Java Spring Security+;LDAP始终返回BadCredentialsException
我一直在尝试将Spring安全性配置为使用LDAP,但收效甚微 我有以下配置bean:Java Spring Security+;LDAP始终返回BadCredentialsException,java,spring,spring-security,active-directory,ldap,Java,Spring,Spring Security,Active Directory,Ldap,我一直在尝试将Spring安全性配置为使用LDAP,但收效甚微 我有以下配置bean: @Bean public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() { ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider("
@Bean
public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider("go.com.mt", "LDAP://CORPORATE.INTRA");
provider.setConvertSubErrorCodesToExceptions(true);
provider.setUseAuthenticationRequestCredentials(true);
provider.setUserDetailsContextMapper(userDetailsContextMapper());
return provider;
}
@Bean
public UserDetailsContextMapper userDetailsContextMapper() {
UserDetailsContextMapper contextMapper = new AttributesLDAPUserDetailsContextMapper();
return contextMapper;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
}
我尝试创建一个自定义映射器,正如这里关于堆栈溢出的许多答案所建议的那样,它将每个权限设置为ROLE\u USER
public class AttributesLDAPUserDetailsContextMapper implements UserDetailsContextMapper {
@Override
public UserDetails mapUserFromContext(DirContextOperations dirContextOperations, String username, Collection<? extends GrantedAuthority> authority) {
List<GrantedAuthority> mappedAuthorities = new ArrayList<GrantedAuthority>();
for (GrantedAuthority granted : authority) {
if (true) {
mappedAuthorities.add(() -> "ROLE_USER");
} else if(granted.getAuthority().equalsIgnoreCase("MY ADMIN GROUP")) {
mappedAuthorities.add(() -> "ROLE_ADMIN");
}
}
return new User(username, "", mappedAuthorities);
}
@Override
public void mapUserToContext(UserDetails userDetails, DirContextAdapter dirContextAdapter) {
}
}
这意味着active directory正在正常工作,但当我尝试使用正确的凭据进行身份验证时,会收到以下消息:
[apr-8080-exec-6] ctiveDirectoryLdapAuthenticationProvider : Active Directory authentication failed: Supplied password was invalid
[apr-8080-exec-6] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Thu Aug 20 07:31:59 CEST 2015, principal=samantha.catania, type=AUTHENTICATION_FAILURE, data={type=org.springframework.security.authentication.BadCredentialsException, message=Bad credentials}]
[pr-8080-exec-10] o.s.s.ldap.SpringSecurityLdapTemplate : Ignoring PartialResultException
[pr-8080-exec-10] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Thu Aug 20 07:32:05 CEST 2015, principal=samantha.catania, type=AUTHENTICATION_FAILURE, data={type=org.springframework.security.authentication.BadCredentialsException, message=Bad credentials}]
有没有办法解决这个问题?尝试将java环境属性“java.naming.referral”设置为“follow”(在启动时的代码中,或者通过JVM的参数-Djava.naming.referral=follow) 您是否获得堆栈跟踪,或者是否可以打印BadCredentialsException 这与我在AD上遇到的问题非常相似,问题在于AD如何处理转介,这会在数据检索过程中产生错误
从您发布的内容来看,我希望在中生成异常,这将指向相同的问题。问题似乎是因为
ActiveDirectoryLdapAuthenticationProvider
是“猜测”使用域的DNs。将spring security ldap
更新到最新版本可供使用,其中最后一个版本允许您指定DNs。之后,映射程序开始成功调用,身份验证通过
我要感谢每一位对此做出贡献的人:)检查CollectionI是否向这两种映射器方法都添加了日志,但它们从未被打印出来。我还添加了断点,它永远不会停止@@Where和which mapper方法。。你能再精确一点吗。。。一个简单的if-else循环,用于检查授权列表是否为null,这是我想知道的。在我更新并设置DNs后,映射程序开始被调用。似乎错误发生在映射发生之前