I wrote a simple backend software and I wanted to secure it with Spring Security and LDAP. It is obvious that LDAP part of the project works fine. the problem is that when I use the formLogin()
for entring, that doesn't work and when I use postman it shows the result without asking user name and password! I think something in my webSecurityConfig
is wrong. this is my webSecurityConfig
code:
@Configuration public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().authorizeRequests().antMatchers("/**").permitAll().anyRequest().fullyAuthenticated(); } @Override public void configure(AuthenticationManagerBuilder auth) throws Exception { auth.ldapAuthentication().userDnPatterns("uid={0},ou=people").groupSearchBase("ou=people").contextSource().url("ldap://localhost:10389/dc=example,dc=com").and().passwordCompare().passwordEncoder(new LdapShaPasswordEncoder() { }).passwordAttribute("userPassword"); } }
Use @EnableWebSecurity
to enable Spring Security.
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
}
and remove .antMatchers("/**").permitAll()
from your configuration as it matches all the requests. This construct is normally used to specify specific whitelisted endpoints like static documentation that does not require security:
.antMatchers("/docs/**").permitAll()
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.