Spring Security LDAP身份验证不适用于Java 8

时间:2016-08-12 13:29:44

标签: spring spring-security spring-security-ldap

我正在尝试使用Spring Security提供的LDAP身份验证。一切都很好。部署应用程序时出现以下错误。

Caused by: java.lang.RuntimeException: Could not postProcess org.springframework.security.ldap.server.ApacheDSContainer@54a76efa of type class org.springframework.security.ldap.server.ApacheDSContainer
    at org.springframework.security.config.annotation.configuration.AutowireBeanFactoryObjectPostProcessor.postProcess(AutowireBeanFactoryObjectPostProcessor.java:70)
    at org.springframework.security.config.annotation.SecurityConfigurerAdapter$CompositeObjectPostProcessor.postProcess(SecurityConfigurerAdapter.java:123)
    at org.springframework.security.config.annotation.SecurityConfigurerAdapter.postProcess(SecurityConfigurerAdapter.java:82)
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.access$400(LdapAuthenticationProviderConfigurer.java:58)
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer$ContextSourceBuilder.build(LdapAuthenticationProviderConfigurer.java:555)
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer$ContextSourceBuilder.access$500(LdapAuthenticationProviderConfigurer.java:446)
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.getContextSource(LdapAuthenticationProviderConfigurer.java:606)
    at org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.build(LdapAuthenticationProviderConfigurer.java:76)

Spring Core版本是4.3.2。 Spring Security LDAP版本为4.1.1。

我的谷歌研究列出了一篇2013年的帖子,该帖子说这个问题是由于Spring Security LDAP和Java 8之间的不兼容性。同一篇文章说它已经修复了一些Spring Boot版本。它没有讨论任何针对非Spring引导库的修复。

有没有人尝试使用Java 8进行Spring Security LDAP身份验证?请帮忙。

1 个答案:

答案 0 :(得分:1)

这是我使用Java 8和Spring Security LDAP的工作配置。我们将Spring Web应用程序连接到Active Directory实例以通过URL保护访问。

如果我没记错的话,花费的时间比我想象的还要长。

您需要更改" Base"对于LDAP上下文路径,请注意ldap.user是完整的LDAP CN,而不仅仅是用户名。您可以使用和JXplorer(http://jxplorer.org/)之类的LDAP浏览器来正确设置LDAP设置。

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityConfig.class);

    @Value("ldap://${ldap.host}:${ldap.port:389}")
    private String url;

    @Value("${ldap.user}")
    private String user;

    @Value("${ldap.password}")
    private String password;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        LOGGER.info("Configuring security...");
        http.authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/index.html").permitAll()
                .anyRequest().fullyAuthenticated()
                .and()
                .httpBasic();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.ldapAuthentication()
            .userSearchFilter("(&(objectClass=user)(sAMAccountName={0}))")
            .contextSource(ldapContextSource());
    }

    @Bean
    public BaseLdapPathContextSource ldapContextSource() {
        LOGGER.info("LDAP: {}", url);
        LdapContextSource bean = new LdapContextSource();
        bean.setUrl(url);
        bean.setBase("DC=CORP,DC=MyCompany,DC=com");
        bean.setUserDn(user);
        bean.setPassword(password);
        bean.setPooled(true);
        bean.setReferral("follow");
        return bean;
    }
}

这假设您在配置文件中具有类似于此

的LDAP设置 
ldap.host=ldap.mycompany.com
ldap.user=CN=MyUser,OU=Service Accounts,OU=New-York,DC=CORP,DC=MyCompany,DC=com
# Encrypt using Jasypt or something
ldap.password=B1gS3cr3t
相关问题
最新问题