问题描述
我设法使Spring项目可以与Security和LDAP一起使用,但只能与LDIF文件一起使用。现在,我正在尝试通过使用LDAP服务器对其进行配置来使其正常工作,但我只能做到这一点-通过使用正确的凭据登录,我的网站上没有出现任何错误,但除此之外我什么也做不到。
我一直在搜索这些错误,但是找不到类似/有用的东西。也许一直在使用Spring LDAP的人知道如何正确配置项目以与LDAP服务器一起使用?
这是控制台抛出的内容:
2020-10-31 18:32:25.298 DEBUG 21100 --- [nio-8080-exec-4] w.a.UsernamePasswordAuthenticationFilter : Request is to process authentication
2020-10-31 18:32:25.298 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2020-10-31 18:32:25.298 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.l.a.LdapAuthenticationProvider : Processing authentication request for user: MY_USERNAME
2020-10-31 18:32:25.302 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.l.a.BindAuthenticator : Attempting to bind as cn=MY_USERNAME,ou=MY_GROUP,dc=FOO,dc=FOO2
2020-10-31 18:32:25.302 DEBUG 21100 --- [nio-8080-exec-4] s.s.l.DefaultSpringSecurityContextSource : Removing pooling flag for user cn=MY_USERNAME,dc=FOO2
2020-10-31 18:32:25.384 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.l.a.BindAuthenticator : Retrieving attributes...
2020-10-31 18:32:25.408 DEBUG 21100 --- [nio-8080-exec-4] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Getting authorities for user cn=MY_USERNAME,dc=FOO2
2020-10-31 18:32:25.408 DEBUG 21100 --- [nio-8080-exec-4] .s.s.l.u.DefaultLdapAuthoritiesPopulator : Searching for roles for user 'MY_USERNAME',DN = 'cn=MY_USERNAME,dc=FOO2',with filter (uniqueMember={0}) in search base ''
2020-10-31 18:32:25.409 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.ldap.SpringSecurityLdapTemplate : Using filter: (uniqueMember=cn=MY_USERNAME,dc=FOO2)
2020-10-31 18:32:25.490 DEBUG 21100 --- [nio-8080-exec-4] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@18100b72
2020-10-31 18:32:25.490 DEBUG 21100 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2020-10-31 18:32:25.490 DEBUG 21100 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder Now cleared,as request processing completed
2020-10-31 18:32:25.494 ERROR 21100 --- [nio-8080-exec-4] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 00002020: Operation unavailable without authentication]; remaining name ''
这是我的application.properties:
spring.ldap.embedded.base-dn=dc=FOO,dc=FOO2
spring.ldap.embedded.port=8389
spring.ldap.urls=ldap://xx.x.x.xx:389/dc=FOO,dc=FOO2
spring.ldap.embedded.validation.enabled=false
spring.ldap.base=ou=MY_GROUP,dc=FOO2
以及扩展WebSecurityConfigurerAdapter的cofig类:
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth
.ldapAuthentication()
.userDnPatterns("cn={0},ou=MY_GROUP")
.contextSource()
.url("ldap://xx.x.x.xx:389/dc=FOO,dc=FOO2");
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin().permitAll()
.and()
.logout().permitAll();
}
解决方法
遇到了同样的问题 - 您的 LDAP 服务器需要绑定身份验证。 添加以下解决了它:
.managerDn("manager").managerPassword("密码")
WebSecurityConfigurerAdapter(粗体):
认证 .ldapAuthentication() .userDnPatterns("uid={0},ou=users,DC=company,DC=com") .groupSearchBase("ou=groups") .contextSource() .url("ldap://X.X.X.X:389/DC=company,DC=com") .managerDn("manager").managerPassword("password") 。和() .passwordCompare() .passwordEncoder(new BCryptPasswordEncoder()) .passwordAttribute("userPassword");