1. 首頁
  2. 問答
  3. Spring Security 2.0.6使用活動目錄進行身份驗證

Spring Security 2.0.6使用活動目錄進行身份驗證

2010-11-05 118 views
1

我試圖將Ldap-Active Directory和Spring Security 2.0.6進行身份驗證。但我不知道爲什麼認證不通過...Spring Security 2.0.6使用活動目錄進行身份驗證

在這裏你可以看到控制檯:

> INFO [Server] JBoss (MX MicroKernel) 
> [4.2.3.GA (build: 
> SVNTag=JBoss_4_2_3_GA 
> date=200807181439)] Started in 
> 30s:118ms 
> 
> INFO [STDOUT] [WARN] Authentication 
> event 
> AuthenticationFailureBadCredentialsEvent: 
> secretariauno1; details: 
> [email protected]: 
> RemoteIpAddress: 127.0.0.1; SessionId: 
> 1D1DEAD28D4AE44AF67277654889D73E; 
> exception: User secretariauno1 not 
> found in directory. 
> 
> INFO [STDOUT] [WARN] Authentication 
> event 
> AuthenticationFailureBadCredentialsEvent: 
> secretariauno; details: 
> [email protected]: 
> RemoteIpAddress: 127.0.0.1; SessionId: 
> 1D1DEAD28D4AE44AF67277654889D73E; 
> exception: Bad credentials; nested 
> exception is 
> org.springframework.ldap.AuthenticationException: 
> [LDAP: error code 49 - 80090308: 
> LdapErr: DSID-0C0903A9, comment: 
> AcceptSecurityContext error, data 52e, 
> v1db0 
> 
> INFO [STDOUT] [INFO] The 
> returnObjFlag of supplied 
> SearchControls is not set but a 
> ContextMapper is used - setting flag 
> to true 
> 
> INFO [STDOUT] [WARN] Authentication 
> event 
> AuthenticationFailureServiceExceptionEvent: 
> secretariauno; details: 
> [email protected]: 
> RemoteIpAddress: 127.0.0.1; SessionId: 
> 1D1DEAD28D4AE44AF67277654889D73E; 
> exception: Unprocessed Continuation 
> Reference(s); nested exception is 
> javax.naming.PartialResultException: 
> Unprocessed Continuation Reference(s); 
> remaining name ''; nested exception is 
> org.springframework.ldap.PartialResultException: 
> Unprocessed Continuation Reference(s); 
> nested exception is 
> javax.naming.PartialResultException: 
> Unprocessed Continuation Reference(s); 
> remaining name ''

有三個[WARN],第一secretariauno1不在LDAP。第二,密碼不好。但是,三分之一,是好的,它不通過。它返回到登錄頁面。我已經看過了「returnObjFlag」和關於「剩餘名稱」沒有目標......

請,如果有人能幫助我......,謝謝!

在這裏你可以看到塔的applicationContext-security.xml文件:

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:security="http://www.springframework.org/schema/security" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
         http://www.springframework.org/schema/beans/spring-beans-2.5.xsd 
         http://www.springframework.org/schema/security 
         http://www.springframework.org/schema/security/spring-security-2.0.xsd"> 

    <bean id="loggerListener" 
      class="org.springframework.security.event.authentication.LoggerListener" /> 

    <security:http> 
     <security:intercept-url pattern="/**" access="ROLE_USUARIO_AUTENTICADO" /> 
     <security:intercept-url pattern="/login.jsp" filters="none"/> 
     <security:intercept-url pattern="/css/*" filters="none"/> 
     <security:form-login 
      login-processing-url="/j_security_check" 
      login-page="/login.jsp" 
      default-target-url="/index.jsp" 
      always-use-default-target="true" 
      authentication-failure-url="/login.jsp" /> 
     <security:anonymous/> 
     <security:http-basic/> 
     <security:logout/> 
    </security:http> 

    <security:ldap-server id="ldapServer" 
          url="ldap://bibredc05.preadm.com:389/dc=preadm,dc=com" 
          manager-dn="cn=desLector,ou=Users,dc=preminjus,dc=es" 
          manager-password="pwd123"/> 

    <security:ldap-authentication-provider user-search-filter="(sAMAccountName={0})" 
              user-search-base="ou=Users"/> 



    <security:ldap-user-service server-ref="ldapServer" 
           user-search-filter="sAMAccountName={0}" 
           user-search-base="ou=Users"/> 

</beans>

來源

2010-11-05 Thonolan

回答

0

也許this link可以幫助你。這個問題有一個可能的原因。

這可能是由於需要遵循的推薦搜索。

This link也關係到轉診配置的一種方式。

來源

2010-11-07 06:06:06 Raghuram

1

已解決

那麼,最後我已經遷移到了Spring Security 3.0.4。問題是你必須使用bean定義,因爲Active Directory需要Populator bean。

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:security="http://www.springframework.org/schema/security" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
     http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
     http://www.springframework.org/schema/security 
     http://www.springframework.org/schema/security/spring-security-3.0.3.xsd"> 

<bean id="loggerListener" 
    class="org.springframework.security.authentication.event.LoggerListener" /> 

<security:http> 
    <security:session-management> 
    <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/> 
    </security:session-management> 
    <security:intercept-url pattern="/css/*" filters="none"/> 
    <security:intercept-url pattern="/login.jsp" filters="none"/> 
    <security:intercept-url pattern="/**" access="ROLE_USER_AUTENTICADO" /> 
    <security:form-login 
    login-processing-url="/j_spring_security_check" 
    login-page="/login.jsp" 
    default-target-url="/index.jsp" 
    always-use-default-target="true" 
    authentication-failure-url="/login.jsp" /> 
    <security:anonymous/> 
    <security:http-basic/> 
    <security:logout/> 
</security:http> 

<security:authentication-manager> 
    <security:authentication-provider ref='ldapAuthProvider' /> 
</security:authentication-manager> 


<!-- 
* The second constructor of the DefaultLdapAuthoritiesPopulator class is the paramerter 
    what is included in LDAP as memberOf, for example, if it have value="ou=Users" the 
    users without thios group don't have access. 

* It put to the accessed user: ROLE_USUARIO_AUTENTICADO". I use this in the interceptor. 
    But, for example, if in the LDAP, the user have in memberOf attribute: 
    "CN=Preadm,OU=Applications,OU=Usuers,DC=preadm,DC=com" the user should have authority for 
    OU=Users, but it will work if the interceptor have "ROLE_PREADM", "ROLE_" is the default prefix, 
    "PREADM" is for CN=Preadm in the memberOf. 
    --> 

<bean id="ldapAuthProvider" 
     class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> 
    <constructor-arg> 
    <bean id="bindAuthenticator" 
     class="org.springframework.security.ldap.authentication.BindAuthenticator"> 
    <constructor-arg ref="contextSource" /> 
    <property name="userSearch" ref="userSearch"/> 
    </bean> 
    </constructor-arg> 
    <constructor-arg> 
     <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator"> 
    <constructor-arg ref="contextSource"/> 
    <constructor-arg value="ou=Users"/> 
    <property name="defaultRole" value="ROLE_USER_AUTENTICADO"/> 
    <property name="searchSubtree" value="true" /> 
    <property name="ignorePartialResultException" value="true"/> 
     </bean> 
    </constructor-arg> 
</bean> 

<bean id="userSearch" 
    class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> 
    <constructor-arg index="0" value="ou=Users"/> 
    <constructor-arg index="1" value="(sAMAccountName={0})"/> 
    <constructor-arg index="2" ref="contextSource" /> 
    <property name="searchSubtree" value="true"/> 
</bean> 

<bean id="contextSource" 
    class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> 
    <constructor-arg value="ldap://bibredc05.preadm.com:389/dc=preadm,dc=com"/> 
    <property name="userDn" value="cn=desReader,ou=Users,dc=preadm,dc=com"/> 
    <property name="password" value="pwd123"/> 
</bean> 

</beans>

來源

2010-11-10 10:23:02 JLY

相關問題

 相關問題