Spring Security 2.0.6使用Active Directory进行身份验证

时间:2010-11-05 09:18:26

标签: active-directory forms-authentication spring-security

我尝试使用Ldap-Active Directory和Spring Security 2.0.6进行de身份验证。但我不知道为什么身份验证没有通过......

在这里你可以看到控制台:

> INFO  [Server] JBoss (MX MicroKernel)
> [4.2.3.GA (build:
> SVNTag=JBoss_4_2_3_GA
> date=200807181439)] Started in
> 30s:118ms
> 
> INFO  [STDOUT] [WARN] Authentication
> event
> AuthenticationFailureBadCredentialsEvent:
> secretariauno1; details:
> org.springframework.security.ui.WebAuthenticationDetails@255f8:
> RemoteIpAddress: 127.0.0.1; SessionId:
> 1D1DEAD28D4AE44AF67277654889D73E;
> exception: User secretariauno1 not
> found in directory.
> 
> INFO  [STDOUT] [WARN] Authentication
> event
> AuthenticationFailureBadCredentialsEvent:
> secretariauno; details:
> org.springframework.security.ui.WebAuthenticationDetails@255f8:
> RemoteIpAddress: 127.0.0.1; SessionId:
> 1D1DEAD28D4AE44AF67277654889D73E;
> exception: Bad credentials; nested
> exception is
> org.springframework.ldap.AuthenticationException:
> [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment:
> AcceptSecurityContext error, data 52e,
> v1db0
> 
> INFO  [STDOUT] [INFO] The
> returnObjFlag of supplied
> SearchControls is not set but a
> ContextMapper is used - setting flag
> to true
> 
> INFO  [STDOUT] [WARN] Authentication
> event
> AuthenticationFailureServiceExceptionEvent:
> secretariauno; details:
> org.springframework.security.ui.WebAuthenticationDetails@255f8:
> RemoteIpAddress: 127.0.0.1; SessionId:
> 1D1DEAD28D4AE44AF67277654889D73E;
> exception: Unprocessed Continuation
> Reference(s); nested exception is
> javax.naming.PartialResultException:
> Unprocessed Continuation Reference(s);
> remaining name ''; nested exception is
> org.springframework.ldap.PartialResultException:
> Unprocessed Continuation Reference(s);
> nested exception is
> javax.naming.PartialResultException:
> Unprocessed Continuation Reference(s);
> remaining name ''

有三个[WARN],第一个secretariauno1不在LDAP中。第二,密码不好。但三分之一,是好的,它没有通过。它返回登录页面。我找了“returnObjFlag”和没有目标的“剩下的名字”......

请,如果有人可以帮助我......,谢谢!

在这里你可以看到applicationContext-security.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                      http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                      http://www.springframework.org/schema/security
                      http://www.springframework.org/schema/security/spring-security-2.0.xsd">

    <bean id="loggerListener"
          class="org.springframework.security.event.authentication.LoggerListener" />

    <security:http>
        <security:intercept-url pattern="/**" access="ROLE_USUARIO_AUTENTICADO" />
        <security:intercept-url pattern="/login.jsp" filters="none"/>
        <security:intercept-url pattern="/css/*" filters="none"/>
        <security:form-login
            login-processing-url="/j_security_check"
            login-page="/login.jsp"
            default-target-url="/index.jsp"
            always-use-default-target="true"
            authentication-failure-url="/login.jsp" />
        <security:anonymous/>
        <security:http-basic/>
        <security:logout/>
    </security:http>

    <security:ldap-server id="ldapServer"
                          url="ldap://bibredc05.preadm.com:389/dc=preadm,dc=com"
                          manager-dn="cn=desLector,ou=Users,dc=preminjus,dc=es"
                          manager-password="pwd123"/>   

    <security:ldap-authentication-provider user-search-filter="(sAMAccountName={0})"
                                           user-search-base="ou=Users"/>



    <security:ldap-user-service server-ref="ldapServer"
                                user-search-filter="sAMAccountName={0}"
                                user-search-base="ou=Users"/>

</beans>

2 个答案:

答案 0 :(得分:1)

解决

好吧,最后我已迁移到Spring Security 3.0.4。问题是您必须使用bean定义,因为Active Directory需要Populator bean。

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
         http://www.springframework.org/schema/security
         http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

 <bean id="loggerListener"
    class="org.springframework.security.authentication.event.LoggerListener" />

 <security:http>
  <security:session-management>
   <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
  </security:session-management>
  <security:intercept-url pattern="/css/*" filters="none"/>
  <security:intercept-url pattern="/login.jsp" filters="none"/>
     <security:intercept-url pattern="/**" access="ROLE_USER_AUTENTICADO" />
     <security:form-login
   login-processing-url="/j_spring_security_check"
   login-page="/login.jsp"
   default-target-url="/index.jsp"
   always-use-default-target="true"
   authentication-failure-url="/login.jsp" />
  <security:anonymous/>
  <security:http-basic/>
  <security:logout/>
 </security:http>

 <security:authentication-manager>
    <security:authentication-provider ref='ldapAuthProvider' />
 </security:authentication-manager>


 <!-- 
 * The second constructor of the DefaultLdapAuthoritiesPopulator class is the paramerter
   what is included in LDAP as memberOf, for example, if it have value="ou=Users" the
   users without thios group don't have access. 

 * It put to the accessed user: ROLE_USUARIO_AUTENTICADO". I use this in the interceptor. 
   But, for example, if in the LDAP, the user have in memberOf attribute:
   "CN=Preadm,OU=Applications,OU=Usuers,DC=preadm,DC=com" the user should have authority for
   OU=Users, but it will work if the interceptor have "ROLE_PREADM", "ROLE_" is the default prefix,
    "PREADM" is for CN=Preadm in the memberOf.
   -->

 <bean id="ldapAuthProvider"
         class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <constructor-arg>
   <bean id="bindAuthenticator" 
      class="org.springframework.security.ldap.authentication.BindAuthenticator">
    <constructor-arg ref="contextSource" />
    <property name="userSearch" ref="userSearch"/>
   </bean>
    </constructor-arg>
    <constructor-arg>
      <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
    <constructor-arg ref="contextSource"/>
    <constructor-arg value="ou=Users"/>
    <property name="defaultRole" value="ROLE_USER_AUTENTICADO"/>
    <property name="searchSubtree" value="true" />
    <property name="ignorePartialResultException" value="true"/>
      </bean>
  </constructor-arg>
 </bean> 

 <bean id="userSearch"
   class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
  <constructor-arg index="0" value="ou=Users"/> 
  <constructor-arg index="1" value="(sAMAccountName={0})"/>
  <constructor-arg index="2" ref="contextSource" />
  <property name="searchSubtree" value="true"/>
 </bean>

 <bean id="contextSource" 
   class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
     <constructor-arg value="ldap://bibredc05.preadm.com:389/dc=preadm,dc=com"/>
     <property name="userDn" value="cn=desReader,ou=Users,dc=preadm,dc=com"/>
     <property name="password" value="pwd123"/>
 </bean>

</beans>

答案 1 :(得分:0)

也许this link可以帮到你。这个问题可能是有原因的。

这可能是因为需要关注推荐搜索。

This link也与配置引荐的一种方式有关。

相关问题
最新问题