如何将Grails spring安全ldap:2.0.1插件更改为使用定制的AuthoritiesPopulator?
我使用的是Grails2.4.4,使用的插件是SpringSecurityCore:2.0.0和SpringSecurityLDAP:2.0.1。来自OpenLdap的LDAP服务 以上是有效的,我可以从用户是的组成员推断用户角色 但是我们有一个需求变更,现在需要从嵌套的LDAP组树推断用户角色 我检查了一下,spring security ldap:2.0.1是基于springsecurity 3.2.9的,它还没有包括NestedLdapAuthoritiesPopulator,所以我去github获取了它和其他几个依赖项类,将它们放进去,并修改了我的resources.groovy以使用它,就这样:如何将Grails spring安全ldap:2.0.1插件更改为使用定制的AuthoritiesPopulator?,grails,openldap,spring-security-ldap,Grails,Openldap,Spring Security Ldap,我使用的是Grails2.4.4,使用的插件是SpringSecurityCore:2.0.0和SpringSecurityLDAP:2.0.1。来自OpenLdap的LDAP服务 以上是有效的,我可以从用户是的组成员推断用户角色 但是我们有一个需求变更,现在需要从嵌套的LDAP组树推断用户角色 我检查了一下,spring security ldap:2.0.1是基于springsecurity 3.2.9的,它还没有包括NestedLdapAuthoritiesPopulator,所以我去gi
beans = {
ldapAuthProvider(org.springframework.security.ldap.authentication.LdapAuthenticationProvider,
ref("ldapAuthenticator"), // Use default
ref("myLdapAuthoritiesPopulator") // Use custom
) {}
myLdapAuthoritiesPopulator(com.ldap.NestedLdapAuthoritiesPopulator, ref("contextSource2"), application.config.grails.plugin.springsecurity.ldap.authorities.groupSearchBase ) {}
// Set up the manager to read LDAP
contextSource2(DefaultSpringSecurityContextSource, application.config.grails.plugin.springsecurity.ldap.context.server) {
userDn = application.config.grails.plugin.springsecurity.ldap.context.managerDn ?:null
password = application.config.grails.plugin.springsecurity.ldap.context.managerPassword ?:null
}
Message: [LDAP: error code 49 - Invalid Credentials]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
Line | Method
->> 257 | searchForMultipleAttributeValues in com.ldap.SpringSecurityLdapTemplate$$EQx0bs0G
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 200 | performNestedSearch in com.ldap.NestedLdapAuthoritiesPopulator
| 160 | getGroupMembershipRoles . . . . in ''
| 213 | getGrantedAuthorities in com.ldap.DefaultLdapAuthoritiesPopulator$$EQx0Xl3o
| 59 | attemptAuthentication . . . . . in grails.plugin.springsecurity.web.authentication.GrailsUsernamePasswordAuthenticationFilter
| 62 | doFilter in grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter
| 59 | doFilter . . . . . . . . . . . . in grails.plugin.springsecurity.web.SecurityRequestHolderFilter
| 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor
| 615 | run . . . . . . . . . . . . . . in java.util.concurrent.ThreadPoolExecutor$Worker
^ 745 | run in java.lang.Thread
Caused by AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
contextSource2(DefaultSpringSecurityContextSource, application.config.grails.plugin.springsecurity.ldap.context.server) {
userDn = application.config.grails.plugin.springsecurity.ldap.context.managerDn ?:null
password = application.config.grails.plugin.springsecurity.ldap.context.managerPassword ?:null
authenticationSource = ref('ldapAuthenticationSource')
authenticationStrategy = ref('authenticationStrategy')
anonymousReadOnly = true
}
ldapAuthenticationSource(SimpleAuthenticationSource) {
principal = "uid=admin,dc=myCompany,dc=com"
credentials = "Admin123"
}
authenticationStrategy(GrailsSimpleDirContextAuthenticationStrategy) {
userDn = "uid=admin,dc=myCompany,dc=com"
}
Groups -> group02 -> user01
-> group01 (having member group02)
-> group03 -> group04 -> user02
grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'ou=Groups,dc=myCompany,dc=com'
grails.plugin.springsecurity.ldap.authorities.searchSubtree = true
cn=group01,ou=Groups,dc=myCompany,dc=com
cn=group04,cn=group03,ou=Groups,dc=myCompany,dc=com
啊,nvm,我也解决了我的最后一个问题-因为现在我正在滚动我自己的SpringSecurityLdapTemplate类(搜索实际发生的地方),“grails.plugin.springsecurity.ldap.authorities.searchSubtree”配置没有传递给它。。。 因此,我只需在search()调用之前将此配置直接添加到其中,如下所示:
SearchControls ctls = new SearchControls();
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);,
...
search(base, formattedFilter, ctls, roleMapper);