Spring security 2.0.5 带 Active Directory 的 LDAP 身份验证设置

发布于 2024-08-20 21:13:50 字数 1489 浏览 8 评论 0原文

我一直在尝试让 LDAP 身份验证与此应用程序 (apache Roller) 一起使用,这真是太痛苦了。看起来它只是“填充正确的字段并继续”,但我仍在尝试对数据库进行身份验证(默认身份验证方法)。

我不明白是什么告诉 spring-security 使用一个身份验证管理器而不是另一个,所以这可能是第一个要改变的事情。花了两天时间阅读文档后,并没有更进一步弄清楚。

<beans:bean id="ldapUserSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
    <beans:constructor-arg index="0" value="CN=stuff,DC=domain"/>
    <beans:constructor-arg index="1" value="uid={0}"/>
    <beans:constructor-arg index="2" ref="initialDirContextFactory"/>         
    <beans:property name="searchSubtree" value="true"/>           
</beans:bean>     

<beans:bean id="ldapAuthProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
    <beans:constructor-arg>
        <beans:bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
            <beans:constructor-arg ref="initialDirContextFactory"/>
            <beans:property name="userSearch" ref="ldapUserSearch"/>
        </beans:bean>
    </beans:constructor-arg>
    <beans:constructor-arg ref="jdbcAuthoritiesPopulator"/>
</beans:bean>    

<beans:bean id="jdbcAuthoritiesPopulator" class="org.apache.roller.weblogger.ui.core.security.AuthoritiesPopulator">
    <beans:property name="defaultRole" value="groupNameUserHasToBelongTo"/>
</beans:bean>

I've been having a hell of a time trying to get LDAP authentication working with this application (apache Roller). It seems like it would just be "populate the right fields and go", but I'm still attempting to authenticate against the database (the default authentication method).

I don't understand what's telling spring-security to use one authentication manager over another, so that's probably the first thing to change. After spending two days reading documentation, no closer to figuring it out.

<beans:bean id="ldapUserSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
    <beans:constructor-arg index="0" value="CN=stuff,DC=domain"/>
    <beans:constructor-arg index="1" value="uid={0}"/>
    <beans:constructor-arg index="2" ref="initialDirContextFactory"/>         
    <beans:property name="searchSubtree" value="true"/>           
</beans:bean>     

<beans:bean id="ldapAuthProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
    <beans:constructor-arg>
        <beans:bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
            <beans:constructor-arg ref="initialDirContextFactory"/>
            <beans:property name="userSearch" ref="ldapUserSearch"/>
        </beans:bean>
    </beans:constructor-arg>
    <beans:constructor-arg ref="jdbcAuthoritiesPopulator"/>
</beans:bean>    

<beans:bean id="jdbcAuthoritiesPopulator" class="org.apache.roller.weblogger.ui.core.security.AuthoritiesPopulator">
    <beans:property name="defaultRole" value="groupNameUserHasToBelongTo"/>
</beans:bean>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

想你的星星会说话 2024-08-27 21:13:50

我们需要更多详细信息来帮助您。您看到什么错误消息(如果有),复制堆栈跟踪。

我注意到的一件事是在 BindAuthenticator 中,您可以指定上下文源和 userDnPatterns,而不是创建 ldapUserSearch bean。

<bean id="ldapAuthProvider"
        class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
  <constructor-arg>
    <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
      <constructor-arg ref="contextSource">
      </constructor-arg>
        <property name="userDnPatterns">
          <list>
              <value>CN={0},OU=Users,OU=_Units,DC=corporate,DC=mycompany,DC=com</value>
          </list>
        </property>
        <property name="userAttributes">
            <list>
                <value>objectSID</value>
                <value>userPrincipalName</value>                    
            </list>
        </property>
    </bean>
  </constructor-arg>
    <constructor-arg>
      <bean class="com.security.AuthoritiesPopulator">
      </bean>
    </constructor-arg>
    <property name="userDetailsContextMapper">
        <bean class="com.corp.CustomLdapUserDetailsMapper"/>
    </property>
    <security:custom-authentication-provider/>
</bean>

We need more details to help you out. What error message are you seeing if there is any, copy the stack trace.

One thing I noticed is in the BindAuthenticator, you can specify the context source and userDnPatterns instead of creating the ldapUserSearch bean.

<bean id="ldapAuthProvider"
        class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
  <constructor-arg>
    <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
      <constructor-arg ref="contextSource">
      </constructor-arg>
        <property name="userDnPatterns">
          <list>
              <value>CN={0},OU=Users,OU=_Units,DC=corporate,DC=mycompany,DC=com</value>
          </list>
        </property>
        <property name="userAttributes">
            <list>
                <value>objectSID</value>
                <value>userPrincipalName</value>                    
            </list>
        </property>
    </bean>
  </constructor-arg>
    <constructor-arg>
      <bean class="com.security.AuthoritiesPopulator">
      </bean>
    </constructor-arg>
    <property name="userDetailsContextMapper">
        <bean class="com.corp.CustomLdapUserDetailsMapper"/>
    </property>
    <security:custom-authentication-provider/>
</bean>
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文