使用LDAP安全性对spring 4.0进行身份验证时获取以下身份验证异常:
以下是此问题的完整堆栈跟踪:
org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:191) at
org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355)
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139)
at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:130)
at com.globalpay.bvlogin.security.ldap.service.impl.BvLoginCustomBindAuthenticator.bindWithDn(BvLoginCustomBindAuthenticator.java:95)
at com.globalpay.bvlogin.security.ldap.service.impl.BvLoginCustomBindAuthenticator.bindWithDn(BvLoginCustomBindAuthenticator.java:81)
at com.globalpay.bvlogin.security.ldap.service.impl.BvLoginCustomBindAuthenticator.authenticate(BvLoginCustomBindAuthenticator.java:61)
at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:187)
at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:85)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:124)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:134)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:947)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3136)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:343)
... 45 more
------------------------------------------------------------------------------
以下是spring-sec-config.xml文件中的配置:
<security:http use-expressions="true">
<security:intercept-url pattern="/login" access="isAnonymous()" />
<security:intercept-url pattern="/**" access="permitAll()" />
<security:intercept-url pattern="/welcome" access="isAuthenticated()" />
<security:form-login login-page="/"
authentication-failure-url="/?error" login-processing-url="/performLogin"
username-parameter="username" password-parameter="password" />
<!-- <security:logout logout-success-url="/login" /> -->
<security:session-management
session-fixation-protection="migrateSession" invalid-session-url="/performLogout">
<security:concurrency-control
max-sessions="1" error-if-maximum-exceeded="false" />
</security:session-management>
<security:csrf />
<security:headers>
<security:cache-control />
<security:content-type-options />
<security:xss-protection />
<security:frame-options />
<security:hsts />
</security:headers>
</security:http>
<security:authentication-manager alias="ldapAuthManager">
<security:authentication-provider
ref="ldapAuthProvider" />
</security:authentication-manager>
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg
value="ldaps://company.team.san.com:636/DC=team,DC=san,DC=com" />
<property name="userDn" value="cn=service_crs,OU=ServiceAccounts,OU=Administration,DC=team,DC=san,DC=com" />
<property name="password" value="${ldap.adminUserPassword}" />
</bean>
<bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg ref="bindAuthenticator" />
<constructor-arg>
<bean
class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource" />
<constructor-arg value="ou=ExternalUsers" />
<property name="groupRoleAttribute" value="ou" />
</bean>
</constructor-arg>
</bean>
<bean
class="org.springframework.security.ldap.authentication.BindAuthenticator"
id="bindAuthenticator">
<constructor-arg ref="contextSource" />
<!-- <property name="userSearch" ref="userSearch" /> -->
<property name="userDnPatterns">
<list>
<value>uid={0},OU=ExternalUsers</value>
<!-- <value>uid={0},ou=Administration</value> -->
</list>
</property>
</bean>
<!-- <security:ldap-server ldif="classpath:users.ldif" root="dc=san,dc=org"/> -->
</beans>
任何有助于解决此问题的帮助将不胜感激。 :) 提前谢谢。
答案 0 :(得分:0)
LDAP: error code 49
表示“凭据无效”,有时在输入/帐户被锁定时也会返回此错误代码(出于安全原因)