如何配置 spring 使用外部 LDAP 服务器
[英]How to configure spring to use External LDAP Server
问题描述
I am learning about Spring Security to LDAP server, right now i am trying to make spring authenticate to ldap server.
我正在了解 Spring 安全到 LDAP 服务器,现在我正在尝试让 spring 验证到 ldap 服务器。 However, spring always uses the embedded server ldap://127.0.0.1:33389/dc=springframework,dc=org instead of my ldap://localhost:389/dc=localdomain,dc=local .但是,spring 始终使用嵌入式服务器ldap://127.0.0.1:33389/dc=springframework,dc=org而不是我的ldap://localhost:389/dc=localdomain,dc=local 。 I'm trying to configure it using application.properties See below my spring configuration.我正在尝试使用application.properties对其进行配置,请参阅下面我的 spring 配置。
WebSecurityConfig.java WebSecurityConfig.java
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private static final Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
logger.info("Loading Global Auth Configuration");
auth
.ldapAuthentication();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
logger.info("Configuring HTTP Security.");
// Configure Web Security
http
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/auth/**").permitAll()
.anyRequest().authenticated();
// disable page caching
http.headers().cacheControl();
}
@Override
public void configure(WebSecurity web) throws Exception {
logger.info("Configuring Web Security HTTP Security.");
// AuthenticationTokenFilter will ignore the below paths
web
.ignoring()
.antMatchers(
HttpMethod.POST,
"/auth"
);
}
}
application.properties应用程序.properties
#Ldap Info
spring.ldap.urls=ldap://localhost:389
spring.ldap.anonymous-read-only=true
spring.ldap.username=ldapadm
spring.ldap.password=root123
spring.ldap.base=ou=People,dc=localdomain,dc=local
Tried using above application.properties , still does not work.尝试使用上面的application.properties ,仍然不起作用。
application.properties应用程序.properties
#Ldap Info
ldap.urls=ldap://localhost:389
ldap.base.dn=dc=localdomain,dc=local
ldap.username=cn=ldapadm,dc=localdomain,dc=local
ldap.password=root123
ldap.user.dn.pattern =uid={0}
I also tried above properties, still does not work.我也试过上面的属性,还是不行。
2018-09-04 00:05:31.515 INFO 9948 --- [ main] s.s.l.DefaultSpringSecurityContextSource : URL 'ldap://127.0.0.1:33389/dc=springframework,dc=org', root DN is 'dc=springframework,dc=org'
2018-09-04 00:05:31.516 INFO 9948 --- [ main] o.s.l.c.support.AbstractContextSource : Property 'userDn' not set - anonymous context will be used for read-write operations
2018-09-04 00:05:31.523 WARN 9948 --- [ main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.RuntimeException: Could not postProcess org.springframework.security.ldap.authentication.BindAuthenticator@3bc735b3 of type class org.springframework.security.ldap.authentication.BindAuthenticator
2018-09-04 00:05:31.526 INFO 9948 --- [ main] o.apache.catalina.core.StandardService : Stopping service [Tomcat]
for both settings in application.properties , i always get this on my server log对于application.properties中的两个设置,我总是在我的服务器日志中得到这个
Can anyone make sense of these?任何人都可以理解这些吗? i am trying to make it read the application.properties but it always uses the embedded ldap in spring我试图让它读取application.properties但它始终使用 spring 中的嵌入式 ldap
2 个解决方案
解决方案1
2 2018-09-04 06:35:22
You can follow a similar approach as in LDAP Authentication with Spring Boot您可以采用与 Spring Boot LDAP 身份验证类似的方法
In application.properties.在 application.properties 中。
ldap.urls=ldap://localhost:389/dc=localdomain,dc=local
In your WebSecurityConfig在您的 WebSecurityConfig 中
@Value("${ldap.urls:ldap://127.0.0.1:33389/dc=springframework,dc=org}")
private String ldapUrls;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource()
.url(ldapUrls)
.and()
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("adminpassword");
}
Please note that actual parameters(userDnPatterns etc...) that may be changed according to your LDAP config, i just pointed out how you can configure your LDAP config to connect to an external LDAP请注意,实际参数(userDnPatterns 等...)可能会根据您的 LDAP 配置进行更改,我只是指出了如何配置 LDAP 配置以连接到外部 LDAP
解决方案2
0 2022-04-25 03:38:38
For me this is works对我来说这是可行的
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userSearchFilter("sAMAccountName={0}")
.userDnPatterns("ou=people")
.contextSource()
.url("ldap://127.0.0.1:33389/dc=springframework,dc=org")
.managerDn("ldapadm")
.managerPassword("root123");
}
change "sAMAccountName={0}" to "uid={0}" or whatever your configuration将“sAMAccountName={0}”更改为“uid={0}”或任何您的配置
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.