我有一个使用Grails 2.2.3的应用程序,它使用插件Spring Security Core 1.2.7.3,Spring Security CAS 1.0.5和Spring Security LDAP 1.0.6。
我将LDAP用于角色,用户存储和用户信息,以及CAS用于单点登录。当我第一次进行身份验证时,我收到BadCredentials异常(表示“无法找到具有该用户名和密码的用户。”),但如果我第二次尝试正确验证。
当我调试该异常时,它实际上是由错误引起的:
org.jasig.cas.client.validation.TicketValidationException:
ticket 'my-ticket' does not match supplied service
有谁知道导致此错误的原因或解决方法?以下是resources.groovy中的设置:
initialDirContextFactory(DefaultSpringSecurityContextSource, "ldap://ldap.company.com:389") {
userDn = "CN=Admin,OU=Users,DC=company,DC=com"
password = "password"
}
ldapUserSearch(FilterBasedLdapUserSearch,
"OU=Users,DC=company,DC=com",
"employeeId={0}",
initialDirContextFactory) { }
ldapUserDetailsMapper(MyLdapUserDetailsContextMapper) { }
ldapAuthoritiesPopulator(DefaultLdapAuthoritiesPopulator,
initialDirContextFactory,
"ou=Groups,OU=Users,DC=company,DC=com") {
groupRoleAttribute = "cn"
groupSearchFilter = "member={0}"
rolePrefix = ""
searchSubtree = true
convertToUpperCase = true
ignorePartialResultException = true
}
userDetailsService(LdapUserDetailsService, ldapUserSearch, ldapAuthoritiesPopulator) {
userDetailsMapper = ref('ldapUserDetailsMapper')
}
我在config.groovy中的设置:
grails.plugins.springsecurity.cas.serverUrlPrefix = 'https://cas.company.com/cas'
grails.plugins.springsecurity.cas.loginUri = "/login"
grails.plugins.springsecurity.cas.serviceUrl = "${grails.serverURL}/j_spring_cas_security_check"
grails.plugins.springsecurity.providerNames = ['casAuthenticationProvider']
grails.plugins.springsecurity.defaultTargetUrl = '/'
grails.plugins.springsecurity.alwaysUseDefault = false