远程LDAP + Spring Security->错误的凭证错误

时间:2018-11-27 10:53:50

标签: java spring-boot spring-security ldap wildfly

我尝试使用基本授权登录我的应用程序时遇到401未经授权-错误的凭据错误。我认为这是ldap配置的问题。我已经尝试过不同的配置,但是似乎没有人可以使用。我该如何解决?

SecurityConfiguration.java

@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    private final CurrentUserService userService;
    private final LdapAuthoritiesPopulator ldapAuthoritiesPopulator;
    private final LdapUserDetailsMapper ldapUserDetailsMapper;
    private final String ldapUrl;
    private final String managerDn;
    private final String managerPassword;
    private final String ldapUserBase;
    private final String ldapUserSearchFilter;
    private final Boolean ldapAuthenticationEnabled;

    public SecurityConfiguration(
            CurrentUserService userService,
            LdapAuthoritiesPopulator ldapAuthoritiesPopulator,
            LdapUserDetailsMapper ldapUserDetailsMapper,
            @Value("${ldap.url}") String ldapUrl,
            @Value("${ldap.manager.dn}") String managerDn,
            @Value("${ldap.manager.password}") String managerPassword,
            @Value("${ldap.user-base}") String ldapUserBase,
            @Value("${ldap.user-search-filter}") String ldapUserSearchFilter,
            @Value("#{new Boolean(${ldap.authentication.enabled})}") Boolean ldapAuthenticationEnabled
    ) {
        this.userService = userService;
        this.ldapAuthoritiesPopulator = ldapAuthoritiesPopulator;
        this.ldapUserDetailsMapper = ldapUserDetailsMapper;
        this.ldapUrl = ldapUrl;
        this.managerDn = managerDn;
        this.managerPassword = managerPassword;
        this.ldapUserBase = ldapUserBase;
        this.ldapUserSearchFilter = ldapUserSearchFilter;
        this.ldapAuthenticationEnabled = ldapAuthenticationEnabled;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        if (ldapAuthenticationEnabled) {
            auth
                    .ldapAuthentication()
                        .contextSource()
                        .url(ldapUrl)
                        .managerDn(managerDn)
                        .managerPassword(managerPassword)
                        //.root("dc=company,dc=com")
                    .and()
                        .userSearchBase(ldapUserBase)
                        .userSearchFilter(ldapUserSearchFilter)
                        //.groupSearchBase("ou=Groups")
                        //.groupSearchFilter("member={0}")
                    .userDnPatterns("uid={0},ou=Users")
                    .ldapAuthoritiesPopulator(ldapAuthoritiesPopulator)
                        .userDetailsContextMapper(ldapUserDetailsMapper)
                        .passwordCompare()
                            .passwordEncoder(new LdapShaPasswordEncoder())
                            .passwordAttribute("userPassword")
            ;
        } else {
            auth.userDetailsService(userService).passwordEncoder(new Md5PasswordEncoder());
        }
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .httpBasic();

        http
                .authorizeRequests()

                .antMatchers("/",
                        "/app/**",
                        "/me",
                        "/api/user/roles",
                        "/api/user/namesWithRoles",
                        "/api/foo/types",
                        "/api/foo/daytimes",
                        "/api/foo/withCyclic",
                        "/api/holiday",
                        "/api/me",
                        "/foo/api/me"
                )
                .permitAll()
                .antMatchers("/api/**").authenticated()   ;

        http
                .logout().deleteCookies("JSESSIONID", "user", "authenticated")
                .logoutRequestMatcher(new AntPathRequestMatcher("/api/logout")).permitAll()
                .logoutSuccessUrl("/");

        http
                .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
    }
}

这些值存储在wildfly服务器上的配置文件中

ldap.url=ldap://company.com:port/dc=company,dc=com
ldap.manager.dn=cn=Directory Manager
ldap.manager.password=foo
ldap.user-base=ou=Users,dc=company,dc=com
ldap.user-search-filter=uid={0},ou=Users
ldap.authentication.enabled=true

0 个答案:

没有答案