所以我遇到了从LDAP到Spring的所有适当权限的问题。我能够得到一些当局,但不是所有当局。
我的LDAP结构如下所示:
我正在使用:Spring 4,Spring Security 4,Spring LDAP 2
我的application-context-security.xml包含:
<ldap-server url="${ldap.server.url}" />
<beans:bean id="gridInetOrgUserMapper" class="com.package.of.company.commons.GridInetOrgPersonContextMapper" />
<beans:bean id="localSecurityHandler" class="com.package.of.stuff.service.impl.SecurityHandler">
<beans:constructor-arg ref="userService" />
</beans:bean>
<authentication-manager id="authenticationManagerCas">
<authentication-provider ref="casAuthenticationProvider" />
</authentication-manager>
<beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<beans:property name="userDetailsService" ref="ldapUserService"/>
<beans:property name="serviceProperties" ref="serviceProperties" />
<beans:property name="ticketValidator">
<beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<beans:constructor-arg index="0" value="${security.cas.app.url}" />
</beans:bean>
</beans:property>
<beans:property name="key" value="knowledge"/>
</beans:bean>
<ldap-user-service
id="ldapUserService"
user-search-base="ou=People"
user-search-filter="(uid={0})"
group-search-base="ou=Groups"
group-role-attribute="cn"
group-search-filter="(objectClass=*)"
role-prefix="none"
user-context-mapper-ref="gridInetOrgUserMapper"/>
<beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<beans:property name="service" value="${security.cas.postback.service.name}"/>
<beans:property name="sendRenew" value="false"/>
</beans:bean>
<beans:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManagerCas"/>
<beans:property name="authenticationSuccessHandler" ref="localSecurityHandler">
</beans:property>
</beans:bean>
<beans:bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<beans:property name="loginUrl" value="${security.cas.login.url}"/>
<beans:property name="serviceProperties" ref="serviceProperties"/>
</beans:bean>
我能够退出LAUNCHERADMIN和LAUNCHERUSER,但不是任何知识权威人士。在过去的3天里,我一直坚持这一点。任何帮助将不胜感激。