问题:
使用Spring Security 3进行LDAP身份验证
邢飞鸿
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
<!-- Security Configuration -->
<s:http>
<s:intercept-url pattern="/page/tosecure/*" access="ROLE_USER" />
<s:http-basic />
</s:http>
<s:ldap-server root="dc=ldap,dc=sub,dc=myorg,dc=org" url="ldap.sub.myorg.org" port="636" />
<s:authentication-manager>
<s:ldap-authentication-provider user-dn-pattern="uid={0},cn=users" />
<s:authentication-provider ref="ldapAuthProvider" />
</s:authentication-manager>
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldaps://ldap.sub.myorg.org:636/dc=ldap,dc=sub,dc=myorg,dc=org" />
</bean>
<bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userDnPatterns">
<list>
<value>uid={0},cn=users</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource" />
<constructor-arg value="cn=groups" />
<property name="groupRoleAttribute" value="cn" />
</bean>
</constructor-arg>
</bean>
</beans>
下面是我得到的错误(堆栈跟踪中列出的最后几个原因)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.securityContextSource': Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.ldap.DefaultSpringSecurityContextSource]: Constructor threw exception; nested exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 5. Encountered: "." (46), after : ""
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:288)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1035)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:939)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:323)
... 106 more
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.ldap.DefaultSpringSecurityContextSource]: Constructor threw exception; nested exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 5. Encountered: "." (46), after : ""
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:162)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:121)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:280)
... 115 more
Caused by: org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 5. Encountered: "." (46), after : ""
at org.springframework.ldap.core.DistinguishedName.parse(DistinguishedName.java:224)
at org.springframework.ldap.core.DistinguishedName.<init>(DistinguishedName.java:174)
at org.springframework.ldap.core.support.AbstractContextSource.setBase(AbstractContextSource.java:207)
at org.springframework.security.ldap.DefaultSpringSecurityContextSource.<init>(DefaultSpringSecurityContextSource.java:67)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:147)
... 117 more
Caused by: org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 5. Encountered: "." (46), after : ""
at org.springframework.ldap.core.DnParserImplTokenManager.getNextToken(DnParserImplTokenManager.java:678)
at org.springframework.ldap.core.DnParserImpl.jj_consume_token(DnParserImpl.java:231)
at org.springframework.ldap.core.DnParserImpl.SpacedEquals(DnParserImpl.java:114)
at org.springframework.ldap.core.DnParserImpl.attributeTypeAndValue(DnParserImpl.java:94)
at org.springframework.ldap.core.DnParserImpl.rdn(DnParserImpl.java:58)
at org.springframework.ldap.core.DnParserImpl.dn(DnParserImpl.java:23)
at org.springframework.ldap.core.DistinguishedName.parse(DistinguishedName.java:218)
它似乎不喜欢contextSource bean的constructor-arg中列出的URL,尽管我不确定原因。
另外,我怀疑这个配置的其他部分是不正确的。例如,我在ldap-server标记和contextSource bean中定义了ldap服务器URL。这似乎是不必要的重复,但在示例中是这样做的。有人能好好看看配置,以确保它是正常的吗?
共有1个答案
罗鸿福
您是否尝试删除ldap-server元素?您应该不需要它,而且还没有用正确的URL配置它(它可能应该以LDAP://或LDAPS/)开头。
您链接到的示例使用嵌入式服务器,并演示了相同的名称空间和bean配置。
group属性的默认值为cn,因此这对您的设置是正确的。Javadoc forDefaultLDAPAuthoritiesPopulator很好地描述了它的工作方式。
类似资料:
-
我正在尝试使用spring security 2.0.3进行LDAP身份验证 下面是我的配置 我应该在哪里提到域名?
-
我正在尝试将Spring身份验证与嵌入式ldap集成。 我在本地ldif文件中有用户信息。 用户1 用户2 Spring网络安全配置文件 配置文件中的userDnPattern我使用了ou=people(uid={0},ou=people),所以我可以对bob进行身份验证。说到乔,他的目录路径是不同的。所以我无法使用joe的用户名和密码登录。 无论目录结构如何,我对所有用户进行身份验证的Sprin
-
我试图建立一个新的服务器,作为网关(使用sping-Cloud-网关作为基础),我需要能够在实际转发任何后续请求之前通过远程LDAP服务器验证用户。我将如何实现这个(包,配置等)?
-
在这里尝试看看是否有人已经用Rundeck对AD进行了LDAP身份验证。我正在使用RunDesk的JRE运行方法。以下是我到目前为止所做的工作: 我已经设置了jaas-ldap.conf,如Rundeck authentication users页面所示 我已向管理员请求ssl证书。要使用ldaps,rundeck需要ssl证书,这是在他们的站点上编写的。获得证书后,他们提到以下两个步骤: 一旦获
-
我一直在尝试使用DEX for LDAP来验证OIDC。我已经成功地进行了身份验证,但问题是,LDAP搜索没有返回组。下面是我的DEX配置和LDAP数据。请帮帮我 截图:登录成功,群为空 我的Dex配置 dn:uid=janedoe,ou=people,dc=ec2-54-185-211-121,dc=us-west-2,dc=compute,dc=amazonaws,dc=com gecos:j
-
我正在尝试用.NET中的LDAP制作一个简单的身份验证系统。我检查了.NET中的一些名称空间,并简单地制作了标准代码片段,如下所示。 我有一个管理员用户名和密码和,用于对客户端应用程序进行身份验证。我有第二个用户名和密码和,需要在LDAP中检查才能登录。 是管理帐户,只是LDAP中的用户。那么如何检查的密码呢?