0
我試圖將spring安全與ldap集成。使用彈簧核心版本4.0.5,彈簧安全版本3.2.2和彈簧ldap版本1.3.2。這裏是我的安全配置XML春季LDAP集成問題
http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd「>
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/js/**"
access="true" />
<security:intercept-url pattern="/css/**"
access="true" />
<security:intercept-url pattern="/images/**"
access="true" />
<security:intercept-url pattern="/**"
access="hasRole('ROLE_USER')" />
</security:http>
<security:ldap-server id="ldapServer"
url="ldap://qadirectory.xxxx.com:389/" />
<security:authentication-manager alias="authenticationManager">
<security:ldap-authentication-provider
server-ref="ldapServer" user-dn-pattern="uid={0},ou=people,o=xxxx.com" />
</security:authentication-manager>
獲得以下錯誤而通過默認彈簧形式進行身份驗證
org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - No Such Object]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name ''
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:174)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:305)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:258)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:605)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:523)
org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleAttributeValues(SpringSecurityLdapTemplate.java:171)
org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:215)
org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:185)
org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:197)
org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:82)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
root cause
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name ''
com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3112)
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1849)
com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:252)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:292)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:258)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:605)
org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:523)
org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleAttributeValues(SpringSecurityLdapTemplate.java:171)
org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:215)
org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:185)
org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:197)
org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:82)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:177)
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
好像組成員解析過程中的問題。我認爲Spring Security LDAP的默認配置依賴* base dn *配置。這可能是問題。您可以嘗試在您的提供商配置中指定「group-search-base =」ou = groups,o = xxxx.com「'屬性。 –
刪除了「LDAP:錯誤代碼32」。現在獲取HTTP 403訪問被拒絕錯誤。似乎是錯誤的。 –
user2041648
固定。 \t \t ...非常感謝。 –
user2041648