Active directory Spring Security 2.0.6使用Active Directory进行身份验证
我已经尝试使用Ldap Active Directory和Spring Security 2.0.6进行反身份验证。但我不知道为什么认证不通过 在这里您可以看到控制台:Active directory Spring Security 2.0.6使用Active Directory进行身份验证,active-directory,forms-authentication,spring-security,Active Directory,Forms Authentication,Spring Security,我已经尝试使用Ldap Active Directory和Spring Security 2.0.6进行反身份验证。但我不知道为什么认证不通过 在这里您可以看到控制台: > INFO [Server] JBoss (MX MicroKernel) > [4.2.3.GA (build: > SVNTag=JBoss_4_2_3_GA > date=200807181439)] Started in > 30s:118ms > > INFO [STD
> INFO [Server] JBoss (MX MicroKernel)
> [4.2.3.GA (build:
> SVNTag=JBoss_4_2_3_GA
> date=200807181439)] Started in
> 30s:118ms
>
> INFO [STDOUT] [WARN] Authentication
> event
> AuthenticationFailureBadCredentialsEvent:
> secretariauno1; details:
> org.springframework.security.ui.WebAuthenticationDetails@255f8:
> RemoteIpAddress: 127.0.0.1; SessionId:
> 1D1DEAD28D4AE44AF67277654889D73E;
> exception: User secretariauno1 not
> found in directory.
>
> INFO [STDOUT] [WARN] Authentication
> event
> AuthenticationFailureBadCredentialsEvent:
> secretariauno; details:
> org.springframework.security.ui.WebAuthenticationDetails@255f8:
> RemoteIpAddress: 127.0.0.1; SessionId:
> 1D1DEAD28D4AE44AF67277654889D73E;
> exception: Bad credentials; nested
> exception is
> org.springframework.ldap.AuthenticationException:
> [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment:
> AcceptSecurityContext error, data 52e,
> v1db0
>
> INFO [STDOUT] [INFO] The
> returnObjFlag of supplied
> SearchControls is not set but a
> ContextMapper is used - setting flag
> to true
>
> INFO [STDOUT] [WARN] Authentication
> event
> AuthenticationFailureServiceExceptionEvent:
> secretariauno; details:
> org.springframework.security.ui.WebAuthenticationDetails@255f8:
> RemoteIpAddress: 127.0.0.1; SessionId:
> 1D1DEAD28D4AE44AF67277654889D73E;
> exception: Unprocessed Continuation
> Reference(s); nested exception is
> javax.naming.PartialResultException:
> Unprocessed Continuation Reference(s);
> remaining name ''; nested exception is
> org.springframework.ldap.PartialResultException:
> Unprocessed Continuation Reference(s);
> nested exception is
> javax.naming.PartialResultException:
> Unprocessed Continuation Reference(s);
> remaining name ''
有三个[WARN]
,第一个不在LDAP中。第二,密码不正确。但是三分之一是好的,它不会通过。它将返回到登录页面。我一直在寻找“returnObjFlag”和“剩下的名字”而没有目标
请,如果有人能帮我…,谢谢
在这里您可以看到applicationContext-security.xml:
也许可以帮助你。这个问题可能是有原因的
这可能是因为需要遵循推荐搜索
也与配置转诊的一种方法有关。也许可以帮助您。这个问题可能是有原因的
这可能是因为需要遵循推荐搜索
也与配置转诊的一种方式有关。已解决
最后,我迁移到了SpringSecurity3.0.4。问题是您必须使用bean定义,因为Active Directory需要Populator bean
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<bean id="loggerListener"
class="org.springframework.security.authentication.event.LoggerListener" />
<security:http>
<security:session-management>
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
</security:session-management>
<security:intercept-url pattern="/css/*" filters="none"/>
<security:intercept-url pattern="/login.jsp" filters="none"/>
<security:intercept-url pattern="/**" access="ROLE_USER_AUTENTICADO" />
<security:form-login
login-processing-url="/j_spring_security_check"
login-page="/login.jsp"
default-target-url="/index.jsp"
always-use-default-target="true"
authentication-failure-url="/login.jsp" />
<security:anonymous/>
<security:http-basic/>
<security:logout/>
</security:http>
<security:authentication-manager>
<security:authentication-provider ref='ldapAuthProvider' />
</security:authentication-manager>
<!--
* The second constructor of the DefaultLdapAuthoritiesPopulator class is the paramerter
what is included in LDAP as memberOf, for example, if it have value="ou=Users" the
users without thios group don't have access.
* It put to the accessed user: ROLE_USUARIO_AUTENTICADO". I use this in the interceptor.
But, for example, if in the LDAP, the user have in memberOf attribute:
"CN=Preadm,OU=Applications,OU=Usuers,DC=preadm,DC=com" the user should have authority for
OU=Users, but it will work if the interceptor have "ROLE_PREADM", "ROLE_" is the default prefix,
"PREADM" is for CN=Preadm in the memberOf.
-->
<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean id="bindAuthenticator"
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userSearch" ref="userSearch"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource"/>
<constructor-arg value="ou=Users"/>
<property name="defaultRole" value="ROLE_USER_AUTENTICADO"/>
<property name="searchSubtree" value="true" />
<property name="ignorePartialResultException" value="true"/>
</bean>
</constructor-arg>
</bean>
<bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="ou=Users"/>
<constructor-arg index="1" value="(sAMAccountName={0})"/>
<constructor-arg index="2" ref="contextSource" />
<property name="searchSubtree" value="true"/>
</bean>
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://bibredc05.preadm.com:389/dc=preadm,dc=com"/>
<property name="userDn" value="cn=desReader,ou=Users,dc=preadm,dc=com"/>
<property name="password" value="pwd123"/>
</bean>
</beans>
已解决
最后,我迁移到了SpringSecurity3.0.4。问题是您必须使用bean定义,因为Active Directory需要Populator bean
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<bean id="loggerListener"
class="org.springframework.security.authentication.event.LoggerListener" />
<security:http>
<security:session-management>
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
</security:session-management>
<security:intercept-url pattern="/css/*" filters="none"/>
<security:intercept-url pattern="/login.jsp" filters="none"/>
<security:intercept-url pattern="/**" access="ROLE_USER_AUTENTICADO" />
<security:form-login
login-processing-url="/j_spring_security_check"
login-page="/login.jsp"
default-target-url="/index.jsp"
always-use-default-target="true"
authentication-failure-url="/login.jsp" />
<security:anonymous/>
<security:http-basic/>
<security:logout/>
</security:http>
<security:authentication-manager>
<security:authentication-provider ref='ldapAuthProvider' />
</security:authentication-manager>
<!--
* The second constructor of the DefaultLdapAuthoritiesPopulator class is the paramerter
what is included in LDAP as memberOf, for example, if it have value="ou=Users" the
users without thios group don't have access.
* It put to the accessed user: ROLE_USUARIO_AUTENTICADO". I use this in the interceptor.
But, for example, if in the LDAP, the user have in memberOf attribute:
"CN=Preadm,OU=Applications,OU=Usuers,DC=preadm,DC=com" the user should have authority for
OU=Users, but it will work if the interceptor have "ROLE_PREADM", "ROLE_" is the default prefix,
"PREADM" is for CN=Preadm in the memberOf.
-->
<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean id="bindAuthenticator"
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userSearch" ref="userSearch"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource"/>
<constructor-arg value="ou=Users"/>
<property name="defaultRole" value="ROLE_USER_AUTENTICADO"/>
<property name="searchSubtree" value="true" />
<property name="ignorePartialResultException" value="true"/>
</bean>
</constructor-arg>
</bean>
<bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="ou=Users"/>
<constructor-arg index="1" value="(sAMAccountName={0})"/>
<constructor-arg index="2" ref="contextSource" />
<property name="searchSubtree" value="true"/>
</bean>
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://bibredc05.preadm.com:389/dc=preadm,dc=com"/>
<property name="userDn" value="cn=desReader,ou=Users,dc=preadm,dc=com"/>
<property name="password" value="pwd123"/>
</bean>
</beans>