我尝试使用基本授权登录我的应用程序时遇到401未经授权-错误的凭据错误。我认为这是ldap配置的问题。我已经尝试过不同的配置,但是似乎没有人可以使用。我该如何解决?
SecurityConfiguration.java
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final CurrentUserService userService;
private final LdapAuthoritiesPopulator ldapAuthoritiesPopulator;
private final LdapUserDetailsMapper ldapUserDetailsMapper;
private final String ldapUrl;
private final String managerDn;
private final String managerPassword;
private final String ldapUserBase;
private final String ldapUserSearchFilter;
private final Boolean ldapAuthenticationEnabled;
public SecurityConfiguration(
CurrentUserService userService,
LdapAuthoritiesPopulator ldapAuthoritiesPopulator,
LdapUserDetailsMapper ldapUserDetailsMapper,
@Value("${ldap.url}") String ldapUrl,
@Value("${ldap.manager.dn}") String managerDn,
@Value("${ldap.manager.password}") String managerPassword,
@Value("${ldap.user-base}") String ldapUserBase,
@Value("${ldap.user-search-filter}") String ldapUserSearchFilter,
@Value("#{new Boolean(${ldap.authentication.enabled})}") Boolean ldapAuthenticationEnabled
) {
this.userService = userService;
this.ldapAuthoritiesPopulator = ldapAuthoritiesPopulator;
this.ldapUserDetailsMapper = ldapUserDetailsMapper;
this.ldapUrl = ldapUrl;
this.managerDn = managerDn;
this.managerPassword = managerPassword;
this.ldapUserBase = ldapUserBase;
this.ldapUserSearchFilter = ldapUserSearchFilter;
this.ldapAuthenticationEnabled = ldapAuthenticationEnabled;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
if (ldapAuthenticationEnabled) {
auth
.ldapAuthentication()
.contextSource()
.url(ldapUrl)
.managerDn(managerDn)
.managerPassword(managerPassword)
//.root("dc=company,dc=com")
.and()
.userSearchBase(ldapUserBase)
.userSearchFilter(ldapUserSearchFilter)
//.groupSearchBase("ou=Groups")
//.groupSearchFilter("member={0}")
.userDnPatterns("uid={0},ou=Users")
.ldapAuthoritiesPopulator(ldapAuthoritiesPopulator)
.userDetailsContextMapper(ldapUserDetailsMapper)
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword")
;
} else {
auth.userDetailsService(userService).passwordEncoder(new Md5PasswordEncoder());
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic();
http
.authorizeRequests()
.antMatchers("/",
"/app/**",
"/me",
"/api/user/roles",
"/api/user/namesWithRoles",
"/api/foo/types",
"/api/foo/daytimes",
"/api/foo/withCyclic",
"/api/holiday",
"/api/me",
"/foo/api/me"
)
.permitAll()
.antMatchers("/api/**").authenticated() ;
http
.logout().deleteCookies("JSESSIONID", "user", "authenticated")
.logoutRequestMatcher(new AntPathRequestMatcher("/api/logout")).permitAll()
.logoutSuccessUrl("/");
http
.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
}
这些值存储在wildfly服务器上的配置文件中
ldap.url=ldap://company.com:port/dc=company,dc=com
ldap.manager.dn=cn=Directory Manager
ldap.manager.password=foo
ldap.user-base=ou=Users,dc=company,dc=com
ldap.user-search-filter=uid={0},ou=Users
ldap.authentication.enabled=true