Question

我已经成功设置了基于LDAPS容器的身份验证，现在我正在尝试使用Spring安全性，因为我还需要执行查找/查询。

在WAS中，我使用正确的密钥库（WC_DefaulHost除外）拥有所有端点。此外，我还为ldaps，host，port。

设置了动态端点配置

当我尝试登录时，我只是得到“spring_security_login？login_error”而没有system.out异常。

我错过了什么吗？端点配置不够吗？我可以通过任何方式获得更多信息进行故障排除吗？

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <authentication-manager>
        <authentication-provider ref="ldapAuthProvider" />
    </authentication-manager>

    <beans:bean id="contextSource"
        class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <!-- AD authenticator -->       
        <beans:constructor-arg value="ldaps://host:port/DC=" />
        <beans:property name="userDn" value="CN=,OU=,DC=" />
        <beans:property name="password" value="" />
    </beans:bean>

    <beans:bean id="ldapAuthProvider"
        class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
        <beans:constructor-arg>
            <beans:bean id="wimLdapAuthenticator"
                class="org.springframework.security.ldap.authentication.BindAuthenticator">
                <beans:constructor-arg ref="contextSource" />
                <beans:property name="userSearch">
                    <beans:bean id="userSearch"
                        class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">

                        <beans:constructor-arg index="0" value="" />
                        <beans:constructor-arg index="1" value="CN={0}" />
                        <beans:constructor-arg index="2" ref="contextSource" />
                    </beans:bean>
                </beans:property>
            </beans:bean>
        </beans:constructor-arg>
    </beans:bean>

    <http auto-config="true" pattern="/**">
        <!-- Security zones -->
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <intercept-url pattern="/spring_security_login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    </http>

</beans:beans>

Answer 1

它现在正在工作..似乎它不是SSL问题...我切换了拦截网址的顺序，以便/ **是最后一个并添加了自定义登录表单..

<form-login login-page="/login" default-target-url="/viewAllTeams" authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
<form-login default-target-url="/viewAllTeams"/>
<intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/loginfailed" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />

我还发现您可以使用以下内容显示例外情况：

<div class="errorblock">
    Your login attempt was not successful, try again.<br /> Caused :
    ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</div>

在WAS 6.1上使用Spring Security的LDAP SSL

1 个答案: