[英]Spring Security + LDAP always returns BadCredentialsException
我一直在嘗試配置Spring Security與LDAP一起使用,但收效甚微。
我有以下配置bean:
@Bean
public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider("go.com.mt", "LDAP://CORPORATE.INTRA");
provider.setConvertSubErrorCodesToExceptions(true);
provider.setUseAuthenticationRequestCredentials(true);
provider.setUserDetailsContextMapper(userDetailsContextMapper());
return provider;
}
@Bean
public UserDetailsContextMapper userDetailsContextMapper() {
UserDetailsContextMapper contextMapper = new AttributesLDAPUserDetailsContextMapper();
return contextMapper;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
}
我嘗試按照堆棧溢出此處許多答案所建議的那樣創建自定義映射器,該設置將每個權限設置為ROLE_USER
public class AttributesLDAPUserDetailsContextMapper implements UserDetailsContextMapper {
@Override
public UserDetails mapUserFromContext(DirContextOperations dirContextOperations, String username, Collection<? extends GrantedAuthority> authority) {
List<GrantedAuthority> mappedAuthorities = new ArrayList<GrantedAuthority>();
for (GrantedAuthority granted : authority) {
if (true) {
mappedAuthorities.add(() -> "ROLE_USER");
} else if(granted.getAuthority().equalsIgnoreCase("MY ADMIN GROUP")) {
mappedAuthorities.add(() -> "ROLE_ADMIN");
}
}
return new User(username, "", mappedAuthorities);
}
@Override
public void mapUserToContext(UserDetails userDetails, DirContextAdapter dirContextAdapter) {
}
}
當我嘗試使用現有用戶和不正確的密碼進行身份驗證時,收到以下消息:
[apr-8080-exec-6] ctiveDirectoryLdapAuthenticationProvider : Active Directory authentication failed: Supplied password was invalid
[apr-8080-exec-6] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Thu Aug 20 07:31:59 CEST 2015, principal=samantha.catania, type=AUTHENTICATION_FAILURE, data={type=org.springframework.security.authentication.BadCredentialsException, message=Bad credentials}]
這意味着活動目錄正在正常工作,但是當我嘗試使用正確的憑據進行身份驗證時,會收到以下消息:
[pr-8080-exec-10] o.s.s.ldap.SpringSecurityLdapTemplate : Ignoring PartialResultException
[pr-8080-exec-10] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Thu Aug 20 07:32:05 CEST 2015, principal=samantha.catania, type=AUTHENTICATION_FAILURE, data={type=org.springframework.security.authentication.BadCredentialsException, message=Bad credentials}]
有任何想法如何解決這個問題嗎?
嘗試將Java環境屬性“ java.naming.referral”設置為“ follow”(在啟動時通過代碼或通過JVM -Djava.naming.referral = follow的參數進行設置)。
是否獲得堆棧跟蹤,或者可以打印BadCredentialsException?
這與我在AD中遇到的問題非常相似,其中的問題在於AD如何處理引用,這會在數據檢索期間產生錯誤。
從您發布的內容來看,我希望在ActiveDirectoryLdapAuthenticationProvider.java第323行中生成異常,這將指向同一問題。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.