Grails/Spring安全LDAP：备用检查方法_Grails_Spring Security_Grails Plugin

Grails/Spring安全LDAP：备用检查方法

grails spring-security

Grails/Spring安全LDAP：备用检查方法,grails,spring-security,grails-plugin,Grails,Spring Security,Grails Plugin,我一直在想，是否有一种方法可以配置Spring Security LDAP插件，使其不以标准方式执行身份验证，但如下所示： If one is able to connect and login to the LDAP server then the user is authenticated. Read the authorization from this user's account on LDAP (this is probably the default behavior)

我一直在想，是否有一种方法可以配置Spring Security LDAP插件，使其不以标准方式执行身份验证，但如下所示：

If one is able to connect and login to the LDAP server then 
the user is authenticated. 

Read the authorization from this user's account on LDAP 
(this is probably the default behavior)

因此，基本上不用配置主帐户，而是使用用户传递的user/pass来实际执行登录（如果成功，则允许用户获取其他数据）

提前谢谢

希望你还在找这个。BindAuthenticator听起来是朝着正确方向迈出的一大步。不过，您必须更改authorities populator，使其不使用安全上下文源。我相信默认的populator使用一个连接池和适当的管理员帐户

下面是一个带有BindAuthenticator和自定义AuthoritiesPopulator的设置示例

        <bean id="authPopulator" class="org.springframework.security.ldap.populator.CustomLdapAuthoritiesPopulator">
      <constructor-arg ref="securityContextSource"/>
      <constructor-arg value="ou=Roles,o=data"/>
      <property name="groupRoleAttribute" value="resourceGroupType"/>
      <property name="groupSearchFilter" value="member={0}" />
    </bean>

<bean id="ldap-authentication-provider"
        class="org.springframework.security.providers.ldap.LdapAuthenticationProvider" >
  <constructor-arg>
    <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
      <constructor-arg ref="securityContextSource"/>
      <property name="userDnPatterns">
        <list><value>cn={0},ou=users,o=system</value>
          <value>cn={0},ou=users,o=xyz</value>
          <value>cn={0},ou=users,ou=external,o=xyz</value>
    </list>
      </property>
      <property name="userSearch" ref="userSearch">
      </property>
    </bean>
  </constructor-arg>
  <constructor-arg ref="authPopulator"/>
  <s:custom-authentication-provider />
</bean>

我没有收到任何错误，但它并没有填充所有角色。这可能是eDirectory权限问题，或者您可能必须创建自己的权限填充器。populator确实传递给用户dirContext

     <bean id="securityContextSource"
        class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  <constructor-arg value="ldap://192.168.254.254:389"/>
  <property name="userDn" value="cn=admin,ou=users,o=xyz"/>
  <property name="password" value="password"/>
</bean>

 [java] - Authentication success: org.springframework.security.providers.UsernamePasswordAuthenticationToken@79107ad5: Principal: org.springframework.security.userdetails.ldap.LdapUserDetailsImpl@3d1a70a7: Username: internalUser; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: a2a3a505521919d529e75c6d14081f6b; Granted Authorities: ROLE_USER
     [java] - Updated SecurityContextHolder to contain the following Authentication: 'org.springframework.security.providers.UsernamePasswordAuthenticationToken@79107ad5: Principal: org.springframework.security.userdetails.ldap.LdapUserDetailsImpl@3d1a70a7: Username: internalUser; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: a2a3a505521919d529e75c6d14081f6b; Granted Authorities: ROLE_USER'