[英]LDAP with Spring
我想在我的應用程序中使用LDAP以便進行身份驗證
我在之前的配置中使用了數據庫進行身份驗證
這是我以前的配置:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/test/**" access="hasRole('ADMIN')" />
<intercept-url pattern="/test1/**" access="hasRole('USER')" />
<form-login login-page="/index.htm" authentication-success-handler-ref="authenticationSuccessRedirecthandler"
default-target-url = "/test/MainHealthCertificat.htm"
authentication-failure-url="/index.htm?error=1"/>
<logout logout-success-url="/index.htm" />
</http>
<beans:bean class="com..CustomAuthenticationHandler" id="authenticationSuccessRedirecthandler"></beans:bean>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username, password, enabled from users where username=?"
authorities-by-username-query="select u.username, ur.authority from users u, user_roles ur where u.user_id = ur.user_id and u.username =? "
/>
</authentication-provider>
</authentication-manager>
</beans:beans>
這是我的java類:
public class CustomAuthenticationHandler extends SimpleUrlAuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
String adminTargetUrl = "/test/mypage.htm";
Set<String> roles = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
if (roles.contains("ADMIN")) {
getRedirectStrategy().sendRedirect(request, response, adminTargetUrl);
}else {
super.onAuthenticationSuccess(request, response, authentication);
return;
}
}
}
否,我想使用ldap進行身份驗證
我修改了security-app-context.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/test/**" access="hasRole('ADMIN')" />
<intercept-url pattern="/test1/**" access="hasRole('USER')" />
<form-login login-page="/index.htm" authentication-success-handler-ref="authenticationSuccessRedirecthandler"
default-target-url = "/test/MainHealthCertificat.htm"
authentication-failure-url="/index.htm?error=1"/>
<logout logout-success-url="/index.htm" />
</http>
<beans:bean class="com..CustomAuthenticationHandler" id="authenticationSuccessRedirecthandler"></beans:bean>
<security:authentication-manager>
<security:ldap-authentication-provider
user-search-filter="(uid={0})"
user-search-base="ou=users"
group-search-filter="(uniqueMember={0})"
group-search-base="ou=groups"
group-role-attribute="cn"
role-prefix="ROLE_">
</security:ldap-authentication-provider>
</security:authentication-manager>
<security:ldap-server url="ldap://192.168.0.88:389" manager-dn="uid=admin,ou=system" manager-password="secret" />
</beans:beans>
但是當我測試我有這個錯誤:
Caused by: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0
老實說,我在ldap參數設置中迷路了:ou dc,cn,
我需要幫助來配置security-app-context.xml中ldap的參數
這是ldap的正確參數,應在security-app-context.xml中使用
基本提供商URL
ldap://192.168.0.88:389
基本DN
DC = MINISTER,DC = FR
主要
CN = LDAP請求者,OU =用戶,OU =技術帳戶,OU = P9帳戶,DC = MINISTER,DC = FR
證書
部長$ 9999
用戶數
身份驗證搜索過濾器
(&(objectClass = person)(郵件= @電子郵件地址@))
導入搜索過濾器
(objectClass = person)
用戶映射
屏幕名稱
sAMAccountName
密碼
用戶密碼
電子郵件地址
郵件
全名
cn
名字
給定的名稱
中間名字
中間名字
姓
錫
組
成員
團體
導入搜索過濾器
(&(objectClass = group)(|(cn = MinisterUsers)(cn = MinisterAdministrateurs)(cn = Minister_ *)))
組映射
組名
cn
描述
sAMAccountName
用戶
會員
出口
用戶DN DC = MINISTER,DC = FR
組DN DC = MINISTER,DC = FR
錯誤代碼數據52e表示提供了無效的憑據。
請嘗試在下面刪除這些屬性manager-dn =“ uid = admin,ou = system” manager-password =“ secret” 。
<security:ldap-server url="ldap://192.168.0.88:389" manager-dn="uid=admin,ou=system" manager-password="secret" />
再試一次。 這些是LDAP管理憑據,用戶身份驗證不需要這些憑據。 用戶認證使用您在登錄期間提供的值完成,默認情況下,spring嘗試使用提供的詳細信息綁定到LDAP。
也可以嘗試通過在security-app-context.xml中包含<debug />標記來啟用調試,並添加log4j.properties。 這將提供大量有用的調試信息。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.