Spring Boot中的Spring安全设置。默认情况下,LDAP身份验证提供程序配置为使用BindAuthenticator类。
此类包含方法
/**
* Allows subclasses to inspect the exception thrown by an attempt to bind with a
* particular DN. The default implementation just reports the failure to the debug
* logger.
*/
protected void handleBindException(String userDn, String username, Throwable cause) {
if (logger.isDebugEnabled()) {
logger.debug("Failed to bind as " + userDn + ": " + cause);
}
}
此方法用于处理与身份验证相关的异常,例如无效凭据。
我想覆盖此方法,以便我可以处理此问题并根据LDAP返回的错误代码返回正确的错误消息。如无效密码或帐户被锁定。
当前的LDAP实现始终返回" Bad Credentials"这没有给出正确的图片,说明为什么我的凭据无效。我想报道案件
请帮忙
答案 0 :(得分:1)
我通过定义LDAP上下文而不是使用Spring Boot LDAPAuthenticationProviderConfigurer修复了这个问题。
然后创建了FilterBasedLdapUserSearch并使用我的ConnectBindAuthenticator覆盖了BindAuthentication。
我为spring boot配置创建了一个单独的LDAPConfiguration类,并将所有这些自定义对象注册为Beans。
从上面的对象我通过将自定义对象传递给构造函数
来创建LDAPAuthenticationProvider配置如下
public class myClass{
public final static String myProp = getMyrPop();
public static String getMyProp() {
return "someData";
}
}
答案 1 :(得分:0)
您必须更改弹簧安全配置以添加BindAuthenticator的扩展名:
<强> CustomBindAuthenticator.java 强>
public class CustomBindAuthenticator extends BindAuthenticator {
public CustomBindAuthenticator(BaseLdapPathContextSource contextSource) {
super(contextSource);
}
@Override
protected void handleBindException(String userDn, String username, Throwable cause) {
// TODO: Include here the logic of your custom BindAuthenticator
if (somethingHappens()) {
throw new MyCustomException("Custom error message");
}
super.handleBindException(userDn, username, cause);
}
}
<强>弹簧security.xml文件强>
<beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="LDAP_URL" />
<beans:property name="userDn" value="USER_DN" />
<beans:property name="password" value="PASSWORD" />
</beans:bean>
<beans:bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="USER_SEARCH_BASE" />
<beans:constructor-arg index="1" value="USER_SEARCH_FILTER" />
<beans:constructor-arg index="2" ref="contextSource" />
</beans:bean>
<beans:bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="com.your.project.CustomBindAuthenticator">
<beans:constructor-arg ref="contextSource" />
<beans:property name="userSearch" ref="userSearch" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>
希望它有用。