Spring security 使用SpringSecurity3的LDAP身份验证
我正试图通过对组织的LDAP服务器进行身份验证来保护Spring3MVCWeb应用程序的部分安全。我是LDAP新手,所以我边走边学习。我一直在遵循文档和示例,但似乎无法正确理解 这是我的security-context.xmlSpring security 使用SpringSecurity3的LDAP身份验证,spring-security,ldap,Spring Security,Ldap,我正试图通过对组织的LDAP服务器进行身份验证来保护Spring3MVCWeb应用程序的部分安全。我是LDAP新手,所以我边走边学习。我一直在遵循文档和示例,但似乎无法正确理解 这是我的security-context.xml <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:s="http://www.sprin
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
<!-- Security Configuration -->
<s:http>
<s:intercept-url pattern="/page/tosecure/*" access="ROLE_USER" />
<s:http-basic />
</s:http>
<s:ldap-server root="dc=ldap,dc=sub,dc=myorg,dc=org" url="ldap.sub.myorg.org" port="636" />
<s:authentication-manager>
<s:ldap-authentication-provider user-dn-pattern="uid={0},cn=users" />
<s:authentication-provider ref="ldapAuthProvider" />
</s:authentication-manager>
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldaps://ldap.sub.myorg.org:636/dc=ldap,dc=sub,dc=myorg,dc=org" />
</bean>
<bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userDnPatterns">
<list>
<value>uid={0},cn=users</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource" />
<constructor-arg value="cn=groups" />
<property name="groupRoleAttribute" value="cn" />
</bean>
</constructor-arg>
</bean>
</beans>
uid={0},cn=用户
下面是我得到的错误(堆栈跟踪中列出的最后几个原因)
原因:org.springframework.beans.factory.BeanCreationException:创建名为“org.springframework.security.securityContextSource”的bean时出错:bean实例化失败;嵌套的异常为org.springframework.beans.BeanInstantiationException:无法实例化bean类[org.springframework.security.ldap.DefaultSpringSecurityContextSource]:构造函数引发异常;嵌套异常为org.springframework.ldap.badldapgramarException:无法解析DN;嵌套的异常是org.springframework.ldap.core.TokenMgrError:第1行第5列的词法错误。遇到:“(46),在:”
位于org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:288)
位于org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1035)
位于org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:939)
位于org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
位于org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
位于org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
位于org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
位于org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
位于org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
位于org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:323)
... 106多
原因:org.springframework.beans.BeanInstantiationException:无法实例化bean类[org.springframework.security.ldap.DefaultSpringSecurityContextSource]:构造函数引发异常;嵌套异常为org.springframework.ldap.badldapgramarException:无法解析DN;嵌套的异常是org.springframework.ldap.core.TokenMgrError:第1行第5列的词法错误。遇到:“(46),在:”
位于org.springframework.beans.BeanUtils.InstanceClass(BeanUtils.java:162)
位于org.springframework.beans.factory.support.SimpleInstallationStrategy.instantiate(SimpleInstallationStrategy.java:121)
位于org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:280)
... 115多
原因:org.springframework.ldap.badldapgramarException:解析DN失败;嵌套的异常是org.springframework.ldap.core.TokenMgrError:第1行第5列的词法错误。遇到:“(46),在:”
位于org.springframework.ldap.core.differentizedName.parse(differentizedName.java:224)
位于org.springframework.ldap.core.differentizedName.(differentizedName.java:174)
位于org.springframework.ldap.core.support.AbstractContextSource.setBase(AbstractContextSource.java:207)
位于org.springframework.security.ldap.DefaultSpringSecurityContextSource。(DefaultSpringSecurityContextSource.java:67)
位于sun.reflect.NativeConstructorAccessorImpl.newInstance0(本机方法)
位于sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
在sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
位于java.lang.reflect.Constructor.newInstance(Constructor.java:513)
位于org.springframework.beans.BeanUtils.InstanceClass(BeanUtils.java:147)
... 117更多
原因:org.springframework.ldap.core.TokenMgrError:第1行第5列的词法错误。遇到:“(46),在:”
位于org.springframework.ldap.core.DnParserImplTokenManager.getNextToken(DnParserImplTokenManager.java:678)
位于org.springframework.ldap.core.DnParserImpl.jj_consume_令牌(DnParserImpl.java:231)
位于org.springframework.ldap.core.DnParserImpl.SpacedEquals(DnParserImpl.java:114)
位于org.springframework.ldap.core.DnParserImpl.attributeTypeAndValue(DnParserImpl.java:94)
位于org.springframework.ldap.core.DnParserImpl.rdn(DnParserImpl.java:58)
位于org.springframework.ldap.core.DnParserImpl.dn(DnParserImpl.java:23)
位于org.springframework.ldap.core.differentizedName.parse(differentizedName.java:218)
它似乎不喜欢ContextSourcebean的构造函数参数中列出的URL,尽管我不知道为什么
此外,我怀疑此配置的其他部分不正确。例如,我在ldap服务器标记和ContextSourcebean中定义了ldap服务器URL。这似乎是不必要的重复,但在示例中就是这样做的。有人能仔细检查一下配置,确保它是正常的吗
此外,如果有必要,我将介绍一下LDAP服务器的布局,因为它似乎有点不标准。用户的DN由uid={the_user_name},cn构成
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.securityContextSource': Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.ldap.DefaultSpringSecurityContextSource]: Constructor threw exception; nested exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 5. Encountered: "." (46), after : ""
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:288)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1035)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:939)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:323)
... 106 more
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.springframework.security.ldap.DefaultSpringSecurityContextSource]: Constructor threw exception; nested exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 5. Encountered: "." (46), after : ""
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:162)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:121)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:280)
... 115 more
Caused by: org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 5. Encountered: "." (46), after : ""
at org.springframework.ldap.core.DistinguishedName.parse(DistinguishedName.java:224)
at org.springframework.ldap.core.DistinguishedName.<init>(DistinguishedName.java:174)
at org.springframework.ldap.core.support.AbstractContextSource.setBase(AbstractContextSource.java:207)
at org.springframework.security.ldap.DefaultSpringSecurityContextSource.<init>(DefaultSpringSecurityContextSource.java:67)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:147)
... 117 more
Caused by: org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 5. Encountered: "." (46), after : ""
at org.springframework.ldap.core.DnParserImplTokenManager.getNextToken(DnParserImplTokenManager.java:678)
at org.springframework.ldap.core.DnParserImpl.jj_consume_token(DnParserImpl.java:231)
at org.springframework.ldap.core.DnParserImpl.SpacedEquals(DnParserImpl.java:114)
at org.springframework.ldap.core.DnParserImpl.attributeTypeAndValue(DnParserImpl.java:94)
at org.springframework.ldap.core.DnParserImpl.rdn(DnParserImpl.java:58)
at org.springframework.ldap.core.DnParserImpl.dn(DnParserImpl.java:23)
at org.springframework.ldap.core.DistinguishedName.parse(DistinguishedName.java:218)