Fatal编程技术网
  • authentication/
  • 谢谢你。我也和你一样。我在自己的代码中创建了一个Springbean来替换我所需要的。。我不确定是否有更好的方法,但我只是从spring安全库复制ActiveDirectoryLdapAuthenticationProvider创建了CustomADLda

谢谢你。我也和你一样。我在自己的代码中创建了一个Springbean来替换我所需要的。。我不确定是否有更好的方法,但我只是从spring安全库复制ActiveDirectoryLdapAuthenticationProvider创建了CustomADLda

authentication active-directory spring-security

谢谢你。我也和你一样。我在自己的代码中创建了一个Springbean来替换我所需要的。。我不确定是否有更好的方法,但我只是从spring安全库复制ActiveDirectoryLdapAuthenticationProvider创建了CustomADLda,authentication,active-directory,spring-security,Authentication,Active Directory,Spring Security,谢谢你。我也和你一样。我在自己的代码中创建了一个Springbean来替换我所需要的。。我不确定是否有更好的方法,但我只是从spring安全库复制ActiveDirectoryLdapAuthenticationProvider创建了CustomADLdapAuthenticationProvider。 class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationP

谢谢你。我也和你一样。我在自己的代码中创建了一个Springbean来替换我所需要的。。我不确定是否有更好的方法,但我只是从spring安全库复制ActiveDirectoryLdapAuthenticationProvider创建了CustomADLdapAuthenticationProvider。 
    class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
    <beans:constructor-arg value="mydomain" />
    <beans:constructor-arg value="ldap://my URL :389" />
    <beans:property name="convertSubErrorCodesToExceptions" value="true"/>
</beans:bean>

org.springframework.dao.IncorrectResultSizeDataAccessException: Incorrect result size: expected 1, actual 0
    at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntryInternal(SpringSecurityLdapTemplate.java:239)
    at org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.searchForUser(ActiveDirectoryLdapAuthenticationProvider.java:258)
....

private DirContextOperations searchForUser(DirContext ctx, String username) throws NamingException {
    SearchControls searchCtls = new SearchControls();
    searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

    String searchFilter = "(&(objectClass=user)(userPrincipalName={0}))";

    final String bindPrincipal = createBindPrincipal(username);

    String searchRoot = rootDn != null ? rootDn : searchRootFromPrincipal(bindPrincipal);

    return SpringSecurityLdapTemplate.searchForSingleEntryInternal(ctx, searchCtls, searchRoot, searchFilter,
            new Object[]{bindPrincipal});
}

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd
">

<!-- There is some Java based config here, don't forget. -->
<!-- Its not important for this example-->
<context:component-scan base-package="uk.ac.example.ldaptest.security" />

<!-- This is for our Active Dir LDAP implementation -->
<beans:bean id="contextSource"
    class="org.springframework.ldap.core.support.LdapContextSource">
    <beans:property name="url"
        value="LDAP://ads.ntd.example.ac.uk:389" />
    <beans:property name="base" value="dc=ntd,dc=example,dc=ac,dc=uk" />
    <beans:property name="userDn" value="cn=ldap,ou=Service Accounts,ou=Management,ou=example,dc=ntd,dc=example,dc=ac,dc=uk" />
    <beans:property name="password" value="XXXXXXXXX" />
    <beans:property name="pooled" value="true" />
    <!-- AD Specific Setting for avoiding the partial exception error -->
    <beans:property name="referral" value="follow" />
</beans:bean>

<beans:bean id="ldapAuthenticationProvider"
    class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <beans:constructor-arg>
        <beans:bean
            class="org.springframework.security.ldap.authentication.BindAuthenticator">
            <beans:constructor-arg ref="contextSource" />
            <beans:property name="userSearch">
                <beans:bean id="userSearch"
                    class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                    <beans:constructor-arg index="0" value="" />
                    <beans:constructor-arg index="1" value="(sAMAccountName={0})" />
                    <beans:constructor-arg index="2" ref="contextSource" />
                </beans:bean>
            </beans:property>
        </beans:bean>
    </beans:constructor-arg>
    <beans:constructor-arg>
        <beans:bean
            class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
            <beans:constructor-arg ref="contextSource" />
            <beans:constructor-arg value="" />
            <beans:property name="groupSearchFilter" value="(member={0})" />
            <beans:property name="searchSubtree" value="true" />
            <!-- Below Settings convert the adds the prefix ROLE_ to roles returned 
                from AD -->
        </beans:bean>
    </beans:constructor-arg>
    <!-- Create the Mapper object that returns our customised User object -->
    <!-- Set up in the Java based config mentioned earlier -->
    <beans:property name="userDetailsContextMapper" ref="myUdcm" />
</beans:bean>

<beans:bean id="authenticationManager"
    class="org.springframework.security.authentication.ProviderManager">
    <beans:constructor-arg>
        <beans:list>
            <beans:ref local="ldapAuthenticationProvider" />
        </beans:list>
    </beans:constructor-arg>
</beans:bean>

<!-- we want all URLs within our application to be secured, requiring the 
    role ROLE_STAFF to access them. LDAP supplies this -->
<http auto-config="true" use-expressions="true"
    authentication-manager-ref="authenticationManager">
    <intercept-url pattern="/resources/**" access="permitAll" />
    <intercept-url pattern="/**" access="hasRole('ROLE_STAFF')" />
    <session-management>
        <concurrency-control max-sessions="1" />
    </session-management>
</http>

public PersistentRememberMeToken getTokenForSeries(String seriesId) {
    try {
        return (PersistentRememberMeToken) tokensBySeriesMapping.findObject(seriesId);
    } catch(IncorrectResultSizeDataAccessException moreThanOne) {
        logger.error("Querying token for series '" + seriesId + "' returned more than one value. Series" +
                " should be unique");
    } catch(DataAccessException e) {
        logger.error("Failed to load token for series " + seriesId, e);
    }

    return null;
}

/**
 * Save/cache the login token, retrieve or update it for remember-me feature.
 * 
 * create table persistent_logins (username varchar(64) not null, series varchar(64) primary key,
 * token varchar(64) not null, last_used timestamp not null)
 * 
 * @author lchen
 * 
 */
public class TokenRepositoryDao extends BaseDao implements PersistentTokenRepository {

    @Override
    public void createNewToken(PersistentRememberMeToken token) {
        String sql = "insert into persistent_logins (username, series, token, last_used) values(?,?,?,?)";
        getJdbcTemplate().update(sql, token.getUsername(), token.getSeries(), token.getTokenValue(), token.getDate());
    }

    @Override
    public PersistentRememberMeToken getTokenForSeries(String series) {
        String sql = "select username,series,token,last_used from persistent_logins where series = ?";
        try {
            return getJdbcTemplate().queryForObject(sql, new PersistentRememberMeTokenMapper(), series);
        } catch (IncorrectResultSizeDataAccessException moreThanOne) {
            if (moreThanOne.getActualSize() > 1)
                logger.error("Querying token for series '" + series + "' returned more than one value. Series" + " should be unique");
        } catch (DataAccessException e) {
            logger.error("Failed to load token for series " + series, e);
        }
        return null;
    }

    @Override
    public void removeUserTokens(String username) {
        String sql = "delete from persistent_logins where username = ?";
        getJdbcTemplate().update(sql, username);
    }

    @Override
    public void updateToken(String series, String tokenValue, Date lastUsed) {
        String sql = "update persistent_logins set token = ?, last_used = ? where series = ?";
        getJdbcTemplate().update(sql, tokenValue, new Date(), series);
    }

    private class PersistentRememberMeTokenMapper implements RowMapper<PersistentRememberMeToken> {
        @Override
        public PersistentRememberMeToken mapRow(ResultSet rs, int rowNum) throws SQLException {
            String username = rs.getString("username");
            String series = rs.getString("series");
            String token = rs.getString("token");
            Date date = rs.getDate("last_used");
            return new PersistentRememberMeToken(username, series, token, date);
        }
    }

}

<security:http pattern="/common/**" security="none" />
<security:http pattern="/styles/**" security="none" />
<security:http pattern="/images/**" security="none" />
<security:http pattern="/scripts/**" security="none" />
<security:http pattern="/layouts/**" security="none" />

<security:http use-expressions="true">
    <security:intercept-url pattern="/login.do" access="permitAll" />
    <security:intercept-url pattern="/logout.do" access="permitAll" />
    <security:intercept-url pattern="/login/failure.do" access="permitAll" />
    <security:intercept-url pattern="/index.jsp" access="permitAll" />
    <security:intercept-url pattern="/home/**" access="isAuthenticated()" />
    <security:intercept-url pattern="/upload/**" access="hasRole('ROLE_USER')" />
    <security:intercept-url pattern="/**" access="denyAll" />
    <security:form-login login-page="/login.do" authentication-failure-url="/login/failure.do" default-target-url="/" />
    <security:logout logout-url="/logout.do" logout-success-url="/" delete-cookies="JSESSIONID" />
    <security:remember-me user-service-ref="userDetailsService" token-repository-ref="tokenRepository" token-validity-seconds="1296000" />
</security:http>

<bean id="tokenRepository" class="com.abc.dao.TokenRepositoryDao" />

<security:authentication-manager>
    <security:authentication-provider ref="ldapAuthProvider" />
</security:authentication-manager>

<bean id="userDetailsService" class="org.springframework.security.ldap.userdetails.LdapUserDetailsService">
    <constructor-arg ref="userSearch" />
    <constructor-arg ref="authoritiesPopulator" />
</bean>

<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <constructor-arg value="ldap://corp.abc.com:389/dc=Corp,dc=abc,dc=com" />
    <property name="userDn" value="***" />
    <property name="password" value="***" />
    <property name="baseEnvironmentProperties">
        <map>
            <entry key="java.naming.referral">
                <value>follow</value> <!-- Avoid error: Unprocessed Continuation Reference(s); remaining name '' -->
            </entry>
        </map>
    </property>
</bean>

<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
    <constructor-arg>
        <value></value> <!-- blank value is required here! -->
    </constructor-arg>
    <constructor-arg>
        <value>(sAMAccountName={0})</value>
    </constructor-arg>
    <constructor-arg ref="contextSource" />
    <property name="searchSubtree">
        <value>true</value>
    </property>
</bean>

<bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <constructor-arg ref="authenticator" />
    <constructor-arg ref="authoritiesPopulator" />
</bean>

<bean id="authenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator">
    <constructor-arg ref="contextSource" />
    <property name="userDnPatterns">
        <list>
            <value>sAMAccountName={0}</value>
        </list>
    </property>
    <property name="userSearch" ref="userSearch" />
</bean>

<bean id="authoritiesPopulator" class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
    <constructor-arg ref="contextSource" />
    <constructor-arg value="" /> <!-- From the root DN of the context factory -->
    <property name="groupRoleAttribute" value="cn" />
    <property name="rolePrefix" value="ROLE_" />
    <property name="searchSubtree" value="true" />
    <property name="convertToUpperCase" value="true" />
    <property name="ignorePartialResultException">
        <value>false</value>
    </property>
</bean>