Ldap 访问被禁止 spring 安全
[英]Ldap access forbidden spring security
问题描述
My SecurityConfig:
我的安全配置:
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true, jsr250Enabled = true)
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception
{
// @formatter:off
httpSecurity
.antMatcher("/**").authorizeRequests()
.antMatchers("/boards/**").permitAll()
.anyRequest().authenticated()
.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and().exceptionHandling()
.accessDeniedPage("/accessDenied");
// @formatter:on
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.userSearchBase("ou=people")
.userSearchFilter("uid={0}")
.groupSearchBase("ou=groups")
.groupSearchFilter("uniqueMember={0}")
.contextSource()
.url("ldap://localhost:8389/dc=concretepage,dc=com")
.and()
.passwordCompare()
.passwordEncoder(passwordEncoder())
.passwordAttribute("userPassword");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
My ldap.ldif我的ldap.ldif
dn: dc=concretepage,dc=com
objectclass: top
objectclass: domain
objectclass: extensibleObject
dc: concretepage
dn: ou=groups,dc=concretepage,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups
dn: ou=people,dc=concretepage,dc=com
objectclass: top
objectclass: organizationalUnit
ou: people
dn: uid=krishna,ou=people,dc=concretepage,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Krishna Sharma
sn: Sharma
uid: krishna
userPassword: $2a$10$S8V5m0T40n9hhzLtRZpUYuSF38b88axEKIDyVrXtA8b8LN0CB6CRq
dn: uid=surya,ou=people,dc=concretepage,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Surya Singh
sn: Singh
uid: surya
userPassword: $2a$10$FXjepdY6oNJuUGGFEuyPFOJ/i7BjFcW1hfq8WClVjXbVq7suNu2A2
dn: cn=developers,ou=groups,dc=concretepage,dc=com
objectclass: top
objectclass: groupOfUniqueNames
cn: developers
ou: developer
uniqueMember: uid=krishna,ou=people,dc=concretepage,dc=com
uniqueMember: uid=surya,ou=people,dc=concretepage,dc=com
dn: cn=managers,ou=groups,dc=concretepage,dc=com
objectclass: top
objectclass: groupOfUniqueNames
cn: managers
ou: manager
uniqueMember: uid=krishna,ou=people,dc=concretepage,dc=com
I try to access the /labels/xxxx with postdam by passing username and password but i get an accessDenied:我尝试通过传递用户名和密码来使用 postdam 访问/labels/xxxx ,但我得到一个 accessDenied:
Second variant with BasicAuth BasicAuth的第二个变体
The /board/xyqas is available /board/xyqas可用
1 个解决方案
解决方案1
0 2022-08-03 07:50:06
i miss the .and().httpBasic()我想念.and().httpBasic()
httpSecurity
.antMatcher("/**").authorizeRequests()
.antMatchers("/boards/**").permitAll()
.anyRequest().authenticated()
.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and().exceptionHandling()
.accessDeniedPage("/accessDenied")
.and().httpBasic();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Spring Security和@Secured禁止使用 - Forbidden with Spring Security and @Secured
403 禁止 - Spring 安全 - 403 forbidden - Spring Security
如何使用 Spring Security 自定义 403 Forbidden/Access Denied Page - How to customize the 403 Forbidden/Access Denied Page using Spring Security
使用 Spring Security 进行 LDAP 身份验证 - LDAP authentication with Spring Security
Spring Security和LDAP身份验证 - Spring Security and LDAP authentication
春季安全angularjs禁止403 - spring security angularjs forbidden 403
LDAP身份验证 - Spring Security - LdapAuthenticationProvider - LDAP Authentication - Spring Security - LdapAuthenticationProvider
Spring Security LDAP和Remember Me - Spring Security LDAP and Remember Me
为Ldap连接配置Spring安全性 - Configure Spring security for Ldap connection
Spring Boot Security调用LDAP - Spring Boot Security call to LDAP
相关标签