[英]LDAP error code 49 AcceptSecurityContext error data 52e v2580 even with the correct credentials
[英]Authentication request failed: Bad credentials [LDAP: error code 49 - data 52e, v1db1]
我正在嘗試使用BindAuthenticator進行身份驗證,但它給了我身份驗證錯誤。
18:14:32,764 org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter DEBUG http-bio-8080-exec-12 authentication.UsernamePasswordAuthenticationFilter:189 - Request is to process authentication
18:14:32,765 org.springframework.security.authentication.ProviderManager DEBUG http-bio-8080-exec-12 authentication.ProviderManager:152 - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
18:14:32,767 org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider DEBUG http-bio-8080-exec-12 authentication.LdapAuthenticationProvider:65 - Processing authentication request for user: admin.manager@XDEV.com
18:14:32,770 org.springframework.security.ldap.authentication.BindAuthenticator DEBUG http-bio-8080-exec-12 authentication.BindAuthenticator:108 - Attempting to bind as uid=admin.manager@XDEV.com,o=X-DEV,dc=Xexternal,dc=com
18:14:32,770 org.springframework.security.ldap.DefaultSpringSecurityContextSource$1 DEBUG http-bio-8080-exec-12 ldap.DefaultSpringSecurityContextSource:76 - Removing pooling flag for user uid=admin.manager@XDEV.com,o=LS360-DEV,dc=Xexternal,dc=com
18:14:33,427 org.springframework.security.ldap.authentication.BindAuthenticator DEBUG http-bio-8080-exec-12 authentication.BindAuthenticator:152 - Failed to bind as uid=admin.manager@XDEV.com: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
XML配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:security="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:global-method-security
secured-annotations="enabled" />
<security:http pattern="/theme/**" security="none" />
<security:http pattern="/javascript/**" security="none" />
<security:http pattern="/favicon.ico" security="none" />
<security:http pattern="/login" security="none" />
<beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://10.0.X.X:389/DC=Xexternal,DC=com" />
<beans:property name="base" value="O=X-DEV,DC=Xexternal,DC=com" />
<beans:property name="userDn" value="CN=X-dev,O=X-DEV,DC=Xexternal,DC=com" />
<beans:property name="password" value="X!" />
</beans:bean>
<beans:bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="" />
<beans:constructor-arg index="1" value="uid={0}" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
<beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
</beans:bean>
<beans:bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userDnPatterns">
<beans:list>
<beans:value>uid={0}</beans:value>
</beans:list>
</beans:property>
<beans:property name="userSearch" ref="userSearch" />
<!-- <beans:property name="passwordEncoder" ref="passwordEncoder" /> -->
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource" />
<beans:constructor-arg value="O=X-DEV" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<!-- LDAP server details -->
<security:authentication-manager>
<security:authentication-provider
ref="ldapAuthProvider">
</security:authentication-provider>
</security:authentication-manager>
<security:http>
<security:form-login login-page="/login"
login-processing-url="/j_spring_security_check" default-target-url="/search"
authentication-failure-url="/login?login_error=true" />
<security:http-basic />
<security:logout logout-url="/login" />
<security:session-management
invalid-session-url="/login" />
<security:intercept-url pattern="/**"
access='ROLE_USER,IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED' />
</security:http>
</beans:beans>
我進行了以下更改以使整個過程正常運行。
<beans:bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="" />
<beans:constructor-arg index="1" value="**(userPrincipalName={0})**" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
再加上我在授權中添加了ROLE_ADMIN。
<security:http>
<security:form-login login-page="/login"
login-processing-url="/j_spring_security_check" default-target-url="/searchcourse"
authentication-failure-url="/login?login_error=true" />
<security:http-basic />
<security:logout logout-url="/login" />
<security:session-management
invalid-session-url="/login" />
<security:intercept-url pattern="/**"
access='**ROLE_ADMIN,** ROLE_USER,IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED' />
</security:http>
我在stackoverflow上的某個地方讀到,必須具有ROLE_ADMIN。
我希望以上對其他人也有幫助。
謝謝,
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.