我将战争部署到远程tomcat9服务器。只能从内部网络访问LDAP服务器。 ApplicationServer和LDAP服务器在同一网络中。
因此,我尝试通过此配置连接到LDAP服务器。
SecurityConfiguration
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public Md5PasswordEncoder md5PasswordEncoder() {
return new Md5PasswordEncoder();
}
@Autowired
public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.contextSource()
.url("ldap://xx.xx.xx.xx:389/dc=xx,dc=xx,dc=xx")
.and()
.passwordCompare().passwordEncoder(md5PasswordEncoder()).passwordAttribute("password");
}
@Bean
public AuthenticationManager getAuthenticationManager() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/css/**").permitAll().anyRequest()
.fullyAuthenticated().and().formLogin().defaultSuccessUrl("/welcome");
}
}
然后,当我尝试连接到服务器时,我已经有了
Error: javax.naming.CommunicationException: [xx.xx.x.xx]:[389] [Root exception is java.net.ConnectException: Connection refused: connect]
另一种方式-该LDAP服务器具有与ssl连接的证书,我已安装并检查其是否在受信任的存储区中。正如guid所说
这意味着,您将信任LDAP服务器上的证书,并在测试环境中正确使用SSL(而不是使用一些自定义代码来关闭部分SSL检查)。 一旦完成(一次),您的代码应无需任何修改即可运行。
将配置配置为ldaps://xx.xx.xx.xx:636 并出现错误
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
Caused by: org.springframework.ldap.CommunicationException: simple bind failed: xx.xx.x.xx:636; nested exception is javax.naming.CommunicationException: simple bind failed: xx.xx.xx.xx:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present]
P.S。通过使用命令从腻子(ssh) openssl s_client -connect xx.xx.xx.xx:636 我有
No client certificate CA names sent
---
SSL handshake has read 1378 bytes and written 663 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-SHA256
Session-ID: D7C55F5D3288CEC64B6B9FADCD7D4C6683311DB75750A9E3F4C2527A1F5C1D72
Session-ID-ctx:
Master-Key: DED896B18F2345CA8EDDAC43E3AB0CA649EAC14460526C3B85F48D9FEDA7C3C110B409AFFD895E87099BA683B2630A6A
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1540467501
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
No client certificate CA names sent
---
SSL handshake has read 1378 bytes and written 663 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-SHA256
Session-ID: D7C55F5D3288CEC64B6B9FADCD7D4C6683311DB75750A9E3F4C2527A1F5C1D72
Session-ID-ctx:
Master-Key: DED896B18F2345CA8EDDAC43E3AB0CA649EAC14460526C3B85F48D9FEDA7C3C110B409AFFD895E87099BA683B2630A6A
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1540467501
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
closed
任何决定我都会感激不尽。