Spring security 2.0.5 带 Active Directory 的 LDAP 身份验证设置
我一直在尝试让 LDAP 身份验证与此应用程序 (apache Roller) 一起使用,这真是太痛苦了。看起来它只是“填充正确的字段并继续”,但我仍在尝试对数据库进行身份验证(默认身份验证方法)。
我不明白是什么告诉 spring-security 使用一个身份验证管理器而不是另一个,所以这可能是第一个要改变的事情。花了两天时间阅读文档后,并没有更进一步弄清楚。
<beans:bean id="ldapUserSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="CN=stuff,DC=domain"/>
<beans:constructor-arg index="1" value="uid={0}"/>
<beans:constructor-arg index="2" ref="initialDirContextFactory"/>
<beans:property name="searchSubtree" value="true"/>
</beans:bean>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<beans:constructor-arg ref="initialDirContextFactory"/>
<beans:property name="userSearch" ref="ldapUserSearch"/>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg ref="jdbcAuthoritiesPopulator"/>
</beans:bean>
<beans:bean id="jdbcAuthoritiesPopulator" class="org.apache.roller.weblogger.ui.core.security.AuthoritiesPopulator">
<beans:property name="defaultRole" value="groupNameUserHasToBelongTo"/>
</beans:bean>
I've been having a hell of a time trying to get LDAP authentication working with this application (apache Roller). It seems like it would just be "populate the right fields and go", but I'm still attempting to authenticate against the database (the default authentication method).
I don't understand what's telling spring-security to use one authentication manager over another, so that's probably the first thing to change. After spending two days reading documentation, no closer to figuring it out.
<beans:bean id="ldapUserSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="CN=stuff,DC=domain"/>
<beans:constructor-arg index="1" value="uid={0}"/>
<beans:constructor-arg index="2" ref="initialDirContextFactory"/>
<beans:property name="searchSubtree" value="true"/>
</beans:bean>
<beans:bean id="ldapAuthProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<beans:constructor-arg ref="initialDirContextFactory"/>
<beans:property name="userSearch" ref="ldapUserSearch"/>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg ref="jdbcAuthoritiesPopulator"/>
</beans:bean>
<beans:bean id="jdbcAuthoritiesPopulator" class="org.apache.roller.weblogger.ui.core.security.AuthoritiesPopulator">
<beans:property name="defaultRole" value="groupNameUserHasToBelongTo"/>
</beans:bean>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我们需要更多详细信息来帮助您。您看到什么错误消息(如果有),复制堆栈跟踪。
我注意到的一件事是在 BindAuthenticator 中,您可以指定上下文源和 userDnPatterns,而不是创建 ldapUserSearch bean。
We need more details to help you out. What error message are you seeing if there is any, copy the stack trace.
One thing I noticed is in the BindAuthenticator, you can specify the context source and userDnPatterns instead of creating the ldapUserSearch bean.