如何从Spring Security获得运行Ldap的Spring引导执行器LDAPhealthindIndicator?
我正在使用SpringSecurity开发SpringBoot2.3应用程序。身份验证和授权是通过针对AD的spring security完成的。因此,我使用spring security ldap和以下代码如何从Spring Security获得运行Ldap的Spring引导执行器LDAPhealthindIndicator?,spring,spring-boot,spring-security,ldap,spring-boot-actuator,Spring,Spring Boot,Spring Security,Ldap,Spring Boot Actuator,我正在使用SpringSecurity开发SpringBoot2.3应用程序。身份验证和授权是通过针对AD的spring security完成的。因此,我使用spring security ldap和以下代码 public class SecurityConfiguration extends WebSecurityConfigurerAdapter { ... public AuthenticationProvider adAuthenticationProvider() {
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
...
public AuthenticationProvider adAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider adProvider =
new ActiveDirectoryLdapAuthenticationProvider(ldapDomain, ldapUrl);
adProvider.setSearchFilter(ldapSearchFilter);
adProvider.setAuthoritiesMapper(authorities -> {
Collection<GrantedAuthority> gaCollection = new ArrayList<>();
for (GrantedAuthority authority : authorities) {
if ("admin".equals(authority.getAuthority())) {
gaCollection.add(new SimpleGrantedAuthority(Role.ADMIN));
}
}
return gaCollection;
});
return adProvider;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(adAuthenticationProvider());
auth.eraseCredentials(false);
}
}
我的广告运行在远程服务器上,而不是本地主机上。春季安全工作正常
那么,为什么LdapHealthIndicator尝试在本地主机上验证ldap服务器呢?通过什么样的设计方式让LdaPhealthindIndicator使用my
SecurityConfiguration
中的myAuthenticationProvider
?可能还有其他问题;但是,主要问题似乎是您的pom中缺少:
org.springframework.ldap
声明属性为spring.ldap.url
,因此我认为应该改为该属性。您是否已经声明了spring.ldap
属性?Spring Security不使用这些,但执行器使用。例如,您为spring.ldap.url
设置了什么?我尝试了spring.ldap.url=ldaps://server.domain.tld 但是执行器探针仍然是localhost:389,我想知道您的依赖关系是否正确。例如SpringSecurityLDAP不依赖于SpringLDAP,在SpringLDAP中声明了ldaOperations。你能分享一下你认为pom中包含的相关依赖项吗?我添加了相关依赖项。有什么我该修的吗?对不起。这并没有奏效。我在application.properties中添加了依赖项和spring.ldap.url。但是执行器探针仍然是本地主机:389没有问题。接下来我要做的是使用--debug
程序参数,并确认调用了相应的Spring Boot Actuator自动配置类。如果不是,调试输出通常足以告诉您原因。但我仍然不明白为什么它添加了ldap执行器,但无法验证服务器连接,而是使用localhost。有什么想法吗?谢谢你提供的额外细节。我已经添加了参考文档的链接,这可能会指出您的配置中的另一个问题?哦,真的吗?你很棒。通过spring.ldap.url,它终于可以工作了。非常感谢。
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>${spring-boot.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
...
</dependencyManagement>
<dependencies>
<!-- Spring -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-autoconfigure</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
<exclusions>
<exclusion>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-juli</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-jdbc</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<!-- End Spring -->
...
</dependencies>
CONDITIONS EVALUATION REPORT (only LDAP lines)
positive matches:
LdapAutoConfiguration matched:
- @ConditionalOnClass found required class 'org.springframework.ldap.core.ContextSource' (OnClassCondition)
LdapAutoConfiguration#ldapContextSource matched:
- @ConditionalOnMissingBean (types: org.springframework.ldap.core.support.LdapContextSource; SearchStrategy: all) did not find any beans (OnBeanCondition)
LdapAutoConfiguration#ldapTemplate matched:
- @ConditionalOnMissingBean (types: org.springframework.ldap.core.LdapOperations; SearchStrategy: all) did not find any beans (OnBeanCondition)
LdapHealthContributorAutoConfiguration matched:
- @ConditionalOnClass found required class 'org.springframework.ldap.core.LdapOperations' (OnClassCondition)
- @ConditionalOnEnabledHealthIndicator management.health.ldap.enabled is true (OnEnabledHealthIndicatorCondition)
- @ConditionalOnBean (types: org.springframework.ldap.core.LdapOperations; SearchStrategy: all) found bean 'ldapTemplate' (OnBeanCondition)
LdapHealthContributorAutoConfiguration#ldapHealthContributor matched:
- @ConditionalOnMissingBean (names: ldapHealthIndicator,ldapHealthContributor; SearchStrategy: all) did not find any beans (OnBeanCondition)
negative matches:
EmbeddedLdapAutoConfiguration:
Did not match:
- @ConditionalOnClass did not find required class 'com.unboundid.ldap.listener.InMemoryDirectoryServer' (OnClassCondition)
LdapRepositoriesAutoConfiguration:
Did not match:
- @ConditionalOnClass did not find required class 'org.springframework.data.ldap.repository.LdapRepository' (OnClassCondition)
o.s.b.actuate.ldap.LdapHealthIndicator : LDAP health check failed
org.springframework.ldap.CommunicationException: localhost:389; nested exception is
javax.naming.CommunicationException: localhost:389
[Root exception is java.net.ConnectException: Connection refused: connect]