Java 身份验证请求失败:凭据错误[LDAP:错误代码49-数据52e,v1db1]
我正在尝试使用BindAuthenticator进行身份验证,但它给了我身份验证错误Java 身份验证请求失败:凭据错误[LDAP:错误代码49-数据52e,v1db1],java,spring,spring-mvc,authentication,ldap,Java,Spring,Spring Mvc,Authentication,Ldap,我正在尝试使用BindAuthenticator进行身份验证,但它给了我身份验证错误 18:14:32,764 org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter DEBUG http-bio-8080-exec-12 authentication.UsernamePasswordAuthenticationFilter:189 - Request is to process
18:14:32,764 org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter DEBUG http-bio-8080-exec-12 authentication.UsernamePasswordAuthenticationFilter:189 - Request is to process authentication
18:14:32,765 org.springframework.security.authentication.ProviderManager DEBUG http-bio-8080-exec-12 authentication.ProviderManager:152 - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
18:14:32,767 org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider DEBUG http-bio-8080-exec-12 authentication.LdapAuthenticationProvider:65 - Processing authentication request for user: admin.manager@XDEV.com
18:14:32,770 org.springframework.security.ldap.authentication.BindAuthenticator DEBUG http-bio-8080-exec-12 authentication.BindAuthenticator:108 - Attempting to bind as uid=admin.manager@XDEV.com,o=X-DEV,dc=Xexternal,dc=com
18:14:32,770 org.springframework.security.ldap.DefaultSpringSecurityContextSource$1 DEBUG http-bio-8080-exec-12 ldap.DefaultSpringSecurityContextSource:76 - Removing pooling flag for user uid=admin.manager@XDEV.com,o=LS360-DEV,dc=Xexternal,dc=com
18:14:33,427 org.springframework.security.ldap.authentication.BindAuthenticator DEBUG http-bio-8080-exec-12 authentication.BindAuthenticator:152 - Failed to bind as uid=admin.manager@XDEV.com: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
XML配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:security="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:global-method-security
secured-annotations="enabled" />
<security:http pattern="/theme/**" security="none" />
<security:http pattern="/javascript/**" security="none" />
<security:http pattern="/favicon.ico" security="none" />
<security:http pattern="/login" security="none" />
<beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg value="ldap://10.0.X.X:389/DC=Xexternal,DC=com" />
<beans:property name="base" value="O=X-DEV,DC=Xexternal,DC=com" />
<beans:property name="userDn" value="CN=X-dev,O=X-DEV,DC=Xexternal,DC=com" />
<beans:property name="password" value="X!" />
</beans:bean>
<beans:bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="" />
<beans:constructor-arg index="1" value="uid={0}" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
<beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
</beans:bean>
<beans:bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource"/>
<beans:property name="userDnPatterns">
<beans:list>
<beans:value>uid={0}</beans:value>
</beans:list>
</beans:property>
<beans:property name="userSearch" ref="userSearch" />
<!-- <beans:property name="passwordEncoder" ref="passwordEncoder" /> -->
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource" />
<beans:constructor-arg value="O=X-DEV" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<!-- LDAP server details -->
<security:authentication-manager>
<security:authentication-provider
ref="ldapAuthProvider">
</security:authentication-provider>
</security:authentication-manager>
<security:http>
<security:form-login login-page="/login"
login-processing-url="/j_spring_security_check" default-target-url="/search"
authentication-failure-url="/login?login_error=true" />
<security:http-basic />
<security:logout logout-url="/login" />
<security:session-management
invalid-session-url="/login" />
<security:intercept-url pattern="/**"
access='ROLE_USER,IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED' />
</security:http>
</beans:beans>
uid={0}
我做了以下更改以使整个过程正常工作
<beans:bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="" />
<beans:constructor-arg index="1" value="**(userPrincipalName={0})**" />
<beans:constructor-arg index="2" ref="contextSource" />
<beans:property name="searchSubtree" value="true" />
</beans:bean>
另外,我在授权中添加了角色_ADMIN
<security:http>
<security:form-login login-page="/login"
login-processing-url="/j_spring_security_check" default-target-url="/searchcourse"
authentication-failure-url="/login?login_error=true" />
<security:http-basic />
<security:logout logout-url="/login" />
<security:session-management
invalid-session-url="/login" />
<security:intercept-url pattern="/**"
access='**ROLE_ADMIN,** ROLE_USER,IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED' />
</security:http>
我在stackoverflow上的某个地方读到,必须有一个角色\u ADMIN
我希望这对其他人也有帮助
谢谢,您是否尝试过与JXPlorer()连接?错误代码52e通常与无效凭据绑定。。。您是否有两个用户admin.manager位于同一LDAP中但位于不同的树中?我使用的是ldapadmin.org。我在用户中搜索了多个条目,但只找到一个。您要连接到哪个LDAP?Microsoft Active Directory?您是否尝试用ActiveDirectoryLdapAuthenticationProvider替换常规LdapAuthenticationProvider?不确定它是否有帮助,但这个链接可能会有所帮助:或多或少都是相同的错误