Spring security configuration to authenticate ldap user
Question
I've been working on Spring web application in our company which authenticates users from database. But we are wanted to use the active directory server in our company for this purpose instead of database. unfortunately, I have a trouble to connect to the server. Here is my spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<beans:bean id="successHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/App/Index" />
</beans:bean>
<beans:bean id="failureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/App/loginError" />
</beans:bean>
<beans:bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/App/Login" />
</beans:bean>
<beans:bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl">
</beans:bean>
<beans:bean id="sas"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
<http auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint">
<intercept-url pattern="/Content/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/Desktop/New_Them/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/App/Index" access="ROLE_USER" />
<intercept-url pattern="/App/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/rest/clc/ClcLogPhon/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="ROLE_USER" />
<custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER" />
<logout logout-success-url="/App/Login" />
<remember-me key="myAppKey" />
<session-management
session-authentication-strategy-ref="sas">
</session-management>
<csrf />
<headers>
<xss-protection />
</headers>
</http>
<global-method-security pre-post-annotations="enabled"
secured-annotations="enabled" proxy-target-class="true" />
<beans:bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/App/Login" />
</beans:bean>
<beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<beans:constructor-arg index="0" value="256" />
</beans:bean>
<ldap-server id="ldapServer"
url="ldap://192.168.1.143/dc=springframework,dc=org" />
<authentication-manager>
<ldap-authentication-provider server-ref="ldapServer"
user-dn-pattern="uid={0},ou=people" />
</authentication-manager>
</beans:beans>
Actually I just removed the database related beans and then added the ldap-server and authentication-manager in order to make our application using the ldap for authentication. I'm using Spring 4.0.1 and Spring security 3.2.1, along with java 1.7. Although the web application starts up, any information which I entered in login page was rejected and I got an Access is denied error in my console in eclipse. Also, I changed the Ldap url to the wrong IP address just for testing if the application failed. But it didn't change at all. So, I doubt that it even trying to connect to the server.
1 answers
solution1
1 ACCPTED 2015-08-23 09:26:45
As I didn't receive any answers here, I search to solve my problem. First of all, I should set the url just like my Active directory setting. For instance, I totally neglected the port address after the IP address which is 389 in default. Moreover, I changed the domain at the end of the url address to my specific active directory domain address. At the end my url address changed to
ldap://192.168.1.143:389/DC=myDomain,DC=org
Secondly, I should use the user name password to connect to the Ldap. so I change my spring-security.xml just like below:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<beans:bean id="successHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/App/Index" />
</beans:bean>
<beans:bean id="failureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/App/loginError" />
</beans:bean>
<beans:bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/App/Login" />
</beans:bean>
<beans:bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl">
</beans:bean>
<beans:bean id="sas"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
<http auto-config="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
<intercept-url pattern="/Content/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/Desktop/New_Them/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/App/Index" access="ROLE_USER" />
<intercept-url pattern="/App/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/rest/clc/ClcLogPhon/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="ROLE_USER" />
<custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER" />
<logout logout-success-url="/App/Login" />
<remember-me key="myAppKey" />
<session-management
session-authentication-strategy-ref="sas">
</session-management>
<csrf />
<headers>
<xss-protection />
</headers>
</http>
<global-method-security pre-post-annotations="enabled"
secured-annotations="enabled" proxy-target-class="true" />
<beans:bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/App/Login" />
</beans:bean>
<beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<beans:constructor-arg index="0" value="256" />
</beans:bean>
<beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg
value="ldap://192.168.1.143:389/DC=myDomain,DC=org" />
<beans:property name="userDn"
value="CN=username,CN=Users,DC=myDomain,DC=org" />
<beans:property name="password" value="password" />
</beans:bean>
<beans:bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource" />
<beans:property name="userDnPatterns">
<beans:list>
<beans:value>uid={0},ou=users</beans:value>
</beans:list>
</beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource" />
<beans:constructor-arg value="ou=groups" />
<beans:property name="groupRoleAttribute" value="ou" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<authentication-manager>
<authentication-provider ref="ldapAuthProvider"/>
</authentication-manager>
</beans:beans>
All in all, I totally recommend to use JXplorer to connect to the Ldap at first .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Spring Security with XML configuration does not authenticate user
How to authenticate a user from LDAP based on mail and by uid with spring Security?
Spring security not authenticate the user
How can I dynamically authenticate a user against the db or ldap with spring security?
Spring Security - Authenticate user with username
How to test LDAP security configuration in spring?
Ldap configuration in Spring Security - own class
Spring security authenticate user to enter admin
how to authenticate user using spring security?
Spring Security authenticate user via post
Related Tags