我使用了xml文件中定义的Spring Security LDAP身份验证,它工作正常:
<security:authentication-manager>
<security:ldap-authentication-provider
user-search-filter="(uid={0})"
user-search-base="dc=company,dc=com">
</security:ldap-authentication-provider>
</security:authentication-manager>
<security:ldap-server url="ldap://mail.company.com" />
我需要在authenticator提供程序中插入一些逻辑(登录数据库来命名),所以我实现了DaoAuthenticationProvider来使用LDAP:
xml配置:
<security:authentication-manager>
<security:authentication-provider ref="appAuthenticationProvider" />
</security:authentication-manager>
类实现:
@Service("appAuthenticationProvider")
public class AppAuthenticationProvider extends DaoAuthenticationProvider {
private LdapAuthenticationProvider ldapProvider;
public AppAuthenticationProvider(){
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource("ldap://mail.company.com");
BindAuthenticator authenticator = new BindAuthenticator(contextSource);
authenticator.setUserSearch(new FilterBasedLdapUserSearch("dc=company,dc=com", "(uid={0})", contextSource));
ldapProvider = new LdapAuthenticationProvider(authenticator);
}
public Authentication authenticate(Authentication authRequest) throws AuthenticationException {
return ldapProvider.authenticate(authRequest);
}
}
它看起来好像你对第一个实现的期望,但authenticate方法抛出异常:
java.lang.NullPointerException
org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125)
org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:792)
org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:196)
org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:116)
org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:90)
org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:178)
org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:61)
myapp.security.AppAuthenticationProvider.authenticate(AppAuthenticationProvider.java:69)
登录第一个案例如下:
[myapp] 2012-05-16 11:38:44,339 INFO org.springframework.security.ldap.DefaultSpringSecurityContextSource - URL 'ldap://mail.company.com', root DN is ''
[myapp] 2012-05-16 11:38:44,364 INFO org.springframework.security.ldap.DefaultSpringSecurityContextSource - URL 'ldap://mail.company.com', root DN is ''
[myapp] 2012-05-16 11:38:44,365 DEBUG org.springframework.ldap.core.support.AbstractContextSource - AuthenticationSource not set - using default implementation
[myapp] 2012-05-16 11:38:44,365 INFO org.springframework.ldap.core.support.AbstractContextSource - Property 'userDn' not set - anonymous context will be used for read-write operations
[myapp] 2012-05-16 11:38:44,365 DEBUG org.springframework.ldap.core.support.AbstractContextSource - Using LDAP pooling.
[myapp] 2012-05-16 11:38:44,365 DEBUG org.springframework.ldap.core.support.AbstractContextSource - Trying provider Urls: ldap://mail.company.com
[myapp] 2012-05-16 11:38:44,369 INFO org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator - groupSearchBase is empty. Searches will be performed from the context source base
[myapp] 2012-05-16 11:39:33,956 DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
[myapp] 2012-05-16 11:39:33,957 DEBUG org.springframework.security.ldap.authentication.LdapAuthenticationProvider - Processing authentication request for user: JohnDoe
[myapp] 2012-05-16 11:39:33,960 DEBUG org.springframework.security.ldap.search.FilterBasedLdapUserSearch - Searching for user 'JohnDoe', with user search [ searchFilter: '(uid={0})', searchBase: 'dc=company,dc=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
[myapp] 2012-05-16 11:39:34,812 DEBUG org.springframework.ldap.core.support.AbstractContextSource - Got Ldap context on server 'ldap://mail.company.com'
[myapp] 2012-05-16 11:39:35,025 DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Searching for entry under DN '', base = 'dc=company,dc=com', filter = '(uid={0})'
[myapp] 2012-05-16 11:39:35,060 DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate - Found DN: cn=JohnDoe,cn=users,dc=company,dc=com
[myapp] 2012-05-16 11:39:35,082 DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Attempting to bind as cn=JohnDoe,cn=users,dc=company,dc=com
在第二种情况下:
[myapp] 2012-05-16 11:34:13,563 INFO org.springframework.security.ldap.DefaultSpringSecurityContextSource - URL 'ldap://mail.company.com', root DN is ''
[myapp] 2012-05-16 11:34:28,363 INFO org.springframework.security.ldap.DefaultSpringSecurityContextSource - URL 'ldap://mail.company.com', root DN is ''
[myapp] 2012-05-16 11:34:37,194 DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using myapp.security.AppAuthenticationProvider
[myapp] 2012-05-16 11:34:37,197 DEBUG org.springframework.security.ldap.authentication.LdapAuthenticationProvider - Processing authentication request for user: JohnDoe
[myapp] 2012-05-16 11:34:37,197 DEBUG org.springframework.security.ldap.search.FilterBasedLdapUserSearch - Searching for user 'JohnDoe', with user search [ searchFilter: '(uid={0})', searchBase: 'dc=company,dc=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
知道吗?
答案 0 :(得分:23)
您尚未完全初始化DefaultSpringSecurityContextSource(因为您是使用“new”手动创建它)。
在创建时添加以下内容,您应该全部设置:
contextSource.afterPropertiesSet();
在这种特殊情况下,这一行是关键:
[myapp] 2012-05-16 11:38:44,365 INFO org.springframework.ldap.core.support.AbstractContextSource - Property 'userDn' not set - anonymous context will be used for read-write operations
当您尝试使用手动创建(但未正确初始化)的上下文源时,它将采用默认行为,即使用非匿名访问只读操作。由于您指定了任何管理员dn /密码,因此它会因NPE而失败。正确初始化实例(通过调用afterPropertiesSet())会将其设置为以只读方式使用匿名访问,因为未指定user / pwd。