Spring boot 使用springboot的restfulldap身份验证服务
我正在编写一个程序,验证通过HTTP POST发送的用户名和密码,并根据ldap进行验证,然后将响应发送回用户,无论验证是否成功 我的Web安全配置器实现Spring boot 使用springboot的restfulldap身份验证服务,spring-boot,ldap,restful-authentication,spring-security-ldap,Spring Boot,Ldap,Restful Authentication,Spring Security Ldap,我正在编写一个程序,验证通过HTTP POST发送的用户名和密码,并根据ldap进行验证,然后将响应发送回用户,无论验证是否成功 我的Web安全配置器实现 package hello; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.core.
package hello;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.LdapShaPasswordEncoder;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
@Configuration
@Order(SecurityProperties.IGNORED_ORDER)
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated();
http.csrf().disable();
}
@SuppressWarnings("deprecation")
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=groups")
.contextSource()
.url("ldap://localhost:8389/dc=springframework,dc=org")
.and()
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
}
My test-server.ldif
dn: dc=springframework,dc=org
objectclass: top
objectclass: domain
objectclass: extensibleObject
dc: springframework
dn: ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups
dn: ou=subgroups,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: subgroups
dn: ou=people,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: people
dn: ou=space cadets,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: space cadets
dn: ou=\"quoted people\",dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: "quoted people"
dn: ou=otherpeople,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: otherpeople
dn: uid=ben,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Ben Alex
sn: Alex
uid: ben
userPassword: {SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=
dn: uid=bob,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Bob Hamilton
sn: Hamilton
uid: bob
userPassword: bobspassword
.
.
我在application.properties中也定义了这个。
spring.ldap.embedded.ldif=classpath:test-server.ldif
dn: dc=springframework,dc=org
objectclass: top
objectclass: domain
objectclass: extensibleObject
dc: springframework
dn: ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups
dn: ou=subgroups,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: subgroups
dn: ou=people,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: people
dn: ou=space cadets,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: space cadets
dn: ou=\"quoted people\",dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: "quoted people"
dn: ou=otherpeople,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: otherpeople
dn: uid=ben,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Ben Alex
sn: Alex
uid: ben
userPassword: {SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=
dn: uid=bob,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Bob Hamilton
sn: Hamilton
uid: bob
userPassword: bobspassword
.
.
我试图发布来自邮递员的数据,我得到了403的任何值的响应
我不明白为什么它会给403。
谁能理解我做错了什么。谢谢
以下是更新的安全日志:
2019-09-03 10:11:56.942调试9040---[nio-8080-exec-2]
o、 s.security.web.FilterChainProxy:/rest/hello位于位置1
在额外的过滤链中增加10个;点火过滤器:
“WebAsyncManagerIntegrationFilter”2019-09-03 10:11:56.944调试9040
---[nio-8080-exec-2]o.s.security.web.FilterChainProxy:/rest/hello位于附加过滤器链中10个位置中的第2个位置;发射
过滤器:“SecurityContextPersistenceFilter”2019-09-03 10:11:56.944
调试9040---[nio-8080-exec-2]
w、 c.HttpSessionSecurityContextRepository:当前没有HttpSession
存在2019-09-03 10:11:56.945调试9040---[nio-8080-exec-2]
w、 c.HttpSessionSecurityContextRepository:未找到SecurityContext
可从HttpSession获得:null。将创建一个新的。
2019-09-03 10:11:56.947调试9040---[nio-8080-exec-2]
o、 s.security.web.FilterChainProxy:/rest/hello位于位置3
在额外的过滤链中增加10个;触发过滤器:“HeaderWriterFilter”
2019-09-03 10:11:56.948调试9040---[nio-8080-exec-2]
o、 s.security.web.FilterChainProxy:/rest/hello位于位置4
在额外的过滤链中增加10个;正在启动筛选器:“注销筛选器”
2019-09-03 10:11:56.948调试9040---[nio-8080-exec-2]
o、 s.s.web.util.matcher.OrRequestMatcher:尝试使用Ant进行匹配
[pattern='/logout',GET]2019-09-0310:11:56.949调试9040---
[nio-8080-exec-2]o.s.s.w.u.matcher.AntPathRequestMatcher:正在检查
请求匹配:'/rest/hello';2019-09-03针对“/注销”
10:11:56.949调试9040---[nio-8080-exec-2]
o、 s.s.web.util.matcher.OrRequestMatcher:尝试使用Ant进行匹配
[pattern='/logout',POST]2019-09-0310:11:56.949调试9040---
[nio-8080-exec-2]o.s.s.w.u.matcher.AntPathRequestMatcher:请求
“GET/rest/hello”与“POST/logout”不匹配2019-09-03 10:11:56.949
调试9040---[nio-8080-exec-2]
o、 s.s.web.util.matcher.OrRequestMatcher:尝试使用Ant进行匹配
[pattern='/logout',PUT]2019-09-0310:11:56.950调试9040---
[nio-8080-exec-2]o.s.s.w.u.matcher.AntPathRequestMatcher:请求
“GET/rest/hello”与“PUT/logout”不匹配2019-09-03 10:11:56.950
调试9040---[nio-8080-exec-2]
o、 s.s.web.util.matcher.OrRequestMatcher:尝试使用Ant进行匹配
[pattern='/logout',DELETE]2019-09-0310:11:56.950调试9040---
[nio-8080-exec-2]o.s.s.w.u.matcher.AntPathRequestMatcher:请求
“GET/rest/hello”与“DELETE/logout”2019-09-03不匹配
10:11:56.950调试9040---[nio-8080-exec-2]
o、 s.s.web.util.matcher.OrRequestMatcher:未找到匹配项2019-09-03
10:11:56.951调试9040---[nio-8080-exec-2]
o、 s.security.web.FilterChainProxy:/rest/hello位于位置5
在额外的过滤链中增加10个;点火过滤器:
“RequestCacheAwareFilter”2019-09-03 10:11:56.951调试9040---
[nio-8080-exec-2]o.s.s.w.s.HttpSessionRequestCache:已保存
请求与2019-09-03 10:11:56.951调试9040不匹配---
[nio-8080-exec-2]o.s.security.web.FilterChainProxy:
/在附加过滤器链的10个位置中的第6个位置休息/问候;发射
筛选器:“SecurityContextHolderAwareRequestFilter”2019-09-03
10:11:56.953调试9040---[nio-8080-exec-2]
o、 s.security.web.FilterChainProxy:/rest/hello位于位置7
在额外的过滤链中增加10个;点火过滤器:
“匿名身份验证过滤器”2019-09-03 10:11:56.958调试9040---
[nio-8080-exec-2]o.s.s.w.a.AnonymousAuthenticationFilter:已填充
具有匿名令牌的SecurityContextHolder:
'org.springframework.security.authentication。AnonymousAuthenticationToken@938ad544:
负责人:匿名用户;凭据:[受保护];认证:
是的;细节:
org.springframework.security.web.authentication。WebAuthenticationDetails@b364:
RemoteIP地址:0:0:0:0:0:0:0:0:0:1;SessionId:null;授予
权威:ROLE_ANONYMOUS'2019-09-03 10:11:56.958调试9040---
[nio-8080-exec-2]o.s.security.web.FilterChainProxy:
/在附加过滤器链的10个位置中的第8个位置休息/问候;发射
筛选器:“会话管理筛选器”2019-09-03 10:11:56.958调试9040
---[nio-8080-exec-2]o.s.s.w.session.SessionManagement筛选器:请求的会话ID 84F3D9D1165FFEE7008EDB2FA99B0D88无效。
2019-09-03 10:11:56.958调试9040---[nio-8080-exec-2]
o、 s.security.web.FilterChainProxy:/rest/hello位于位置9
在额外的过滤链中增加10个;点火过滤器:
“ExceptionTranslationFilter”2019-09-03 10:11:56.959调试9040---
[nio-8080-exec-2]o.s.security.web.FilterChainProxy:
/在附加过滤器链的10/10位置休息/问候;发射
过滤器:“过滤器安全接收器”2019-09-03 10:11:56.960调试9040
---[nio-8080-exec-2]o.s.s.w.a.i.FilterSecurityInterceptor:安全对象:过滤器职业:URL:/rest/hello;属性:
[已验证]2019-09-03 10:11:56.960调试9040---
[nio-8080-exec-2]o.s.s.w.a.i.过滤器安全接口:
先前认证:
org.springframework.security.authentication。AnonymousAuthenticationToken@938ad544:
负责人:匿名用户;凭据:[受保护];认证:
是的;细节:
org.springframework.security.web.authentication。WebAuthenticationDetails@b364:
RemoteIP地址:0:0:0:0:0:0:0:0:0:1;SessionId:null;授予
授权机构:ROLE_ANONYMOUS 2019-0