我正在尝试使用BindAuthenticator进行身份验证,但它给了我身份验证错误。
18:14:32,764 org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter DEBUG http-bio-8080-exec-12 authentication.UsernamePasswordAuthenticationFilter:189 - Request is to process authentication
18:14:32,765 org.springframework.security.authentication.ProviderManager DEBUG http-bio-8080-exec-12 authentication.ProviderManager:152 - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
18:14:32,767 org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider DEBUG http-bio-8080-exec-12 authentication.LdapAuthenticationProvider:65 - Processing authentication request for user: admin.manager@XDEV.com
18:14:32,770 org.springframework.security.ldap.authentication.BindAuthenticator DEBUG http-bio-8080-exec-12 authentication.BindAuthenticator:108 - Attempting to bind as uid=admin.manager@XDEV.com,o=X-DEV,dc=Xexternal,dc=com
18:14:32,770 org.springframework.security.ldap.DefaultSpringSecurityContextSource$1 DEBUG http-bio-8080-exec-12 ldap.DefaultSpringSecurityContextSource:76 - Removing pooling flag for user uid=admin.manager@XDEV.com,o=LS360-DEV,dc=Xexternal,dc=com
18:14:33,427 org.springframework.security.ldap.authentication.BindAuthenticator DEBUG http-bio-8080-exec-12 authentication.BindAuthenticator:152 - Failed to bind as uid=admin.manager@XDEV.com: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
XML配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:security="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:global-method-security
secured-annotations="enabled" />
<security:http pattern="/theme/**" security="none" />
<security:http pattern="/javascript/**" security="none" />
<security:http pattern="/favicon.ico" security="none" />
<security:http pattern="/login" security="none" />
<beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://10.0.X.X:389/DC=Xexternal,DC=com" />
<beans:property name="base" value="O=X-DEV,DC=Xexternal,DC=com" />
<beans:property name="userDn" value="CN=X-dev,O=X-DEV,DC=Xexternal,DC=com" />
<beans:property name="password" value="X!" />
</beans:bean>
<beans:bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="" />
<beans:constructor-arg index="1" value="uid={0}" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
<beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
</beans:bean>
<beans:bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userDnPatterns">
<beans:list>
<beans:value>uid={0}</beans:value>
</beans:list>
</beans:property>
<beans:property name="userSearch" ref="userSearch" />
<!-- <beans:property name="passwordEncoder" ref="passwordEncoder" /> -->
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource" />
<beans:constructor-arg value="O=X-DEV" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<!-- LDAP server details -->
<security:authentication-manager>
<security:authentication-provider
ref="ldapAuthProvider">
</security:authentication-provider>
</security:authentication-manager>
<security:http>
<security:form-login login-page="/login"
login-processing-url="/j_spring_security_check" default-target-url="/search"
authentication-failure-url="/login?login_error=true" />
<security:http-basic />
<security:logout logout-url="/login" />
<security:session-management
invalid-session-url="/login" />
<security:intercept-url pattern="/**"
access='ROLE_USER,IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED' />
</security:http>
</beans:beans>
答案 0 :(得分:0)
我做了以下更改,以使整个过程发挥作用。
<beans:bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="" />
<beans:constructor-arg index="1" value="**(userPrincipalName={0})**" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
加上我在授权中添加了ROLE_ADMIN。
<security:http>
<security:form-login login-page="/login"
login-processing-url="/j_spring_security_check" default-target-url="/searchcourse"
authentication-failure-url="/login?login_error=true" />
<security:http-basic />
<security:logout logout-url="/login" />
<security:session-management
invalid-session-url="/login" />
<security:intercept-url pattern="/**"
access='**ROLE_ADMIN,** ROLE_USER,IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED' />
</security:http>
我在stackoverflow上的某处读到了ROLE_ADMIN是必须的。
我希望上面这也有助于其他人。
感谢,