在认证失败时通过Shiro LDAP领域循环

时间:2014-03-24 19:51:41

标签: ldap jndi shiro

我收到一个奇怪的错误。如果我将有效的用户/密码传递给我的Shiro LDAP,一切正常,但如果组合无效则抛出异常并继续循环遍历Shiro领域代码。在调试器中它只保留在Shiro代码中,除了我的一个覆盖方法:

  public class MyJndiLdapRealm extends JndiLdapRealm {


public MyJndiLdapRealm () {
    super();
}

@Override
protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token,
        LdapContextFactory ldapContextFactory)
throws NamingException {

Object principal = token.getPrincipal();
Object credentials = token.getCredentials();

principal = getLdapPrincipal(token);

LdapContext ctx = null;
try {
     ctx = ldapContextFactory.getLdapContext(principal, credentials);

     //context was opened successfully, which means their credentials were valid.  Return the AuthenticationInfo:
     return createAuthenticationInfo(token, principal, credentials, ctx);
} finally {
    LdapUtils.closeContext(ctx);
}

 }



          <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager"/>
    <property name="loginUrl" value="/ldapLogin"/>
    <property name="unauthorizedUrl" value="/ldapLogin"/>
    <property name="successUrl" value="/ldapLogin"/>      
    <property name="filterChainDefinitions">
        <value>
            [urls]
            /** = ssl[8443],authc, customAuthFilter
            [main]
            /logout = logout
        </value>
    </property>   
</bean>

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
     <property name="realms">
        <list>
             <ref bean="authenticateLdapRealm"/>
             <ref bean="authenticateDbRolesRealm"/>
             <ref bean="DbAuthorizingRealm"/>
        </list>
    </property>
    <property name="authenticator.authenticationStrategy">
        <bean class="org.apache.shiro.authc.pam.AllSuccessfulStrategy"/>
    </property>
</bean>

<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

<bean id="authenticateLdapRealm" class="security.MyJndiLdapRealm">
    <property name="contextFactory" ref="contextFactory" />
    <property name="userDnTemplate" value="cn={0},ou=REMOTE,o=OFF" /> 
</bean>

<bean id="contextFactory" class="org.apache.shiro.realm.ldap.JndiLdapContextFactory">
  <property name="url" value="ldap://172.25.3.91:389"/>
</bean>

<bean id="authenticateDbRolesRealm" class="security.DbRolesRealm">
</bean>

<bean id="SwiDbAuthorizingRealm" class="security.DbAuthorizingRealm">
</bean>

<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
    <property name="securityManager" ref="securityManager"/>
</bean>

1 个答案:

答案 0 :(得分:0)

不知何故,我的自定义过滤器就是问题所在。去了PassThruAuthenticationFilter,问题解决了。

相关问题
最新问题