堆栈内存溢出
  简体   繁体   English

Spring安全性配置来认证ldap用户

[英]Spring security configuration to authenticate ldap user

 原文  2015-08-18 10:40:42       java/ spring/ spring-security/ active-directory/ spring-ldap

问题描述

I've been working on Spring web application in our company which authenticates users from database. 我一直在我们公司的Spring Web应用程序中工作,该应用程序从数据库对用户进行身份验证。 But we are wanted to use the active directory server in our company for this purpose instead of database. 但是我们希望为此使用公司中的活动目录服务器而不是数据库。 unfortunately, I have a trouble to connect to the server. 不幸的是,我无法连接到服务器。 Here is my spring-security.xml 这是我的spring-security.xml 

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:p="http://www.springframework.org/schema/p"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">


    <beans:bean id="successHandler"
        class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
        <beans:property name="defaultTargetUrl" value="/App/Index" />
    </beans:bean>

    <beans:bean id="failureHandler"
        class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
        <beans:property name="defaultFailureUrl" value="/App/loginError" />
    </beans:bean>

    <beans:bean id="loginUrlAuthenticationEntryPoint"
        class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
        <beans:property name="loginFormUrl" value="/App/Login" />
    </beans:bean>

    <beans:bean id="sessionRegistry"
        class="org.springframework.security.core.session.SessionRegistryImpl">
    </beans:bean>

    <beans:bean id="sas"
        class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
        <beans:constructor-arg name="sessionRegistry"
            ref="sessionRegistry" />
        <beans:property name="maximumSessions" value="1" />
    </beans:bean>

    <http auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint">
        <intercept-url pattern="/Content/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/Desktop/New_Them/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/App/Index" access="ROLE_USER" />
        <intercept-url pattern="/App/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/rest/clc/ClcLogPhon/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/**" access="ROLE_USER" />
        <custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER" />
        <logout logout-success-url="/App/Login" />
        <remember-me key="myAppKey" />
        <session-management
            session-authentication-strategy-ref="sas">
        </session-management>
        <csrf />
        <headers>
            <xss-protection />
        </headers>
    </http>
    <global-method-security pre-post-annotations="enabled"
        secured-annotations="enabled" proxy-target-class="true" />

    <beans:bean id="concurrencyFilter"
        class="org.springframework.security.web.session.ConcurrentSessionFilter">
        <beans:property name="sessionRegistry" ref="sessionRegistry" />
        <beans:property name="expiredUrl" value="/App/Login" />
    </beans:bean>

    <beans:bean id="passwordEncoder"
        class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
        <beans:constructor-arg index="0" value="256" />
    </beans:bean>

    <ldap-server id="ldapServer"
        url="ldap://192.168.1.143/dc=springframework,dc=org" />

    <authentication-manager>
        <ldap-authentication-provider server-ref="ldapServer"
            user-dn-pattern="uid={0},ou=people" />
    </authentication-manager>
</beans:beans>

Actually I just removed the database related beans and then added the ldap-server and authentication-manager in order to make our application using the ldap for authentication. 实际上,我只是删除了与数据库相关的bean,然后添加了ldap-server和authentication-manager,以便使我们的应用程序使用ldap进行身份验证。 I'm using Spring 4.0.1 and Spring security 3.2.1, along with java 1.7. 我正在使用Spring 4.0.1和Spring Security 3.2.1,以及Java 1.7。 Although the web application starts up, any information which I entered in login page was rejected and I got an Access is denied error in my console in eclipse. 尽管Web应用程序已启动,但是在eclipse的控制台中,我在登录页面中输入的所有信息均被拒绝,并且我获得了Access is denied Error错误。 Also, I changed the Ldap url to the wrong IP address just for testing if the application failed. 另外,我将Ldap url更改为错误的IP地址,只是为了测试应用程序是否失败。 But it didn't change at all. 但它根本没有改变。 So, I doubt that it even trying to connect to the server. 因此,我怀疑它甚至尝试连接到服务器。

1 个解决方案

解决方案1
 1 已采纳  2015-08-23 09:26:45

As I didn't receive any answers here, I search to solve my problem. 由于这里没有收到任何答案,因此我寻求解决问题。 First of all, I should set the url just like my Active directory setting. 首先,我应该像设置Active Directory一样设置url。 For instance, I totally neglected the port address after the IP address which is 389 in default. 例如,我完全忽略了默认IP地址为389的端口地址。 Moreover, I changed the domain at the end of the url address to my specific active directory domain address. 此外,我将url地址末尾的域更改为我的特定活动目录域地址。 At the end my url address changed to 最后,我的网址更改为 

 ldap://192.168.1.143:389/DC=myDomain,DC=org

Secondly, I should use the user name password to connect to the Ldap. 其次,我应该使用用户名密码连接到Ldap。 so I change my spring-security.xml just like below: 所以我像下面这样更改spring-security.xml: 

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:p="http://www.springframework.org/schema/p"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">


    <beans:bean id="successHandler"
        class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
        <beans:property name="defaultTargetUrl" value="/App/Index" />
    </beans:bean>

    <beans:bean id="failureHandler"
        class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
        <beans:property name="defaultFailureUrl" value="/App/loginError" />
    </beans:bean>

    <beans:bean id="loginUrlAuthenticationEntryPoint"
        class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
        <beans:property name="loginFormUrl" value="/App/Login" />
    </beans:bean>

    <beans:bean id="sessionRegistry"
        class="org.springframework.security.core.session.SessionRegistryImpl">
    </beans:bean>

    <beans:bean id="sas"
        class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
        <beans:constructor-arg name="sessionRegistry"
            ref="sessionRegistry" />
        <beans:property name="maximumSessions" value="1" />
    </beans:bean>

    <http auto-config="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
        <intercept-url pattern="/Content/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/Desktop/New_Them/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/App/Index" access="ROLE_USER" />
        <intercept-url pattern="/App/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/rest/clc/ClcLogPhon/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/**" access="ROLE_USER" />
        <custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER" />
        <logout logout-success-url="/App/Login" />
        <remember-me key="myAppKey" />
        <session-management
            session-authentication-strategy-ref="sas">
        </session-management>
        <csrf />
        <headers>
            <xss-protection />
        </headers>
    </http>
    <global-method-security pre-post-annotations="enabled"
        secured-annotations="enabled" proxy-target-class="true" />

    <beans:bean id="concurrencyFilter"
        class="org.springframework.security.web.session.ConcurrentSessionFilter">
        <beans:property name="sessionRegistry" ref="sessionRegistry" />
        <beans:property name="expiredUrl" value="/App/Login" />
    </beans:bean>

    <beans:bean id="passwordEncoder"
        class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
        <beans:constructor-arg index="0" value="256" />
    </beans:bean>

    <beans:bean id="contextSource"
        class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <beans:constructor-arg
            value="ldap://192.168.1.143:389/DC=myDomain,DC=org" />
        <beans:property name="userDn"
            value="CN=username,CN=Users,DC=myDomain,DC=org" />
        <beans:property name="password" value="password" />
    </beans:bean>

    <beans:bean id="ldapAuthProvider"
        class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
        <beans:constructor-arg>
            <beans:bean
                class="org.springframework.security.ldap.authentication.BindAuthenticator">
                <beans:constructor-arg ref="contextSource" />
                <beans:property name="userDnPatterns">
                    <beans:list>
                        <beans:value>uid={0},ou=users</beans:value>
                    </beans:list>
                </beans:property>
            </beans:bean>
        </beans:constructor-arg>
        <beans:constructor-arg>
            <beans:bean
                class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
                <beans:constructor-arg ref="contextSource" />
                <beans:constructor-arg value="ou=groups" />
                <beans:property name="groupRoleAttribute" value="ou" />
            </beans:bean>
        </beans:constructor-arg>
    </beans:bean>

    <authentication-manager>
        <authentication-provider ref="ldapAuthProvider"/>
    </authentication-manager>

</beans:beans>

All in all, I totally recommend to use JXplorer to connect to the Ldap at first . 总而言之,我完全建议首先使用JXplorer连接到Ldap。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 具有XML配置的Spring Security无法验证用户 - Spring Security with XML configuration does not authenticate user 如何使用spring Security通过基于邮件和uid的LDAP对用户进行身份验证? - How to authenticate a user from LDAP based on mail and by uid with spring Security? Spring Security无法验证用户 - Spring security not authenticate the user 如何使用Spring Security针对db或ldap对用户进行动态身份验证? - How can I dynamically authenticate a user against the db or ldap with spring security? Spring 安全性 - 使用用户名验证用户 - Spring Security - Authenticate user with username 如何在 spring 中测试 LDAP 安全配置? - How to test LDAP security configuration in spring? Spring Security中的Ldap配置-自己的类 - Ldap configuration in Spring Security - own class Spring Security对用户进行身份验证以输入管理员 - Spring security authenticate user to enter admin 如何使用Spring Security验证用户身份? - how to authenticate user using spring security? Spring Security 通过 post 对用户进行身份验证 - Spring Security authenticate user via post
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM