        <ldap-authentication-provider
            group-search-filter = "cn = {0}"
            group-search-base = "OU = Groups,OU = MCR,DC = mfad,DC = mfroot,DC = org"
            user-search-base = "OU = Users,OU = MCR,DC = mfad,DC = mfroot,DC = org"
            user-search-filter = "cn = {0}"
            user-details-class = "inetOrgPerson">
        </ldap-authentication-provider>
    </authentication-manager>

</beans:beans>
catalina.out中的

错误:

ERROR [http-nio-8080-exec-6] (AbstractAuthenticationProcessingFilter.java:218) - An internal error occurred while trying to authenticate the user.
org.springframework.security.authentication.InternalAuthenticationServiceException: invalid attribute description; nested exception is javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'ou=Users,ou=MCR,dc=mfad,dc=mfroot,dc=org'
    at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:191)
    at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:80)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
    at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:92)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:617)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1521)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1478)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.ldap.InvalidSearchFilterException: invalid attribute description; nested exception is javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'ou=Users,ou=MCR,dc=mfad,dc=mfroot,dc=org'
    at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:143)
    at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:820)
    at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:803)
    at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:194)
    at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:116)
    at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:90)
    at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:178)
    ... 37 more
Caused by: javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'ou=Users,ou=MCR,dc=mfad,dc=mfroot,dc=org'
    at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:437)
    at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:171)
    at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
    at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:548)
    at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
    at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:297)
    at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntryInternal(SpringSecurityLdapTemplate.java:208)
    at org.springframework.security.ldap.SpringSecurityLdapTemplate$3.executeWithContext(SpringSecurityLdapTemplate.java:196)
    at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:817)
    ... 42 more

0 个答案:

没有答案
相关问题
最新问题